CEH

Webmaster

Good luck! Interesting date, would be a great way to end the year

/usr

Or a bad way if that $250 goes to waste.

Webmaster

True, but hey, staying positive is important, it will also help you supress nervousness.

(The exam rates of the more advanced security certs keep suprising me though...)

/usr

Agreed. $250 is a bit outrageous.

/usr

I do feel fairly confident, however. I'm now reading through the binders for the 3rd time.

One good thing, the test only requires 70% to pass...and it has 125 questions. That leaves a pretty generous amount that you can miss without worrying. Hopefully I won't miss half of what is possible, but just in case.

/usr

If you're thinking of taking this exam...

DO NOT GET THE BOSON PRACTICE TEST!

It is FULL of half-correct answers. For example, they asked for a list of tools which could be used for pinging. One choice was Genius. I selected it and the test says it's the wrong answer, because Genius is a ping detection tool.

Genius is a multifunction tool, which contains a ping client. It also contains minimal port scan detection, but that is not it's primary function.

Who do they get to write this crap? These people need to do a little more research before they release a practice test for a $250 exam, then proceed to fill in their bullshit wrong answers in place of the correct ones.

It's just frustrating, with this being the ONLY practice exam available, I was kind of relying on it to give me an idea of how the exam will be. If the actual tests questions are as vague and just plain ignorant as this, I'm finished. Fortunately, everyone says it's very straightforward.

TC

yeah, the welcome kit (coming from SINGAPORE, lol) is pretty cool. a GIANT window sticker, along with that CD. the CD with 1000+ tools is the jewel. and yes the certificate itself makes my MS certs look like toilet paper - it's very nice.

to answer the original question, i took one of the boot camps - the one taught by jack kozial. my work paid for it, but it ended up being somewhere around $4500 for the week. the most intense week of cramming all kinds of crap into it as possible i've lived through. i will also say that the material you get is priceless - some of jack's own tools that he's written, an entire CD completely filled with other tools and such, everything you've used throughout the week, the entire week's worth of presentations on CD, and a linux "attack" build for VMware. tons of other stuff i'm sure i'm forgetting. since it wasn't "my" money, it was well worth it and something i would recommend. being in a class like that taught by someone who has been in the field for years and years and has plenty of experience as a pen tester for large corporations is priceless.

yeah, CEH won't get you a gig on its own, but it's still a "rare" cert to have and will definatley get your brownie points at worst.

the exam itself is hard, as as been noted. plan on taking your time with it. if you know your tools, your definitions, and basic priciples of logic you should be fine. but TAKE YOUR TIME.

ok johan, you made me look. nice site, i'll stick around. now if we can just get rid of the person "TC" that stole my username...

Webmaster

Thanks for stopping by TC

Although I'm not a big fan of bootcamps, it sounds like the one you went to was not just a bootcamp as usual. Having an instructor with actual experience is definitely an advantage. Did Jack Kozial publish anything? Would be nice to read about his experiences without having to pay $4500. How long additional time did you need to prepare for this exam? and if you don't mind me asking, what are your other certs? Did you benifit directly from the CEH cert? In other words: please tell us something more about yourself.

I hope you don't mind all the questions, we don't get a CEH here that often, but there's a lot of interest lately so we'd value your input/experience.

Btw, the account TC happens to belong to an unactived user, so I will remove it in a couple of minutes allowing you to rename your account.

TC

here's some stuff from jack, and he's working on a new book as we speak.

i'll answer more of your Qs later, busy now.

incidentally, you were talking about books - the one jack recommends that he handed out at the camp was 'Security Warrior' - linky. good read.

Webmaster

I've read good things about The Shellcoder's Handbook in a newsgroup, and I definitely need to get that O'Reilly book, thanks!

/usr

Can you give any more information about what is really focused on? Possibly a general question format? Are there a lot of scenarios or a lot of "choose the right tool" questions? I'm sure there are both, but this text seems to really focus on the tools.

I wish I had more practice exams.

TC

your test is tomorrow? i can transcribe a few sample questions for you from the practice tests we got at the camp. should be enough to give you the idea of what to expect.

give me a few hours or so, but i'll post some for you.

/usr

Yeah, I'm sitting tomorrow at 2:00.

Thanks for taking the time to get a few questions, I appreciate it.

I have 80 practice questions which come with the study kit you receive, but they don't come with answers and some aren't even in the material they provide, so I'm unsure about some. I got the majority of them right the first time through.

With the Boson tests, I scored 90% the first time I tried all 250 questions at once. If I went back now, it would be even higher.

Studied last night for about five hours straight. Been studying here at work today. Plan on studying another 5-6 hours tonight, then another 3 or so tomorrow morning, just skimming over the notes I've made.

TC

ok, a few minutes here.

the camp went from 830am-930 or 10pm, so studying was done until i passed out. but from after dinner until the end of the day were "capture the flag" exercises that put to use what you learned during the day, so that helped cram some practical knowledge into you.

i have MCSE, MCP, MCP+I all NT4 to go along with my CEH. as for "benefit directly", my company has so far indirectly placed me in charge of our network security (working closely with our router guys), with more responsibilities coming in-house in the next several months. but outside of my current job i haven't found any contract work. it's difficult to find any established group that is local to get into. i'm not even sure there are any. frankly, i haven't had much time to devote to researching it, but i've had my CEH for a few months now only.

some practice questions. i'm not typing out all the multiple choice answers, this is just to give you an idea of what to look at. but yes, every question is multiple choice; this however does not mean there is only one answer per question:

• You want to bypass detection by a network-based IDS without attacking it directly. Which of the following strategies can you use to evade detection by a network-based IDS?
• An nmap command that includes the host specification of x.x.x-x.* will scan __________ number of hosts.
• You wrote a custom unix-based sniffer for a target during a pen test. The sniffer puts the NIC into promiscuous mode. You want to hide that the card is in promiscuous mode when an ifconfig command is issued. How would you do so?
• Name the historical attack that uses ICMP Echo Reply packets to create a DOS situation.
• Which of the following nmap commands will slow down your scans?
• How can an attacker decipher the name of the Windows administrator account if it has been renamed?
• Peter extracts the SID list from Windows box. Here is the output of the SIDS:
  <bunch of SIDs>
  From the above list, identify the user account that ....
• What is the expected result of the following exploit:
  <bunch of shell code>
• What type of source code is this?
  <bunch of code>
• An nmap ping sweep will use the following packets:
• In your web log, you see dozens of entries that show attempt to access a file called x an y. What would this type of log entry indicate?
  <tons of lines of logs>
• Vulnerability mapping occurs after which phase of a pen test?
• What OSs do not respond correctly to an nmap xmas scan?
• List three methods for performing OS enumeration:

well there's some to think about. again, please do not ask me to answer these questions for you, as that would completely violate my training NDA. i'm pretty sure posting some questions to get you thinking about what to study is ok though. good luck on your test!

/usr

I knew most of them, or could have figured them out given the diagrams/answers.

The ones I didn't know were ones that weren't directly covered in material, so I assume they want you to apply a little knowledge plus logic. Possibly with the answers in front of me.

Thanks for taking the time to post those. I feel a little more confident now.

/usr

I doubt I'll post anymore until after I take the exam tomorrow. It may be Friday before I post, it just depends. Wish me luck!

Webmaster

Good luck!

Ten9t6

Good luck...It is a fun exam....

Well...I should be able to browse the forum a little more now.... Sorry I have missed a lot of questions in this area lately..

/usr

I passed with an 80%! I would have liked a little higher score, but I'll definately take it.

I honestly didn't find the actual exam that difficult. It may have been because the things I perceived as the most difficult, didn't show up as much on the exam. There WERE a few questions which stumped me however. It took me about an hour and a half, out of my allowed two and a half. I marked all questions I wasn't sure of and in the end, I only had around 30, but a lot of those I marked just to be on the safe side and they were most likely right to begin with. Overall, the exam was straightforward. The material you study is the material that will be on the exam. They don't try to trick you with any of the questions at all. You either know it, or you don't. It was a fairly fun test, but the material is even more interesting and I will definately be going back over it.

To study, I ordered the kit from EC-Council. Included in that is the "Hackers Beware" book, which I read over a couple times and took notes on. It also includes the two red binders, which are your main source of study for the test. Printing off the exam objectives and making sure you know EACH one is also very helpful. I did this the day before the exam, reading through the binders one last time and making a note under each objective and it helped me a lot on the exam.

Two other sources which you really must check out if you take this exam are "Hacking Exposed, 4th edition" and "Hacking: The Art of Exploitation".
The Hacking Exposed book relates directly to the material you will see on the exam and the material you cover in the binders. It's almost as if the two were written to compliment each other. Where one lacks, the other covers a little more. I highly recommend this if you're going to sit for this exam.
The Art of Exploitation is a programming-oriented book. Even if you don't get all the way through (I still haven't had time to), you really should read the first chapter on buffer overflows, it is essential.
The various manuals/papers which are on the tools cd (You get this from the EC-Council kit), are a must as well. Also, the RFC's for TCP, IP, ICMP, UDP, port numbers, and DNS.l

The material covered on this exam was excellent. It covers 21 (soon to be 22, as they are upgrading the test in march) domains. If you are interested in pen testing or information security, I would definately recommend this exam. If you really take the time to study and are truly interested in the material, the knowledge you gain is invaluable.

If anyone has more questions, I'll be happy to answer them if I can.

Sulblk27

GREAT Job!!! ...And thank you for the insight with study this test sounds like fun- challange!- although I have to redo my security+, I truely want to sit the CEH...I already have the Hacking exposed 4th ed. (actually read 70% )- Maxium security, and a few others, but this info from you is outstanding....Again great job on the test...giving me hope- determination for the next month or two....and you are right that Hack. exposed is one nice read!...
Only one question, to receive the material for the CEH what is required? I understand I must sign and abide by the ethical rules, pay for it, but is there something else?
Thanks in advanced....

Webmaster

Congratulations!

And thanks for the information.

/usr

You have to email EC-Council and ask for permission. If you don't have the required two years of experience, but think you qualify, you need to fax them information on why you think you qualify, along with proof of ID. They will evaluate on a case by case basis.

You need to email them for permission regardless, as they issue a voucher number you need for the exam.

/usr

Oh, I almost forgot.

The practice questions you get from EC-Council that are on the tools cd, are very helpful. They don't come with answers, so you'll have to look them up, but they are pretty good to study with.

As for the Boson questions...I don't know. They are decent if you can get past the fact that some of the questions are misleading and some give answers that are wrong. For $50, I would say it's worth it to see if you know the 250 questions they give you.
On the other hand, if you know the questions EC-Council gives you and you know everything on the exam objectives, you'll be safe. The format of the Boson questions does not represent the format of the actual exam.
As far as actually helping, it could go either way, I just wanted to give me two cents.

Sulblk27

Thank you so much for the info...I'll need more time at this point since I don't have a job...so I won't put myself out there for a rejection from them until I can get started somewhere, so in the mean time I'll go for CCNA, etc, track...not much intrested in Microsoft....but I do read material and work with it....Linux is a prime interest for me .....ultimate security...(certs and jobwise)....
again thanks for the heads up and happy hunting on the rest of your track....'see you in the forums'

janmike

Congrats, /user!

Ten9t6

congrats on the test. If thought the exams was rather easy, then that means you did a good job studying. ....sounds like more than I studied...You have given good input for those planning to sit the exam. Congrats again on the test....and let me know how you like the certfification kit...Its pretty cool.

/usr

I can't wait to get it, about how long does it take?

HackNack

/usr,

I read the thread over again, just to make sure I haven't missed anything. Anyway, what did you do to qualify for the exam? Did you attend a boot camp or did you write to EC-Council? If you did the latter, what did you write?

Ten9t6

/usr wrote:

I can't wait to get it, about how long does it take?

If I remember correctly...it took a couple of weeks. The Certificate is pretty nice..but the cert card is a credit card style bootable Linux CD.

Congrats again....Do you know what you are going to do next?

HackNack

Ten9t6 wrote:

/usr wrote:

I can't wait to get it, about how long does it take?

If I remember correctly...it took a couple of weeks. The Certificate is pretty nice..but the cert card is a credit card style bootable Linux CD.

Congrats again....Do you know what you are going to do next?

You know what? I should take a pic of them for all of us to see!