CEH Pass
Man, I thought the CWSP was bad... This exam is way too broad to cover the objectives in the detail it does.
I used the Wiley, Sybex, and Exam Prep books for my CEH-specific resources, and I added Hacking Exposed (sixth), Pen Testers Open Source Toolkit, Gray Hat Hacking, OSCP course materials, and various others, and I was still coming across things I hadn't even heard of. I can't go into detail, but I'm failing to find any mention of a couple of tools in their course outline (which is already enormous) that I received multiple questions on. The rest of the exam was all over the place. You'll be asked for a basic definition of a Security+ term one moment, and then you'll be required to analyze c/perl/shell code the next. I thought about half the questions were well done, and the other half made me swear at my computer (I was fortunately the only one in the room).
I managed an 84% overall, and I took about two of the four hours allowed. Self-studying for this one would be a ***** without experience and a lot of solid knowledge in many different areas.
I'm going to try to wrap up the Offensive Security OSCP and OWSP by the end of the year. I've already gone through the materials once; I just need to work on the exercises again and take the challenges.
I used the Wiley, Sybex, and Exam Prep books for my CEH-specific resources, and I added Hacking Exposed (sixth), Pen Testers Open Source Toolkit, Gray Hat Hacking, OSCP course materials, and various others, and I was still coming across things I hadn't even heard of. I can't go into detail, but I'm failing to find any mention of a couple of tools in their course outline (which is already enormous) that I received multiple questions on. The rest of the exam was all over the place. You'll be asked for a basic definition of a Security+ term one moment, and then you'll be required to analyze c/perl/shell code the next. I thought about half the questions were well done, and the other half made me swear at my computer (I was fortunately the only one in the room).
I managed an 84% overall, and I took about two of the four hours allowed. Self-studying for this one would be a ***** without experience and a lot of solid knowledge in many different areas.
I'm going to try to wrap up the Offensive Security OSCP and OWSP by the end of the year. I've already gone through the materials once; I just need to work on the exercises again and take the challenges.
Comments
Out of curiosity how did you qualify for the exam? I figured you just started security work this year.
My current position is 100%. However, security has been intertwined with everything I've done the past 3-4 years. I've designed and implemented new AD domains, written security policies, setup file servers with share/NTFS ACLs, VPNs, patch management/WSUS, anti-x, RADIUS, some physical security stuff, locking things down with group policy, programmed a PHP/MySQL project management system (not only accounting for web attacks but also included security functions to give different users different rights), IIS and Exchange security and SSL, wireless, disaster recovery/business continuity, end-user training, etc.
I just sent them an email that outlined what I had been doing and they apparently thought that was acceptable.
I'm starting the OSCP course next week; I'm really interested on how and what you do with the exam.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I'm glad I only bought the one month of lab-time at the onset. It will cost an extra $50 overall when I add the second month, but I prefer to have the time off. I'd rather work on the material leisurely at my own pace and then hit the lab hard when I feel better prepared. I might wrap up a few other misc things in December and hit the lab hard in January. Of course, that's just me. The ADHD in me likes to study six things at once. If you just like to focus on one thing intensely at a time, the two-month package would probably be fine for you.
I'll probably shoot for the OWSP in a couple of weeks. The course is good overall, but it's almost entirely based on WEP, which I found to be a bit disappointing. This challenge is much less involved and you need to own 3 routers in 3.5 hours. I might as well buckle down with the wireless security a little while longer and get that one out of the way while things are still fresh.
84%!!! Relax man you nailed it! Especially when you consider the broad topic range (as you mentioned).
Congrats Again!!! I guess you have the rest of the year all figured out. Should you keep with your schedule, any BIG plans for 2010 that you wanna share? Like you always say "GO BIG OR GO HOME"...lol
Kind Regards,
David
Have you seen this thread? http://www.techexams.net/forums/general-certification/48218-2010-certification-plans.html
I'm going to do as many SANS exams as is economically feasible, along with the CISSP and possibly the CCNP. My major focus is going to be finishing my psychology degree. I've been working on it off-and-on for around 8-9 years, and I have three classes left, and then I need to test out of two years of Japanese. That latter task might fall back to 2011 though.
I actually didn't even stick to my end of year plans for an entire day. I got through about 1/5 of the CCNA:S book last night, and I'll probably take that in a couple of weeks. With a fresh CCNA and all the other security studying I've been doing recently, it's mostly just been review.
It'll cost you an extra $200 overall if you buy an additional 30 days. You'll save $50 if you just buy the 60-day package upfront.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Yea, that's what I was saying. I bought 30 days (which have elapsed) for $550. I'll add another month in 2-3 weeks, so my total for 60 days will be $750 instead of $700.
I can do a lot of lab work on my own stuff, but they have specific challenges in their lab that you apply to your overall score for the certification challenge.
The exploitation section is what's slowing me down. I have a good handle on pretty much everything else. As soon as I get that down, it's back to their labs and the challenge!
“We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
It is your personal IPS to stop the attack.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Not really. I just went through my guide again to verify, and I only found three potential things I can't do.
- Exploit Ability FTP Server - I absolutely cannot find the old version that they used
- Experiment with Core Impact - It's cool but you can't use it in the challenge and we don't use it at work
- Vulnerable Web App - Although I could write my own or do something similar with Damn Vulnerable Web App
Their lab is definitely cool, but those are a small portion of their 400-page manual. You can do the vast majority on your own.PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Dead on it's a niche market cert. You get it to improve your skill won't do much for your resume. I'll also have to find time to get to it sometime next year. Hopefully february.
I think it's fairly well known in the circles where it matters. This is especially true now that Offensive Security is supplanting Milw0rm as the exploit database. I'd be very skeptical of any organization that employees offensive security techniques and isn't familiar with them. Honestly, I'm doing it more for the knowledge than the certification. They have a more advanced one (that has a long waiting list) that is even more obscure, and I can't wait to take it. That might be a project for 2011 though...
Edit: Well said GA
I like how they setup the registration for OSCE.
Offensive Security Online Security Training Challenge
Awww... now I feel obligated to do the OSCE...
Best of luck with your aspirations..I feel some of your pain. I'm trying to finish up my B.S. in the next 18 months, which means I'll be taking too many classes, while still trying to move forward with certs, and have twins on the way!! Again, best of luck..stay motivated
Citrix Certifications: CCA XenApp 4.5/5.0 and XenServer 5.0
Other: Marathon Certified Consultant (HA, FT and VM), ISEB InfoSec Management Principles and Security+
Working on: CISSP and Check Team Member
I sent you a private message about the CTP registration. If you haven't received it let me know.