CEH Outdated?

So I have been studying for the C|EH. I have been reading Certified Ethical Hacker Study Guide by Kimberly Graves. I just read through the section on privileged escalation. It only dealt with privileged escalation in windows NT 4.0 SP3. So this is were my questions come from. Is the C|EH discussing outdated material that is not relevant anymore? I dont know anyone using windows NT 4.0 SP3. Also it seems that the entire C|EH deals with tools that you can use, many of which are outdated as new Operating Systems and Patches fix the vulnerabilities. After having read the sticky at the top, I am wondering what is the value of C|EH in the IT world? Does this Cert provide me an advantage over another job applicant, can this cert help me secure a network when it discusses a lot of outdated material?

What I would like to do is get into Pen Testing. I am currently serving on AD in the Air Force as a 3D0X3. Which is Cyber Surety. I already have my Sec + and felt like jumping into the CISSP was to large of a jump and I was looking for something in between. To me that was the C|EH but after reading the material and the sticky in this forum I am beginning to wonder about its value. Any incite into my dilemma is always helpful. If you have a cert you feel would be better than the C|EH please let me know. Is anyone pursuing their LPT from ECCouncil?

Find more posts tagged with

Comments

-Foxer-

I just passed today, and i wondered the same thing as you. There's not much info about server 2003, and nothing on 2008. Despite that, I think there is still useful information, and a lot of the concepts are good to know. Of course, i don't do penetration testing right now, it's something i want to get into, so I'm not an expert by any means.

UnixGuy

I'm wondering about the same thing too, I read the objectives.

Are there any recent books about pen-testing ? more updated, more practical and more comprehensive ??

Any recommendation will be useful...

wastedtime

I wouldn't expect to see stuff about 2008 and I agree there wasn't much but some stuff about 2003. The methodologies, and general information is what I felt was important from the CEH material. In my opinion the this tool or this particular flaw method for a entry level certification doesn't help you learn the key material for this level of exam.Also remember that because it is old, doesn't mean that it isn't still used.

Personally the changes I would like to see in the CEH material would be less focus on how many tools and more focus on the most common ones. Also a bit more into theory on how to attack/penetrate a network.

-Foxer-

The books I read were all pretty recent, all within the last couple of years. I'm not really sure why some of the stuff covers such outdated stuff. At least for me it was good to kind of see the evolution of hacking.

-Foxer-

wastedtime wrote: »

I wouldn't expect to see stuff about 2008 and I agree there wasn't much but some stuff about 2003. The methodologies, and general information is what I felt was important from the CEH material. In my opinion the this tool or this particular flaw method for a entry level certification doesn't help you learn the key material for this level of exam.Also remember that because it is old, doesn't mean that it isn't still used.

Personally the changes I would like to see in the CEH material would be less focus how many tools and more focus on the most common ones. Also a bit more into theory on how to attack/penetrate a network.

Dang it, you must have posted this right before my post!

Ayway, I agree with all of this. Although I thought there was quite a bit of good theory, more would have been better.

afcyung

The book I am reading is Copyrighted for 2010. Its a very recent book. While some of the tools still function and have their place what value is there in learning about vulnerabilities that no longer exist? To me its a waste of my time and I begin to wonder of the value of the cert.

Bl8ckr0uter

Do you think it was worth it? I am only doing it to meet the CND specialty for a local AFB. Besides that, do you think you gained much by going through the process?

-Foxer-

afcyung wrote: »

The book I am reading is Copyrighted for 2010. Its a very recent book. While some of the tools still function and have their place what value is there in learning about vulnerabilities that no longer exist? To me its a waste of my time and I begin to wonder of the value of the cert.

The problem is that most vulnerabilities are patched pretty quickly. I'm not sure why they decided to focus on NT4 privilege escalation, but even vulnerabilites in server 2003 will have been patched long before now.

I guess I have mixed feelings. Part of me wished they had more up to date information, but I kind of understand why it wouldn't matter. A lot of the theory is pretty good though, even if things have changed since then. I think that's what they're trying to get across.

Bl8ckr0uter

-Foxer- wrote: »

The problem is that most vulnerabilities are patched pretty quickly. I'm not sure why they decided to focus on NT4 privilege escalation, but even vulnerabilites in server 2003 will have been patched long before now.

I guess I have mixed feelings. Part of me wished they had more up to date information, but I kind of understand why it wouldn't matter. A lot of the theory is pretty good though, even if things have changed since then. I think that's what they're trying to get across.

Do you feel like you are a better network defender/attacker now?

-Foxer-

Bl8ckr0uter wrote: »

Do you feel like you are a better network defender/attacker now?

Yes, I feel like i learned quite a bit. With that said, I'm not a penetration tester right now, I'm just a regular systems admin. Hopefully i can get into the information security field, and getting my CEH was one step in this direction.

RTmarc

I tend to think the data was a bit useless. Most of the vulnerabilities depend on unpatched legacy systems which are few and far between in active production environments. It also seemed like the magic formula for the method of attack was use XXXXX utility on YYYYY unpatched system. Nothing really into the actual architecture or engineerng behind an attack.

The OSCP path looks a bit more interesting to me and more along the lines of what I'm interested in.

SephStorm

afcyung wrote: »

The book I am reading is Copyrighted for 2010. Its a very recent book. While some of the tools still function and have their place what value is there in learning about vulnerabilities that no longer exist? To me its a waste of my time and I begin to wonder of the value of the cert.

the vulnerabilities still do exist. It has been proven time and again that it can take vendors years to fix vulnerabilities, and even longer for companies to patch them.

The point of the CEH is not to make you a master hacker.

It teaches you the tools and methodologies that most hackers are going to be using to target your network. Instead of thinking that "this tool is outdated", start thinking that "a hacker will be using this kind of tool to attack my network." Now, as a CEH, you understand the basic hacking methodology, so you can recognize that if you see port scans against your network from a specific source, and then login attempts from that source, you know what may be coming next, where you can focus your efforts.

As far as the CEH being tool heavy, I agree, but I agree also that there is a point to it. most hackers attacking networks are not the elite hackers of old, they are the use a took script kiddies. So now, you should be able to defend against the majority of attacks against your network.

You have now learned how to use some of the older tools, so in theory, you should be more comfortable with some of the newer ones. Many do the same thing in a new way.

Another point is that this is an entry level cert. It seems to me that a lot of people judge it against greater experience. Understandable, but me, as an entry level IT Security professional has learned a quite a bit, that will be useful later.

One more thing is that the whole idea of attacking unpatched services and systems is completely relevant today. Hence the attack lifecycle, one day, when you have more experience, you can subscribe to bugtraq, see a vulnerability, write a tool to exploit it, and own a system. Or if you dont have the experience, you can subscribe to bugtraq, see a vulnerability, wait until someone releases a tool, and attack millions of systems before they are patched, by which time you have covered your tracks and have a backdoor into the system.

SephStorm

Forgive the double post, but I thought of something else.

1. learning this way allows you the opportunity to see how vulnerabilities evolve. I remember my first few times using MSF and not knowing which exploits to use, what they were. I still dont know the majority of them, but I remember using the DCOM vulnerability and reading the info on it, then I looked on line at looked up info on the vulnerable service, I believe it is RPC. I gained an awareness of the vulnerabilities of an OS. Now, if I run a port scan and I see RPC, I know I may have an exploit against that service, and perhaps even more importantly, 10 years from now I am writing my own exploits, I can research the newest OS, and I find it uses RPC, or some similar service, now I remember an old RPC vuln, lets see if there are any vuln. in this version.

2. You now have an understanding of the vuln. in an OS, or an application, now you can make an informed decision if your company wants to use an application, or an OS. Your company wants to throw up an old XP machine. Are you just going to suggest that they upgrade to SP3 with all other patches? Or are you going to remember that there was that unpatched vulnerability from SP1 that they never fixed, and there was only a workaround for?

wastedtime

Just wanted to show there is still a lot of old stuff out there. This is a the server information from web server responses I got when visiting there site. I used a bridged firewall/sensor that runs freebsd to ngrep, sed, sort -u the information and came out with this. There are some in there which I am sure are made up and others I don't have a clue what they are.

Some of the highlights are:
Server: nginx/0.5.35
Server: Apache 1.3.29
Server: Microsoft-IIS/5.0

My point is the old stuff is still out there. I would recommend more then one source of information for this test too as I have yet to see one source (other then EC-Council's) have all the information needed for the test.

servers.pdf

SephStorm

no thoughts on the replies here?

dynamik

afcyung wrote: »

Is the C|EH discussing outdated material that is not relevant anymore? I dont know anyone using windows NT 4.0 SP3.

Do you know any banks or credit unions? You'd be surprised...

UnixGuy wrote: »

Are there any recent books about pen-testing ? more updated, more practical and more comprehensive ??

Any recommendation will be useful...

The eLearnSecurity course is stellar. Penetration Testing with Backtrack is great too, but it's less accessible (i.e. you need more skills and will have to work harder).

RTmarc wrote: »

I tend to think the data was a bit useless. Most of the vulnerabilities depend on unpatched legacy systems which are few and far between in active production environments. It also seemed like the magic formula for the method of attack was use XXXXX utility on YYYYY unpatched system. Nothing really into the actual architecture or engineerng behind an attack.

The OSCP path looks a bit more interesting to me and more along the lines of what I'm interested in.

Depends where you are. After having been in as many environments as I have, I wouldn't generalize that much. I've seen many people be 1-2 years back because critical applications break when updates are applied. There's always laptops that fall off the network. Hashdump, rainbow tables, and password reuse often gives you easy access to a domain admin account.

I'd spend my time and money on the eCPPT and/or the OSCP. CEH provided a decent foundation, but it wasn't particularly great. You can still read a book and get the information if you're not interested in the cert itself. I actually thought this book was really well done: Amazon.com: Certified Ethical Hacker Exam Prep (9780789735317): Michael Gregg: Books

Chris:/*

As for the CEH being outdated no it really isn't. It does have a lot of established tools and OS in it but many a very much in use today. Remember the CEH is not going to show you all the tools out there or how to be a hacker as it has been pointed out. CEH is a foundation certification in penetration testing. I agree with dynamik on a future direction you should take with the penetration testing. I have heard good things about both of those courses.

Remember Windows NT is still very very prominent out in the wild. Patching is still not done quickly in the real world and the hackers typically know of a vulnerability long before a patch is released.

jumezurike

The methodolody is all over the place. Is so disjointed that you have to figure things out on your own even when you have read the book.

net use [URL="file://\\***.***.***\IPc$"]\\***.***.***\IPc$[/URL] "" /u, "" This is an example of null session but then no one tells you how to use this to access files and shares from outside the lan. I sucks.

SephStorm

I havent seen that in the books yet, but null sessions are covered well in the Logical Security CEH videos here: http://www.techexams.net/forums/ec-council-ceh-chfi/61456-free-ceh-online-training.html

as for the methodology, I didnt see any issues. Anyone?

ibcritn

On the topic of methodology for security assessments and penetration testing I would compliment CEH studying with looking over some of these methodologies:

OSSTMM
NIST SP800-115
ISSAF

GIAC GPEN goes into these and I certainly see the value in understanding these methodologies with the tools.