Passed C|EH v7
instant000
Member Posts: 1,745
in CEH
I passed C|EH v7
I'll re-hash what I posted at WGU:
I passed on 12/30/2011.
I'm probably repeating a lot of what others have said.
Things it would be good to know:
1 - nmap scan codes
2 - types of nmap scans and their responsese
3 - ICMP codes
4 - TCP handshake
5 - common ports
6 - dig syntax
7 - hping2 syntax
8 - wireshark syntax
9 - wireshark output
10 - snort syntax
11 - block/stream cipher
12 - PKI/certificates
13 - hashing
14 - LANMan Hash
15 - How many bits is xyz encryption?
16 - MAC authentication
17 - DHCP snooping
18 - SQL injection
19 - XSS
20 - directory traversal
I know I'm probably missing a few, but this should be a pretty strong basis.
One technique that helped me a lot was making "memory tables"
Such as, I'd start with a blank box, and then fill in all of the ICMP types and codes (from memory)
Or, do the same thing with all of the nmap scans, and their responses (from memory)
Or, do the same thing with all of the nmap syntax (from memory)
Or ... fill in the blank with whatever it is.
Since you can't have notes for the test, you just have to memorize as much as you can that you'll probably definitely see, and want to be well aware of.
I had a couple exhibits with tools I'd never seen before, but based on what I already knew, I could kind of piece together what they were asking for (at least, so I think, as I passed!)
It took me almost two hours to finish the test. You're given four hours.
One thing that shocked me was the many questions I got on dhcp snooping, which I never encountered during my preparation for CEH, but since I've done CCNA Security, etc., it wasn't a big deal to see questions on it.
The exam is not difficult. If not for the many questions on tools, the exam would be super-easy. If you have recently taken Security+, this exam will probably be even easier.
I'll re-hash what I posted at WGU:
I passed on 12/30/2011.
I'm probably repeating a lot of what others have said.
Things it would be good to know:
1 - nmap scan codes
2 - types of nmap scans and their responsese
3 - ICMP codes
4 - TCP handshake
5 - common ports
6 - dig syntax
7 - hping2 syntax
8 - wireshark syntax
9 - wireshark output
10 - snort syntax
11 - block/stream cipher
12 - PKI/certificates
13 - hashing
14 - LANMan Hash
15 - How many bits is xyz encryption?
16 - MAC authentication
17 - DHCP snooping
18 - SQL injection
19 - XSS
20 - directory traversal
I know I'm probably missing a few, but this should be a pretty strong basis.
One technique that helped me a lot was making "memory tables"
Such as, I'd start with a blank box, and then fill in all of the ICMP types and codes (from memory)
Or, do the same thing with all of the nmap scans, and their responses (from memory)
Or, do the same thing with all of the nmap syntax (from memory)
Or ... fill in the blank with whatever it is.
Since you can't have notes for the test, you just have to memorize as much as you can that you'll probably definitely see, and want to be well aware of.
I had a couple exhibits with tools I'd never seen before, but based on what I already knew, I could kind of piece together what they were asking for (at least, so I think, as I passed!)
It took me almost two hours to finish the test. You're given four hours.
One thing that shocked me was the many questions I got on dhcp snooping, which I never encountered during my preparation for CEH, but since I've done CCNA Security, etc., it wasn't a big deal to see questions on it.
The exam is not difficult. If not for the many questions on tools, the exam would be super-easy. If you have recently taken Security+, this exam will probably be even easier.
Currently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
Comments
-
Chivalry1 Member Posts: 569Congrats welcome to the CEH club."The recipe for perpetual ignorance is: be satisfied with your opinions and
content with your knowledge. " Elbert Hubbard (1856 - 1915) -
whatthehell Member Posts: 920Congratz on the pass and thanks for the info!2017 Goals:
[ ] Security + [ ] 74-409 [ ] CEH
Future Goals:
TBD -
coty24 Member Posts: 263 ■□□□□□□□□□Congrats man! I am happy for you, thank you very much for the information!Passed LOT2 Working on FMV2(CHFI v8 ) Done!
-
onesaint Member Posts: 801Another one in the bag! You're really steamrolling through the certs. Fantastic work and as always, great information on exam preparation.
What materials did you use?Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
Dakinggamer87 Member Posts: 4,016 ■■■■■■■■□□Congrats!!*Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
*Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."
Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63 -
instant000 Member Posts: 1,745Another one in the bag! You're really steamrolling through the certs. Fantastic work and as always, great information on exam preparation.
What materials did you use?
I used too much material:
1 - 1/5 volumes of CENGAGE press for the CEH? I think it's called CENGAGE PRESS. I only read the first volume. It was too heavy on tools, and not high enough on theory for me, I thought it was horribly put together.
2 - LearnKey Videos - Hacking Revealed 2008 (I viewed all of these, can't be too sure it helped, actually.)
3 - Matt Walker - v7 All-In-One Guide (Get this book!)
4 - Aforementioned memory tables
5 - Prior knowledge from past work/certification experience
If I had to take this test without any prior knowledge in the security domain, I would do this:
1 - Tools: Wireshark, nmap, netcat, snort
2 - OS: Win 2003, Win XP, and a Linux distro (all of these should be available for eval download, I have MSDN though school)
3 - tcpipguide.com (know the basics of TCP/UDP/IP/ICMP/Layer 2)
4 - Security+ (not necessarily take the test, but know the material)
5 - Matt Walker - CEH v7 All-In-One Guide (Know the material)
6 - Lab EVERY single scenario presented in Matt Walker's guide, at least two or three times
7 - Mr. Walker put together a table, of tools, and which categories they fit in. It may seem silly, but it'd be smart to memorize that table, also.
8 - Make memory tables for every table of information presented in Mr. Walker's guide, but make sure you look at these tools yourself, as the Matt Walker guide is very new, and I'm not sure if errata is published yet, but there might have been some errors. For this reason, if you follow step 6, and test the tools and view their respective site documentation, you should be OK.
9 - Trust me when I tell you that you will indeed be tested on tool syntax as well as outputs. If you have not prepared to study that stuff, then you are not prepared to take this test. If you've covered one or two tools in an area, it "should" be enough, if you know how the tools work and understand the theory behind what you're doing.
10 - As far as difficulty, I'd say this test is probably the equivalent of Security+ for Hackers. (If you've taken CCNA-Security, I would call that one the equivalent of Security+ for Cisco.)
Hope this helps!Currently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!) -
onesaint Member Posts: 801The details are much appreciated. It's always good to know what material works and which to stay away from!Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
impelse Member Posts: 1,237 ■■■■□□□□□□CongratsStop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack.