Considering CEH
Hi all,
Just wondering if anyone could provide their opinion/advice on the following:
I'm considering a MS in Info Sec & Assurance from WGU, from that, I see the CEH is a course that is required for that program. I thought if I was to go this route, it would be a good idea to start getting familiar with CEH material and see if I could potentially take and pass it even before I start the program. (I'm getting rather bored of reading the CWTS guide and I don't really need to take it anyway).
My background is primarily Windows/Wireless/VoIP/Network Admin with some security related experience through my various work in the military/contractor. I would say my Linux skills are beginner, so I know I need some work there and have been playing around with Kali for a while and downloaded Ubuntu to work in as well. This aspect of security really interests me and I've been trying to move more towards a security administrator or related position anyway, primarily why I'm considering the MS ISA from WGU.
So I've been over the past few weeks starting to build my library and bookmarks for the exam and related material. I already have:
CEH v7 study guide, Kimberly graves - briefly skimmed over, looks like a lot of vague remarks about some outdated tools.
Hacking the Art of Exploitation 2nd edition - Ordered but not received yet, looks good
The Basics of Hacking and Penetration Testing Second Edition
Metasploit The Pen testers guide
Linux+ book
Linux administration, 5th
As well as a number of other bookmarks and videos on related material.
I grabbed the course outline for the CEHv8 and broke it down in to sections that I can fill in like an outline when I go through and learn something, that way I can be sure I'm covering the exam objectives/content.
I was curious if anyone had any other advice or ideas that might help me better prepare for this exam and really know the content. Also, if anyone has taken the CEH through WGU and could tell me what kind of material they provide, maybe it would be better to attempt while actually in the program?
Just wondering if anyone could provide their opinion/advice on the following:
I'm considering a MS in Info Sec & Assurance from WGU, from that, I see the CEH is a course that is required for that program. I thought if I was to go this route, it would be a good idea to start getting familiar with CEH material and see if I could potentially take and pass it even before I start the program. (I'm getting rather bored of reading the CWTS guide and I don't really need to take it anyway).
My background is primarily Windows/Wireless/VoIP/Network Admin with some security related experience through my various work in the military/contractor. I would say my Linux skills are beginner, so I know I need some work there and have been playing around with Kali for a while and downloaded Ubuntu to work in as well. This aspect of security really interests me and I've been trying to move more towards a security administrator or related position anyway, primarily why I'm considering the MS ISA from WGU.
So I've been over the past few weeks starting to build my library and bookmarks for the exam and related material. I already have:
CEH v7 study guide, Kimberly graves - briefly skimmed over, looks like a lot of vague remarks about some outdated tools.
Hacking the Art of Exploitation 2nd edition - Ordered but not received yet, looks good
The Basics of Hacking and Penetration Testing Second Edition
Metasploit The Pen testers guide
Linux+ book
Linux administration, 5th
As well as a number of other bookmarks and videos on related material.
I grabbed the course outline for the CEHv8 and broke it down in to sections that I can fill in like an outline when I go through and learn something, that way I can be sure I'm covering the exam objectives/content.
I was curious if anyone had any other advice or ideas that might help me better prepare for this exam and really know the content. Also, if anyone has taken the CEH through WGU and could tell me what kind of material they provide, maybe it would be better to attempt while actually in the program?
Comments
-
TechGuy215 Member Posts: 404 ■■■■□□□□□□I can't speak for WGU, but I used the exact study materials that your using (CEHv7 Study Guide and Hacking:The art of exploitation 2e) and I found them to be more than enough. I also labbed it up quite a bit.
Make sure to know the following pretty well: Ports (mainly well known), Encryption Standards/Algorithms, Cain and Able, NMAP, Netcat, Wireshark, Poison Ivy, Metaploit, Tripwire, Different types of attacks, IDS/IPS/HIDS/HIPS, Linux Commands/Switches, Nessus, Networking Protocols, and some basic SQL.
Honestly, the test really covers script kiddie tools more than anything else (doesn't delve to deep into programming). This certficiation is another on of the "mile wide and an inch deep" exams.
Hit the books and continue to dabble in Kali/BT5 and you should be fine.
It is also prudent to mention that if you choose not to take the test through WGU, you will have to submit a Eligibility Application along with a 100.00 fee. Just make sure you have 2 years of experience in INFOSEC and that you can have a reference endorse your claim.* Currently pursuing: PhD: Information Security and Information Assurance
* Certifications: CISSP, CEH, CHFI, CCNA:Sec, CCNA:R&S, CWNA, ITILv3, VCA-DCV, LPIC-1, A+, Network+, Security+, Linux+, Project+, and many more...
* Degrees: MSc: Cybersecurity and Information Assurance; BSc: Information Technology - Security; AAS: IT Network Systems Administration -
da_vato Member Posts: 445WGU provides EC-Councils official material (digital only) and ilab access. I didn't find their material all that great, the iClass portion is kind of boring and didn't know what stuff I should put more effort commiting to memory. I used the AIO Matt Walker book to supplement my material and thought it was well written in regards to the exam, he laid out items to put more emphasis on.
Understand that if you want to do this on your own the application fee and voucher come out of your pocket. $600 is lot when you can get it for free just by waiting a bit longer. -
BGraves Member Posts: 339Thanks techguy215/da_vato!
I see your point about waiting and getting WGU to pay for it if I am already going to be going with them.
I guess I'll try to invest some time improving my skills and familiarity with the above listed stuff. I'm so tired of microsoft certs and etc, hoping this one will be a fun one to learn and practice! -
bobloblaw Member Posts: 228I'd get WGU on the hook for the price.
It won't be overwhelming. It doesn't get deep into anything. Most of the logic questions will roll over from your CISSP. The rest is extremely base level stuff in anything involving any of the tools.
It is interesting, but it's just a start. Nessus and Wireshark have certs just on their respective tools that are likely much more difficult than the CEH. Case and point - the book on Wireshark alone is almost 1000 pages. Enjoy.
The Tools, Sites, and References appendix is a great resource as well in the AIO. -
BGraves Member Posts: 339Ahh thanks bobloblaw, I do agree that it looks like a good introduction cert. I have become really interested in the OSCP actually and while I know it would be a huge undertaking with my current skills I think that after a lot of work and practice I could do it. I'd really like to move in to that side of the field pentest/security admin/consultant. I feel like I have a pretty good networking/windows back ground, seems like I really need to start learning more Linux/Unix/Scripting stuff.
-
bobloblaw Member Posts: 228Same here. All lines for pen testing seem to point to Linux.
I plan on getting my Linux+ prior to eventually taking the OSCP. I'm in a similar situation as you, but looking to get my BS at WGU. By the time I get done with that (or you get done with your MS), Offensive Security should have already released their Kali based OSCP training and perfected it.