CEH books

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Well chaps, I've just got work to pay for two books in prep for my CEH course next week. I have to say that the Sybex one is absolute pants - its only got about 200 pages and NONE of the stuff in it is remotely useful for anything other than a quick refresher - maybe the night before the exam - on any topics you might not be overly familiar with.

The ExamPrep from QUE is a little bit better - certainly a lot more substance to it, though most of it is common sense. I certainly hope the exam doesn't go too deep into XSS or SQL Injection - two areas I'm not that hot on - because there is absolutely sod all in either book beyond the real basics of each.

I also bought three other books at the same time (went a bit nuts with my procurement card!) - two of which look extremely useful (The Tao of Network Security Monitoring and Security log Management) and the other (Juniper Netscreen Firewalls) is an updated version of my Syngress NetScreen 'bible'

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

An interview with Michael Gregg about his CEH book:

http://gocertify.com/article/certified_ethical_hacker.shtml



It's the only thing I used, other than the official curriculum, that is.

 

The "Hacking Exposed" books go into a lot more detail than required to pass the exam, if you're looking for extra credit or something. ;) There's even a little known SQL Server secret in the "Hacking Exposed: Windows Server 2003" book that I've never seen published anywhere else. With it you can sniff and simply XOR passwords back into plaintext.

 

That might be why it's called a "Review Guide" and not a "Study Guide" like most of Sybex's other titles.

 

You should also know that CEH is generally frowned upon for government work. It might actually cost you a gig (contract/assignment) rather than help you land one. For me that's fine, as my principals won't allow me to aid wannabe fascist pigs, regardless of the amount of money they throw at me, but you or your boss might feel differently. So be forewarned...

 

That might be the case in the States Crit, but over here almost every Security job advertised - public or private - lists the CEH as a desired qualification.

Of course, lots of them also list the CISSP (yaaaaawn) which I'll probably end up taking next year.

 

Yeah - my bad on that one. I just saw 'Sybex' and pulled out the procurement card... but hey - I ain't paying (for once) so what the hell.

 

LOL - you mean the A5 XORing that M$ laughably calls 'encryption'? I guess that's probably the best example I can give of why SQL Server's native authentication should never be used if possible

 

In the private sector I'm sure that's true. But I think you'll find the same hacker vs. security professional (black hat vs. white hat) animosity exists in your government as well.

That's why I wear a Red Hat, just to confuse the !@#$ out of 'em.

 

A white hat thinks right and wrong is determined by the law. If the law says all black people have to sit in the back of the bus, then any black person attempting to sit in the front of the bus is a criminal and deserves to be shot. If the law says it's wrong to put bugs up peoples butts, then all you have to do is pass a law saying it's legal to put bugs up people's butts and it suddenly becomes OK. If you call the law the Patriot Act, so much the better, as anyone complaining about bugs up their butt automatically becomes unpatriotic too. White hats think in boolean logic. Legal is right, illegal is wrong. Give them three values like right, wrong and does not apply, and white hats become very confused.

A hacker knows right and wrong are absolutes. It the law says black people have to sit in the back of the bus then the law is wrong and anyone attempt to enforce it is a Nazi. If it's wrong to put bugs up people's butts before some traitorous act is passed, then it's wrong afterwards too. A hacker won't let the law stop him/her from doing what's right.

That said, I suppose even white hats have their place in society. I wouldn't want a hacker doing regulatory compliance work like, say, with HIPAA or SOX. On the other hand, I'd rather have a hacker defending a hospital network, as they'd likely act to save lives first and worry about the legal ramifications later.

 

I totally agree Crito, unfortunately legislation creates a hell of a lot of jobs, many of them IT related these days, the types that recruit for these jobs are gonna want people that understand security from a book and a couple conferences, prob not anyone with any real knowhow...