Certified Ethical Hacker

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

OK So I have filled out all the forms, scanned my passport and Security related certs and got a singed letter from my boss, sent it all off to ECCouncil and got back a number so I can now take the CEH Exam..... just wondering if anyone has studied for the exam and if so what books/CBT they used to prepare for the exam.

Have seen the stuff ECCouncil push out with all the hacking tools + notes of what you need to study up on, but have read that it was written by a dyslexic 1 year old (Sorry to any dyslexic 1 year olds).

Any advice would be much appreciated
Donmac

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Michael Gregg's CEH Exam Prep, published by Que, ISBN 0-7897-3531-8.

 

There is a book from the EC site but how on earth you supposed to order it is beyond me because you need to be a certain provider to get a number..

 

Heard good things about this book so you might want to give that a try.

I haven't done much studying in the past few months, but this is on my 'to do' list this year, so will probably get stuck into it at the end of this quarter/start of Q3

Guy I worked with took it last year and said he had about twenty questions that were related to NMap in one way or another...

 

You know, one of the Dundee universitys are actually doing a whole degree course on this. Looks ace. Limited space, and i believe you have to be interviewed and undergo a police check before they let you in though.

I'd like to do this at some point, but i think ill stick with programming just now.

 

i guess i better ask this here:

If you take training with the offical training providers you are exempt from the 2 years experience and you can write the exam right?

 

Yeah, but from what I've seen most people fudge that requirement anyway. It's not the most stringent verification process.

No way I'd send those guys a copy of my passport though. They're not an American or European company so you'd have little recourse in case of identity theft.

I didn't have to give them any of that info to take test after the $2500 class, for some reason. :hhhmmm

 

Bravo re Crito! lol greek mafia style! if i ever do it there is a company in cyprus who do it for about 500 quid which apparently isnt bad... but CEH is def one to do!

 

I hope to do my CEH one day. Have we got any good hackers on this forum? I dont mean "good" as in "ethical". I've done quite a lot of wardriving with my buddy, using knoppix and a prism2 chipset PCMCIA card.

Kraven

 

Well, I'm not even sure what the word "hacker" means anymore to be honest with you. I'd call these hacks:
http://appletvhacks.net/
or, to toot my own horn a bit, something like this:
3COM ImpactIQ ISDN caller ID hack that doesn't require caller ID service -- I wrote it myself back when the service was an additional $15/month.

In the context of EC-Council's CEH, "hacker" is supposed to mean "penetration tester" but to me that's still a cracker. Just like a safe cracker, you're just cracking networks and computers instead. And to be honest with you, in this day and age, cracking/pen testing isn't something that's safe to discuss publicly. You might end up sharing a cell at Guantanamo with Gary McKinnon...

So I'm going to have to exercise my fifth amendment rights at this time.

 

Since you done CEH - how did you prepare for the exam apart from the training? Did you have any other pratical experience? Also how did Security+ help? - if it did that is!

 

Yeah I've always been a firm believer that a hacker "mods" things, and a cracker likes to "break" things. But the media always refer to the badguys as hackers. So I guess thats how it is these days.

Kraven

 

I did Security+ first and there was a little overlap actually (general network security and countermeasures in particular).

Our instructor, Nathan Hand -- a former Navy Seal BTW -- used VMWare to setup victims for us to take-out.

Apart from that the only other "pen testing" experience I had was from back in the war dialing PCBoard/Wildcat!/Opus BBS days (1980's).

 

Thanks - so the course is supposed to prepare you 100% for the practical side of things right?

 

I guess that depends where you take the training. But the official courseware includes a lab manual and CDs with everything you'll need for the "practical side of things". The other two books are just screenshots of the PowerPoint presentation they use in class.

 

Thanks for the info Crito, I'll order the book today. How did you find the course/exam ?? was it good ? was it alot to take in ?
I just wanted a fun course to study for 12 weeks till I start my CCNA/CCDA and the CEH seemed to fit the bill ( Say you work in computers everyone thinks your a geek, say you are a hacker everyone thinks you are a cool geek )

 

I took it at New Horizons, an authorized training center. I think I heard someone say EC-Council charges $400 for each training kit, which is the three books and CDs I already mentioned in a backpack embroidered with their logo. So I'd be careful taking the class from someone offering it too cheaply, as EC-Council says on their website:

The class itself was 8AM-5PM five days straight. Even with that amount of time the course seemed rushed. Nathan did an excellent job of focusing on exam objectives and drilling home important topics with daily verbal quizes. But despite all that, I really don't think I would have passed (the first attempt) if I hadn't read Michael Gregg's book first. It's just too much information in too little time otherwise.

So bascially you're going to have to self-study regardless. The class is a great way to fill in any gaps but it's not enough by itself.

Here are the courses Nathan Hand teaches BTW:
http://www.freewatertech.com/schedule/index.htm
..if you get a chance to take it from him, go for it!

 

Cool,

Would you recommend CEH? or an alternative, i am getting the option for training coming up in my job, and i'd like to expand on my CISSP in the security area.

CEH or alternative?

 

If you want to do government work might be best to avoid it, actually. Merely having the word "hacker" on your resume could raise flags and set off alarms. If you really want to do penetration testing though, CEH is the best, IMVHO.

For me it was more about self-defence really. Probably won't hold up in court, but if you attack me I think I should have the right to defend myself, whether in the real world or in cyberspace.

 

Morning,

Passed my CEH yesterday with 80%. Exam centre was 15 mins late opening... Exam due to start at 10:00 and no one turned up to open the centre till 10:15 (did wonders for my nerves)

Have heard before that some of the questions are worded a little strangely but I only saw 1 or 2 out of the 150 that I had to do a double take. Did like the way that on the multiple choice questions if it required 3 of the 4 answers ticked and I had only ticked 2 it said the question was incomplete.

Felt the exam was not heavy on any one subject. Only question I had a real problem with involved converting decimal to binary to IP Address (Could not do the decimal to binary with a standard windows calculator)

If anyone is thinking of taking the CEH make sure you have the Network+ and Security+ before as half the questions in the CEH can be answered using knowledge I gained studying for these.

Hope this helps