I was playing with the idea of getting my EC-Council Certified Ethical Hacker(CEH) Cert for years before I made a go of it. A lot of my personal and job projects required skills the CEH teaches. So I was not completely new to the CEH knowledge base. There was still a mountain of material that needed to be learned and a lot that was new ground for me. The fun part was telling my non-techie friends and family what I was working on. To them, it was like I was in a Hogwarts Defence Against the Dark Arts Class; learning Dark Magic and defending against it.

Here is how I sprinted to complete what EC-Council said was two years of studying down to 4 months.

Tools and Resources

  • TestOut LabSim: Ethical Hacker Pro v1.0
  • ITPro.TV: Certified Ethical Hacker v10
  • Certified Ethical Hacker All-in-One Exam Guide 4th edition By Matt Walker
  • Nmap’s Website
  • GitHub – Other Users note

Queue song, Eye Of The Tiger, by Survivor

No Pain No Gain.

      At the start of October 2019, I started getting up every day at 5 AM. From 5:30 AM to 7:15 AM study, work through TestOut LabSim, and make flashcards of the concepts and questions to quiz myself with later. On the commute into work listen to ITPro.TV videos in the car. Lunch break, flashcards, and Matt Walker’s CEH book to reinforce and commit to memory the concepts learned in the morning. Back home, 6 PM to 8 PM Labs to apply the theory learned throughout the day to the practical application. 8:30 PM sleep, repeat.

Review of the Tools

TestOut LabSim: Ethical Hacker Pro v1.0

Pros:  The material is right to the point, no fluff or filler. This saves a lot of time. The material was concise and laid out in a well thought out manner. The videos can speed up so if you are familiar with the topic you can watch at 1.5 times the normal speed.

Cons:   Let me start by stating I was on version 1.0. However, the software really should have still been in beta. I was sending in bug reports almost twice a week. There were so many issues, from simple misspellings and grammar to just flat out the wrong information. I remember emailing them a few times on simple things like listing the wrong ports for services. The simulation software just would not work, they were impossible to complete. You would be asked to just “scan a /24 IP range”, so I would use Nmap on the command line. The lab would fail me because it wanted me to use Zenmap, but at no point ask me to use Zenmap! The tests were the worst part. The software was so buggy I could not tell if my answer was wrong or the software was wrong. I sent in multiple reports that were confirmed by their team, that test questions were incorrect. Sometimes there were multiple-choice questions that had no correct answer listed!

ITPro.TV: Certified Ethical Hacker v10

Pros:   Their Android app is awesome! They have audio, and transcripts, making it easy to jump to the point in the video you are looking for. The premium membership comes with practice questions and the Labs are real virtual machines. This cannot be overstated, the practice and Lab environment alone is worth the membership cost. Plus I am a long time listener of the SecurityNow Podcast so I got 30% off(Code: SN30)

Cons:    Their videos are longwinded and don’t dig into the technical details as much as I would like. However, I was able to make this work. I treated the videos more like podcasts and listen to them in the car. Lastly, in the Android app, there is no way to pin a course, so you are always searching for the same course every time you open the app.

Certified Ethical Hacker All-in-One Exam Guide 4th edition By Matt Walker

Pros:   This is the book, the bible of getting this cert. It holds everything you need to know to pass the test. I recommend reading the book twice. The book is laid out with short stories or scenarios to then illustrate how the technical details relate. If you want to skip right to the technical details it is easy to do, all the stories are highlighted so you can know just to skip it. Read Every “Exam Tip” section, they hold the most valuable tips for passing the test.

Cons:    The practice questions were helpful in learning the material but were nothing close to what was actually on the test.

Other Resources

  The last few tools were Nmap’s website(“nmap.org”) and searching GitHub. Nmap is a huge part of the test. You need to know almost every Nmap option there is, so their website will be a frequent stop for anyone looking to take the CEH. On top of that, the site goes in detail about how it does its scanning and the way it manipulates packets. To gain a really deep understanding I watch talks given by the creators of Nmap on YouTube. It is some very dense material. GitHub was another great source of knowledge. Many other Users post their own notes from their studies. Some of these Users took very expensive classes, they provided a treasure trove of insight. I also read through and played with POC exploit code because there are a few C and JavaScript language questions on the CEH test.

The Test

      I took the test from home via an online proctor, it was nice to take the test in a familiar environment. I was allowed to have a blank sheet of paper and a pen, but nothing else. I found the test to be really easy, and most of the questions more basic than I expected. I was annoyed with some of the questions that focused more on trying to be a word puzzle than checking if I understood the material. The majority of the questions I got were about Cross-Site Request Forgery, Cross-Site-Scripting, and interpreting WireShark captures. Personally, I think passing the test itself was not the real value of this experience, the months of training were.

Mission Accomplished!