Government Security
Network Security Resources

Jump to content

Photo

Certified Ethical Hacker

security network security network programming malware virus tools certified certification firewall
  • Please log in to reply
7 replies to this topic

#1 InetSec

InetSec

    Private

  • Members
  • 3 posts

Posted 07 August 2009 - 10:17 PM

I am very intrested in becoming an Certified Ethical Hacker. I hope to get this so i can trustably do penitration tests (with a contract of course), on pc's legly.

I have a good understanding of these catagories

1) Network security & What it takes to make a system/network secure.
2) Basic understanding of TCP/IP (TCP,UDP & some protocals)
3) Some of the OSI Model
4) C sharp programming language
5) How anti-Virus & firewalls work
6) How attackers work
7) Vulnerabilities & management ( What kind of vulnerabilities exist & how to fix them )
8) Types of security faults & common misconfigurations
9) Malware removal ( With an exeption of HJT - not a fan of that tool )
10) How black hatters work, I myself am friends with many black hatters & keep up-to-date with how they work.

So my question to you, what certification should I persue? What should I learn? Up until now i've been steam rolling, reading every day hoping to become something, but now its like a wall...What to learn what to learn!

#2 illwill

illwill

    Specialist

  • Sergeant Major
  • 570 posts

Posted 13 August 2009 - 07:17 PM

master spell checking first

#3 hack2007

hack2007

    Private

  • Members
  • 6 posts

Posted 18 August 2009 - 08:15 PM

I am very intrested in becoming an Certified Ethical Hacker. I hope to get this so i can trustably do penitration tests (with a contract of course), on pc's legly.

I have a good understanding of these catagories

1) Network security & What it takes to make a system/network secure.
2) Basic understanding of TCP/IP (TCP,UDP & some protocals)
3) Some of the OSI Model
4) C sharp programming language
5) How anti-Virus & firewalls work
6) How attackers work
7) Vulnerabilities & management ( What kind of vulnerabilities exist & how to fix them )
8) Types of security faults & common misconfigurations
9) Malware removal ( With an exeption of HJT - not a fan of that tool )
10) How black hatters work, I myself am friends with many black hatters & keep up-to-date with how they work.

So my question to you, what certification should I persue? What should I learn? Up until now i've been steam rolling, reading every day hoping to become something, but now its like a wall...What to learn what to learn!




Yes CEH will be the one of the step to make yourself and then you can pursue for LPT (License Pentester).

Edited by hack2007, 18 August 2009 - 08:16 PM.


#4 packet

packet

    Specialist

  • Sergeant Major
  • 649 posts

Posted 21 August 2009 - 11:51 AM

Yeah, CEH really is best as a stepping stone to the LPT, but it does give a good high level overview of pen testing and the tools involved. I think anyone with a basic skill set could pursue it and get it without much difficulty. I teach a CEH class and we do get people of all levels taking it, the students with a good basic understanding and an interest in learning always do well.

--P>G>>
Abusus non tolit usum
The gopher is back!

#5 webdevil

webdevil

    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 07 April 2010 - 09:52 PM

Your question is like this,
Does anyone else provide the MCSE cert? I don't want to take it from Microsoft.
As MCSE is to Microsoft, CEH is to EC-Council.

#6 packet

packet

    Specialist

  • Sergeant Major
  • 649 posts

Posted 08 April 2010 - 05:21 AM

Well, you could read this as "the group that was doing the CEH training and/or proctoring the exam was lame" and that could hold true for lots of companies. Those questions do seem a bit out of date and perhaps the pre-test was not accurate to what the exam is today. Although I do find a lot of questions on the test are related to a specific tool or hack, some more up to date than others.

I'm going to keep myself out of recommending any specific company to take CEH training but do shop around.

And I wouldn't really knock the MCSE, its a great way to learn more about Windows and it is at least decently marketable especially in conjunction with other certs.
Abusus non tolit usum
The gopher is back!

#7 Juno

Juno

    Specialist

  • Sergeant Major
  • 142 posts

Posted 09 April 2010 - 01:51 AM

For the CEH, considering your experience, you likely would do fine with self-study. Naturally, you'll need to get a letter from your supervisor stating you have 2 years of security-related work experience, but that shouldn't be a problem. Grab a study guide off of Amazon (the study guides that EC-Council offers are outrageously expensive and not worth it), and you'll do fine.

I know that they keep updating the exam; I wouldn't yet judge it just by the practice questions. The CEH, by it's nature, is extremely tool-oriented. As tools come and go, it's going to be a little behind on some things.

One thing I noticed when I took it, was that sometimes the questions were oddly worded. Not as bad as Security+ (that was the worst by far), but just something to know. Chances are, they aren't trying to give you a trick question, so if you get confused, just take the simplest interpretation possible.

Oh, and like webdevil said, there really is no alternative to taking it from the EC-Council.

Cheers,
-J
Hacking The Everyday - My blog blabberings about life, computer security, and everything in-between.
Don't forget to Read the Rules before you post!

#8 E411

E411

    Private

  • Members
  • 17 posts

Posted 16 November 2010 - 10:49 PM

To be honest, within the hacker/pentesting world, the CEH is a bit of a joke.

I don't mean to demean anyone, or anything of the sort. I work in a well-known nationally recognized organization doing this sort of thing and nobody on our team had the cert.

We had a customer require that someone on our team have this certification, so my boss called me and asked if I could take it tomorrow.

Sure.

We got special permission from the ECC (they're friends of one of our guys) and I sat for the test the next morning.

I found it to be moderately challenging, but not hard. I passed it with no formal study, other than 5 years experience doing pentesting work. Some of the questions were completely absurd, asking about which commandline switches of which obscure toolkit do what, but some was useful.

Overall, it was a little like the A+ cert, where someone who knows their stuff can pass it easily, but the knowledge you gain from doing a "bootcamp" is practically useless in the field, other than demonstrating that you understand the underlying technology.

It's certainly not the worst cert out there, but it's certainly not the best either.





Also tagged with one or more of these keywords: security, network security, network, programming, malware, virus, tools, certified, certification, firewall