Just passed the C|EHv9. If anyone is interested in tips, I'd be happy to provide.
I'd be really interested in knowing what the exam looks like. Is it only basics stuff as DVWA?
Well it's not hands on like DVWA is, so it's a basic overview of ethical hacking. Like the laws, the agreement between the pentester and the client, pentest process, ports and protocols,, nmap scans and what flags are returned when a port is open vs closed. You need to know owasps top 10 and theShellshock, Poodle, and Heartbleed....stuff like that. You can take a practice test on skillset.com and it will gauge where you are and help you prepare for the exam. There's a free and premium version. You should check it out.
Is Heartbleed still considered a new vulnerability? It's almost 2 years old!
I might have to take the practice exam. This sounds like stuff i deal with daily. Do you REALLY need to study hard?
It depends on your background really. I had to study very hard because I didn't really have any. I went through each of the 20 something modules on skillset.com to learn. Looking back those modules gave me a very solid foundation for ethical hacking, but went far beyond what was tested on. Skillset now has a premium version. For you I'd suggest the CEH pocket prep app available on Android. It's $30 something dollars but would be perfect for someone like you who already has that foundation and just needs to specifically prep for the exam. It's very similar to what is on the test.
Ah cool, I'm a pentester in my day-to-day, and have several prep books, but have yet to make a serious attempt at getting the certification. I might just do so now on your recommendations! :D
EDIT: Errr the Pocket Prep app says it's free? Or is it going to prompt me to buy something when i open it?
Yes the basic version is free, but I went ahead and purchased the pro version, it's like $30 but worth it. Sorry it took so long to reply.
Hi, Congratulates and all the very best in gaining a future LPT.
I would like to know what was the mode of learning you took? Online/Offline? From where you took the training?
i am planning to start learning for CEH by April.
So I tried everything out there short of enrolling in an official prep-course. I purchased the all-in-one ceh study guide, the book of practice tests, and it came with this "total tester" software exam engine. I also used skillset.com and worked through all of the modules listed under CEH. They now have a premium version that specifically prepares you to pass the exam. It's $99 and it's supposed to save you a lot of study time, If that option existed when I began studying I would have gone that route and not purchased the books. Also, There's a mobile app for CEH preparation for android. It's like $32 for the pro-version. I studied that waiting in the 3 hour line to vote for Bernie Sanders. A solid number of those are the exact questions were on the exam. The material on here will help too.
can you just put here the link for the $99 study material? Whom do you mean by"They"? EC-Council?
EC-council has some of the worst reviews I have ever seen.
You are right. EC-Council is a terrible company for so many reasons.
Why is that?
I'm currently working in an IT Security company and we'd like to have a few certified ethical hackers. I wanted to start learning for the CEH certification in a few weeks.
Is this a bad idea or are there reasons why I should not make this certification?
Why do I say EC-Council is a terrible company?
First, their training materials are miserably bad and they charge an inexcusable amount for them.
Second, the test and the training are not Linux based. No real hacking is done from a Windows platform, yet their training is all Windows based
Third, there training and exam don't actually include any hacking
Fourth, they charge $500 for the exam.
Fifth, they try to make money on their students wherever they can. They are more like scam artists than a certifying body. Most certifying bodies are non-profits. EC-Council is a for-profit and they will try to scam you out of as much money as they can.
Sixth, their training materials are full of advertising for tools that no one uses. Apparently, companies are paying them to be included in their training materials.
As you can see, I have VERY strong negative feelings about EC-Council and I could go on and on. They really should not be in the business of security certifications.
Yes I've seen a lot of complaints from people who've attended EC-Council's bootcamps or purchased their courseware and failed the exam. That's why I decided to go the skillset route, plus you're right, their stuff is quite expensive.
So is it worth it to get this certification?As far as I know it's the best known certification as a ethical hacker at the market.Are there other good alternatives you can suggest?My company wants ethical hackers and they come up with the CEH certification.
I sent you a msg
Yes I've seen many. It was the best choice for me at this time though because unlike many of you, I didn't have any sort of background so it's an option for those really needing a foundation.
no I'm sorry. I was talking about http://skillset.com <-- Visit their link. They have an exam pass guarantee. The price is based on how many months you want the training for. $99 for just one month, $79/mo for 3 months, ect.
Aren't there certain requirements in order to take the exam itself? Could you elaborate more on that? Thank you and congratulations.
I'm in my last three semesters of college and I'm wondering which certificates I should start with.
I'm not certain, but I believe you need to be working in cybersecurity for 3 years or so before you can sit the exam.
I'm not sure if it was 3 years, but there is a requirement like that.
yea but its not like they actually check your references etc you can lie your pants off ya know like a social engineer :P
Let's not forget that the E in CEH stands for ethical.
They did check the references of a friend of mine who recently took the exam.
hey kiddo wanna be certified for cybersecurity? Just work in cybersecurity for 3 years.
From what I have actually heard from experts in the industry, experience doesn't matter as long as you actually have skill.
that's for sure. In terms of passing the ceh though, it doesn't have much to do with skill because none of it is hands on. It is backwards logic though. You can't get a cert without a job in the industry, you can't get a job in the industry if you don't have a cert.
"We're looking for someone of the age of 20-25 with 30 years of experience."
yeah, Phoenix is right. They call your boss to verify.
Yeah Phoenix was right, except it's 2 years. They consider exceptions though. For example if you don't have a full two years, all you need to do is have your employer write a letter explaining your contributions to the company with regards to cybersecurity. That's what I did. The application for the exception is $100.
Congrats I love reading about people getting into cybersecurity hope to hear more from you in the future!
Thanks Tombstoner! ha! love the name
Congrats! Do u have any summaries/cheat sheets that u used???