So, I know that CEH is largely a joke and EC-Council doesn’t have the greatest reputation - HOWEVER - I got an insane discount on taking the CEH Practical so, why the ■■■■ not?
Anyway… I was wondering if anyone here had experience with the CEH Practical, if any challenges or machines on HTB would make for good practice, and what prep materials I should use.
From what I’ve read it doesn’t seem like it should be that hard; however, I don’t want to go in too cocky and would like to ensure that I know what I need to know in order to pass.
So, I know that CEH is largely a joke and EC-Council doesn’t have the greatest reputation - HOWEVER - I got an insane discount on taking the CEH Practical so, why the ■■■■ not?
It gets a lot of abuse but try not to think of it like that. Everything you learn helps and I think you are making the right decision here.
Also, some people are rightly super proud about getting CEH so we shouldn’t dissuade them just because the EC-Council is a bit sketchy.
Anyway… I was wondering if anyone here had experience with the CEH Practical, if any challenges or machines on HTB would make for good practice, and what prep materials I should use.
Actually I cant help - I sat the CEH when it was Version 6 and it was basically a test on how well you’d memorised nmap switches.
From what I’ve read it doesn’t seem like it should be that hard; however, I don’t want to go in too cocky and would like to ensure that I know what I need to know in order to pass.
Thanks!
I think you are taking the right approach. While I cant help with specifics, the chances are it will be testing you on the methodology and approach that EC-Council want a CEH to follow.
I suspect that it wont ask for advanced reversing or exploit development but you definitely want to be efficient at enumerating a target, finding vulnerabilities and running common exploits.
I get that this is less than helpful so hopefully we can keep it bumped so lots of people join in.
I recently passed CEH v10, eJPT practical and CEH practical and one red team lab: Attacking Active directory with Linux at Pentester Academy. I’m not a pentester at all, currently shifting to security project management.
One thing most people ignore while learning CEH v10 (theorical part) is focusing only on the questions to just get the cert. But the official course comes with plenty of labs to practice and this is exactly what you will do during the CEH practical.
So 85% of the 20 tasks (6 hours lenght) are all about those labs at the ec-council aspen.
Of course, this is an open-book exam so you can use internet HOWEVER you can’t use eccouncil official materials (including those detailed labs).
The first questions are just basic recon, enum CTF then it moves to web application (website enumeration, sql attacks). So no custom payload to do, no need of metasploit or to write any bash-python-powershell on the spot. But they included some forensic, veracrypt stuff, rainbow tables attack (seriously ?), and Nmap + Wireshark to know well !!
You can’t use your own VM, they provide you an outdated Kali machine and a Windows server 2016 machine. Both are needed for your exam including the targets in the network range.
To me, it seems like a cert as an assistant pentester, without deeply exploiting nor pivoting. They made the the ECSA and LPT exams beyond that point but it seems messy just like MCSA and back then the whole CCNA, CCNP+ tracks.