So, I know that CEH is largely a joke and EC-Council doesn’t have the greatest reputation - HOWEVER - I got an insane discount on taking the CEH Practical so, why the ■■■■ not?
Anyway… I was wondering if anyone here had experience with the CEH Practical, if any challenges or machines on HTB would make for good practice, and what prep materials I should use.
From what I’ve read it doesn’t seem like it should be that hard; however, I don’t want to go in too cocky and would like to ensure that I know what I need to know in order to pass.
So, I know that CEH is largely a joke and EC-Council doesn’t have the greatest reputation - HOWEVER - I got an insane discount on taking the CEH Practical so, why the ■■■■ not?
It gets a lot of abuse but try not to think of it like that. Everything you learn helps and I think you are making the right decision here.
Also, some people are rightly super proud about getting CEH so we shouldn’t dissuade them just because the EC-Council is a bit sketchy.
Anyway… I was wondering if anyone here had experience with the CEH Practical, if any challenges or machines on HTB would make for good practice, and what prep materials I should use.
Actually I cant help - I sat the CEH when it was Version 6 and it was basically a test on how well you’d memorised nmap switches.
From what I’ve read it doesn’t seem like it should be that hard; however, I don’t want to go in too cocky and would like to ensure that I know what I need to know in order to pass.
Thanks!
I think you are taking the right approach. While I cant help with specifics, the chances are it will be testing you on the methodology and approach that EC-Council want a CEH to follow.
I suspect that it wont ask for advanced reversing or exploit development but you definitely want to be efficient at enumerating a target, finding vulnerabilities and running common exploits.
I get that this is less than helpful so hopefully we can keep it bumped so lots of people join in.
I recently passed CEH v10, eJPT practical and CEH practical and one red team lab: Attacking Active directory with Linux at Pentester Academy. I’m not a pentester at all, currently shifting to security project management.
One thing most people ignore while learning CEH v10 (theorical part) is focusing only on the questions to just get the cert. But the official course comes with plenty of labs to practice and this is exactly what you will do during the CEH practical.
So 85% of the 20 tasks (6 hours lenght) are all about those labs at the ec-council aspen.
Of course, this is an open-book exam so you can use internet HOWEVER you can’t use eccouncil official materials (including those detailed labs).
The first questions are just basic recon, enum CTF then it moves to web application (website enumeration, sql attacks). So no custom payload to do, no need of metasploit or to write any bash-python-powershell on the spot. But they included some forensic, veracrypt stuff, rainbow tables attack (seriously ?), and Nmap + Wireshark to know well !!
You can’t use your own VM, they provide you an outdated Kali machine and a Windows server 2016 machine. Both are needed for your exam including the targets in the network range.
To me, it seems like a cert as an assistant pentester, without deeply exploiting nor pivoting. They made the the ECSA and LPT exams beyond that point but it seems messy just like MCSA and back then the whole CCNA, CCNP+ tracks.
I actually took the CEH Practical myself, and while there’s some skepticism, it’s a good learning experience. HTB machines are awesome practices, especially ones that focus on real-world scenarios. For prep, dive into hands-on labs, and read up on tools like Nmap and Wireshark. Also, use whiteboard task management to be more efficient. I hope that helps!
Hey all, I’m thinking of taking the CEH to obtain a job in cyber security, has anyone done it recently, what’s your experience with it? It seems super expensive and I am reading a lot of comments against it. What are my alternatives?
Hey, as the OP on this thread, I can comment to the CEH Practical. I did take the “exam” and earned the cert.
First off:
CEH Practical will not get you a job in cyber security. Most people don’t realize there’s a “practical” version of the CEH and EC-Council has done a lot to burn a lot of bridges in the industry. Regardless, no cert will get you that job. It might help you get into the interview, but that’s about it. Some employers do require certifications and CEH is generally considered an “entry-level” cert at those places. I’d recommend the CEH Practical if you manage to snag the scholarship for it, you’ll still pay $100, but I don’t know if I’d say the certification is really worth more than that. Otherwise, there are some better options out there (jump to the third section!).
Second:
The test is really poor. It’s focused around a lot of web application exploitation which is fine and all, but it doesn’t really go further than that or explore chaining exploits. The lab environment is awful - I had to have the proctor reset my lab environment several times. It was slow and, at times, would become unresponsive. I completed all but 1 of the challenges in the allotted time and would have probably finished them all had I not wasted a couple hours on lab environment maintenance. It was a really poor experience.
Third:
Instead of the CEH Practical, if you’re looking for practical skills-validation, I’d recommend you include your work on HTB on your resume (completed xyz labs, achieved x rank - TryHackMe is another good option there), work on bug bounties (and include that on your resume), build home labs, go to conferences and network (it’s not about what you know, it’s about who you know), etc. If you feel like you’d like a pen-testing cert, take a look at the eJPT from INE. If you’re kicking ■■■ and taking names on HTB, consider the OSCP - this is the gold standard for pen testing certs and a lot of companies have started regarding it at the same level of a CISSP (though for different roles). There are a lot of better options than CEH out there, but the point is to keep learning and figuring out new ways to showcase your skills to potential employers (in a safe and legal way).