Hello,
I recently passed CEH v10, eJPT practical and CEH practical and one red team lab: Attacking Active directory with Linux at Pentester Academy. I’m not a pentester at all, currently shifting to security project management.
One thing most people ignore while learning CEH v10 (theorical part) is focusing only on the questions to just get the cert. But the official course comes with plenty of labs to practice and this is exactly what you will do during the CEH practical.
So 85% of the 20 tasks (6 hours lenght) are all about those labs at the ec-council aspen.
Of course, this is an open-book exam so you can use internet HOWEVER you can’t use eccouncil official materials (including those detailed labs).
The first questions are just basic recon, enum CTF then it moves to web application (website enumeration, sql attacks). So no custom payload to do, no need of metasploit or to write any bash-python-powershell on the spot. But they included some forensic, veracrypt stuff, rainbow tables attack (seriously ?), and Nmap + Wireshark to know well !!
You can’t use your own VM, they provide you an outdated Kali machine and a Windows server 2016 machine. Both are needed for your exam including the targets in the network range.
To me, it seems like a cert as an assistant pentester, without deeply exploiting nor pivoting. They made the the ECSA and LPT exams beyond that point but it seems messy just like MCSA and back then the whole CCNA, CCNP+ tracks.