EH-Net

Hi

I want to appear for the EH exam.
Need some info so as wht is the syllabi & which books to refer

needed inputs from all members

thanks

I want to appear for the EH exam.
Need some info so as wht is the syllabi & which books to refer

Here is the description of what is taught in the class -- all these topics are fair game for the test:
http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

EC-Council sells the official study guide.  Very expensive.
http://www.eccouncil.org/studyguide.htm

Other resources are coming out soon from Sybex, Exam Cram and CBT Nuggets.  There is a thread of books over at the certifiedsecuritypro site.

http://www.certifiedsecuritypro.com/component/option,com_smf/Itemid,190/topic,126.0

We had good intentions of starting a study group, but with running 2 sites, having a day job and trying to raise a family, it is difficult. Maybe we'll pick this up again in the next month or so. Either way, we did list several steps (and links) as a starting point for studying for the CEH / CPTS exams. You might find this helpful:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,35/topic,29.0

Don

What with my studying for the CCE exam now, I have some time available; I could help lead the study group, if no one else minds. I do have the knowledge inbetween my ears, despite that there are no jobs for it here in the area.

How do you discourage a potential employer from thinking you might go rogue and disgruntled and bring their sysytems down? I think this is a major obstacle to finding a job in ssecurity, at least in my area. I already have removed the CEH logo from my resume, but I am still very heavy into the tech. It REALLY is cool.

 8)

If you start a study group I may be interested in joining it.  I will be ordering the courseware from ec-council in the next week or two.  Kinda nice that my work is paying for it.

Sounds cool to me. I passed the CEH exam in Dec. 04. I had to pay for it myself, but I was able to get a 20% discount on the price. I still cannot find any work doing any of it, though.

If your work is paying for it, great. One word of caution: Like I said, I passed my exam in Dec. 04. Around May of 05, EC-Council announced a CEH "ver.4". If I look at the CEH syllabus now www.eccouncil.org/ceh.htm (http://www.eccouncil.org/ceh.htm) I can see a few things that were not included in the class I took.

For Instance: there is something listed in the ver.4 course syllabus under Module 13, "Web Based Password Cracking Techniques--Mary Had A Little Lamb formula". I still cannot find out anything about what that is.

Don, do you have any idea about the "Mary Had A Little Lamb formula?"

It is pretty good that my work pays for it.  But then again I work for IBM.  They did give me the opting to go to the boot camp.  But I figured I would do the self study and then either go to either the CHFI or IBM EH course next year.

Do you do any programming? It would help for the exam. I don't do any programming, so I didn't pass until my third time. I just studied what I wasn't sure of, and kept plugging away.
Be warned, after you pass the exam, it will be a loooonnnng time until you recieve the cert. Just ask Dengar13, also on this forum. It took me almost 3 months to get mine. Dengar didn't get his until it was after 3 months.

I have no idea what a "Mary Had A Little Lamb" Formula for cracking passwords is. I could make some guesses, but that's all they would be... guesses. I'll ask around.

Also, I have no problem with you leading the study group. I'll try to participate as much as I can. Also, being part of a group may help motivate me.

Should we continue this part of the conversation in a new thread of The Charter Study Group?

Don

Sure, that sounds fine. I've never really done this before, but like you say, you don't have a lot of time, and I guess I have more time than you. After winning that great prize. I'd like to give a little back. Help out wherever I can, y'know?

Oyle

From what I understand, "Mary had a little lamb" is not a password cracking method, but rather a manner in which passwords can be composed. The idea is to take the abbreviation of the first letters of a well known song or poem an use it as a password. For example the password derived from Mary had a little lamb would be Mhall. While the password is not quite a complex password it is some-what obscure and obviously not a dictionary word, while on the other hand is still easy for users to remember because of the association to the song or poem.

Obviously you could compose a list of the first lines of many well known songs and add them in to the dictionary to use in a dictionary attack.

If my explanation is wrong, could someone please correct me.

Hey, it's the first explanation I've seen for it anywhere. I guess it makes sense, although you're right, it's not a complex password, or even a good  password. But I could find plenty of obscure enough songs to use to create a decent password.

But I use a method to create complex passwords even easier: I just use any 5 to 8 characters off the Microsoft COA (Certficate of Authority) labels on PCs installed with Microsoft OSes, Microsoft software, etc. Microsoft has a server in Redmond that does nothing but crank out those 25 character Product Keys, 24/7. Any of these, taken in any order, makes for an excellent password.

You're new here, right? Welcome. Hope you have a good time here.

BTW, on the EC-Council CEH syllabus, "Mary Had A Little Lamb Formula" is technically listed as a "Hacking Tool", at least it looks like to me.

Actually, Negrita was one of the first to register on CSP Mag (April 8 of last year) and has been with us a while.

Glad to see you participating on this site, too.

Don

Thanks for the welcome. I was actually the 3rd member to register here too (on September 10th 2005). I stumbled upon this site when it was still an empty shell under construction, that was even before registering at CSP. At that stage I didn't know that both domains belong to don.

I am new to the site and am interested in joining the studying group for the CEH Exam. 

I just recently passed the CISSP and am on to the next giant to conquer.

If you have started a group and there are pre-requisits let me know...

Respectfully,

cese59

No pre-reqs here, welcome to the forum.  This group hasn't really taken off like it had been envisioned.  Are you going the self-study route or the EC-Council route?  They have much more study material now then when I was studying for it.

I've volunteered to lead the study group. I passed CEH in Dec 04.
No requirements that I know of, just your own desire, dedication, and commitment. Feel free to email me with any questions...

 ;D

I'm all for getting the study group ging with Oyle as the lead. But I need suggestions as to how to go about it. We have the Charter Study Group Board we could utilize. Not sure if we want to do that, create a new board, use this one...

Should we create a set of study goals? Recommended books, vids, guides, etc. What happens if not everyone has the same material? Do we assign homework?

Lots of questions to which I don't know the answers.

Let's really get this going, so we all pass the exams this summer. What do you think?

Don

Now that Negrita is going to go for CEH and myself and Oyle have the cert why not get this party started?  Negrita, first things first, get that form filled out and submit it to EC-Council.  They are pretty quick with the approval, and if they are not you have an in with Mr. Donzal!   :P

They are still on version 4 and I took it in it's infancy in October last year.  Some things have escaped my memory but will gladly help anyway I can.

So do we want to continue this discussion in the Charter Study Group forum?

http://www.ethicalhacker.net/component/option,com_smf/Itemid,35/board,24.0

We can update the list of participants of the group and plot out a study path. Dengar13 - I can set you up as a moderator.

Thoughts?

Don

OK dengar, I'll get the wheels in motion.

Hear hear!! :) My vote goes for Dengar. He'll make an outstanding moderator I think. He's been a wonderful member on another forum where I moderate myself. I don't think he'll have too much work as the members here and at CSP seem quite well behaved so far.


There are many options. One would be to set up a user group and allow only those users in the group access to a special forum that would be set up for that purpouse. the reason for restricting access would be so that the members of that group would be able to talk openly about things like the details of certain exploits or share the source code of malware, or generally post about things that you wouldn't want to post in an open forum (we are supposed to be ethical here aren't we?!!?!). Don (or Dengar) would have to decide on the criteria for access to that forum - perhaps by sending him a copy of the EC-Councils eligability voucher number.

Regardless of where it's set up, you could open up 22 different sticky threads one for each domain, and the users can add other threads of there own if they wish. Regardless of which study material each member uses, I presume that the exam must be based on the official course material, so it would be best to base the studies around that.

What do you think?

Sounds good to me. I did the CEH class back in June 04, so I have the official course material, pre-May 05 "Ver.4", if there is any differance. I doubt many students would have the courseware, unless they purchase the books off the EC council website. Makes the most sense to me, start up 23 (approx.) different threads based on the different "modules" in the courseware. I could post "starter" threads in each to get the students going.

Could not probably in good conscience recommend any study guides or books outside the courseware that I did not already have exposure to. I didnotice that the actual test covered something that was not covered in my class, namely, URL Deobfuscation. COuld do a thread just based on that; seeing as how it was not in my class but WAS on the exam I did, I would think that would be pretty important.

Oyle

I'm not so hot on the idea of a closed group. My whole point for the site is to have an open resource. Even those who are not part of the study group can benefit from the info. Making it read-only for non-members might be a good compromise, but I'm not completely sold on that idea either. I'm heavily leaning towards open forums for everything.

With that in mind, here are some specific questions?

1. Dengar - Will you moderate? If so, I need for you to help decide what materials to use and set a study schedule. I don't want to rush, but I also don't want to wait until the end of the year. A happy medium might be to aim for all of us to take the exam(s) starting July 1. We can discuss details off board if needed.
2. Who's participating? In the Charter Group Intro Post (http://www.ethicalhacker.net/forum/index.php?topic=29.0) the following members expressed interest: don, dengar13, shavedlegs, mno, bilals91 and tmartin. Looks like we're adding cese59, Oyle and Negrita. I think all who want to participate should check in to that forum and let us know what you have accomplished already... took class, read book(s), already passed an exam, have done nothing yet, etc. and what you plan to do like if you have already signed up for a boot camp.
3. Is this only for CEH or do we want to do both CEH and CPTS? The intro post says both. Confirm your thoughts when you add your name to the intro.
4. I'm thinking we have the separate domain threads in the Ethical Hacking>CEH Category but keep the group study sessions in Certification>The Charter Study Group - Pen Test. This way, when new groups are formed or people just want to get an overview of the domains, no major re-posts are needed, but then each study group can have its own area and pace. I'd like to keep the study groups in the general Certification Category (where the Charter currently resides), because we could have study groups for many other topics IE - The Charter Study Group - Forensics (hint hint).
5. Oyle - Can you start posting introductions for each domain in the CEH Category?

Since it seems like we are all serious this time, let's continue the planning in the Charter Group - Pen Test Forum (http://www.ethicalhacker.net/forum/index.php?board=24.0).

Don

Negrita, thanks for the kind words.  I would be honored to be a mod.  I will post questions on each domain to challenge the study group.  I like what Oyle has suggested a lot!  I will be more than happy to discuss study materials or anything else you want to brainstorm about.  You are right the sooner the better.

I would prefer to do CEH only but that is just my opinion, wouldn't want people going for this cert to get confused.   :o

I like the way this is heading!

Don,  one question, if I am a mod does that rule me out of contests?    :'(

PM me if you need my offline info!

Happy ethical hacking!   ;D

One thing I forgot to ask, are there going to be rules on the forum or is it total free speech.  We may need some ground rules but it is your world, Don and I am just living in it.   ;)

It took me a while to get all the required documentation together, but I eventually did it and faxed everything in at the begining of this week, and I received my eligibility number this morning.

Now all I have to do is study and do the exam.  8)