Really sorry to hear that.  I actually had a similar experience a number of years ago.  I had the opportunity to work for a friend of the family, everything was set, the interview was more a formality, but afterward the friend had a discussion with the guy that interviewed me and the guy essentially told him that I didn't know anything, wasn't worth the time, and he didn't want to work with me.  I was really down for a while, and I finally decided to "show him" and used it as a life lesson.

The best thing to do is think back on your work from their perspective, try to see what may have been negative and really work on it.  You wouldn't be in the field if you didn't love it, so take it easy, refocus on applying for jobs, get something so you won't starve in the mean time, then apply for a better "dream" job.  Chances are next time around you will be focused on different things, always trying to improve yourself, and will be an even better asset to your next employer.

Don't give up!  It was a great experience and next time know you'll do better.

Thanks everyone!


I actually needed to get CEH done quickly as now I need to study for CCNP.  I will be attending Cisco Live in June and I'll need to be ready to take the ROUTE exam by then.  Not sure if it's too aggressive to try for CCNP by the end of the year, maybe ROUTE and SWITCH this year and then TSHOOT exam next spring.  I didn't want to jump to CCNP without CEH yet, so I'm thankful I passed!

Hi all, I just completed CEH this week (finally!).  I took a rather comprehensive approach and tried to include some review of each piece of study material I used to accomplish the cert.  If anyone thinks I say too much or need more elaboration, please comment.



In December 2010, I was chosen as the recipient of the Global Knowledge monthly giveaway for the Certified Ethical Hacker (CEH) v7 course.  Finally, in February 2012, I completed the CEH exam.  It took some time to reach completion, but I am definitely enriched for the experience.

The following explains my experience and personal reaction to the pursuit each step of the way.

Global Knowledge – CEH 5-day class
I have heard it said that the success of this class depends highly on the instructor.  The instructor for the class did an extremely good job of teaching and bringing real experiences into the classroom.  He rarely read from the slides verbatim, instead he told stories and presented the content through its application.  I appreciated this style of teaching very much.  (I will not reveal his name because I don’t think he’d want me to.)

The class was very appropriate, intended to teach hacking concepts with some hands-on labs that were well designed and beneficial.  Thinking back on the training class, I remember some of the labs we did, the tools we used, and even some of the instructor anecdotes, which actually says more for the class than any review can.  If I can remember these things from 6 months ago, it was clearly memorable.

Global Knowledge did a good job with the class, but now after taking the exam, I would have a hard time saying the class prepared me well for it.  Granted, it wasn’t supposed to be a boot camp, but what I mean is the class probably went too deep for the type of content that was on the exam.  That said, I would imagine it was taught exactly the way EC-Council wanted it taught, so I can still say it was worth attending.

Positives:

• One student per computer (very important for me, I learn WAY better individually than in a group)
• Projector used the whiteboard rather than a normal projector screen, which allowed the instructor to write notes “on” the slides
• Good discount on hotel
• Nice view from break room
• Excellent snacks (hey, this shows professionalism!)
• Class breaks were staggered to avoid interfering with other classes

Negatives:

• Staying late not allowed
• Some demos took too long when they didn’t work right away, causing time constraints
• Mediocre giveaways

Official Courseware
I don’t have much to say about the official courseware.  I did peruse it just before taking the exam to make sure the topics I studied were relevant to the actual material, but otherwise I didn’t pick it up much after the class.

A few things to note about the included courseware package:

• Books much less cumbersome than previous versions
• Books in color – Still powerpoint slides, but they were well designed, no explanatory text
• Laptop bag is functional but not top-notch, more a nice piece of swag
• Shirt was only available in XL, 2 sizes too big for me

Exam Prep Book – CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker
When I prepare for a certification exam, I spend a lot of time reading.  I wasn’t able to find any exam prep book for CEH v7 until this one came out, so that was my selling point – it was the first one I found.  I am happy to report that I enjoyed the book very much.

After receiving the book, I leafed through it and then checked out the CD to see what was included.  To my surprise, there was a PDF copy of the book on the CD!!  I immediately copied the PDF files to my Kindle in preparation for reading the entire book digitally.

(Brief note on Kindle textbooks:  Reading textbooks on Kindle is a tricky thing.  Sometimes graphs and pictures don’t show up correctly.  It is also hard to skip through large chucks of text at a time and find something you’re looking for.  I tend to read cover to cover, so this method is OK for me, as long as I have the physical book present for reference.  I would not recommend getting a Kindle book unless you know it was actually formatted for Kindle.  Some publishers convert and quickly proofread, but this is not good enough as many intricacies unique to digital formats are not understood well and are missed.  It is also important to note that some of these intricacies are mitigated by using iPad instead of Kindle; I have both and I prefer reading on Kindle in spite of the limitations.)

At first glance, I noticed the book was only 11 chapters, and the topics were in a slightly different order than the official courseware.  For example, Cryptography was presented in chapter 2, while in the official courseware it was covered in Module 18.  This is not good or bad, the flow of the book was appropriate and complete.  It was just an interesting thing to note when I first picked up the book.

I read the book cover to cover, and after doing it that way it felt like that was how it was supposed to be read.  Throughout the book, the author’s consistent use of geek humor and real world examples made the reading smooth and easy, despite being jam packed with technical details.  Especially toward the end, when I found myself feeling fatigued from reading, the author would throw in phrases like “keep going, you’re almost done!” that conveyed a personal, one-to-one atmosphere.  I admire this kind of writing as it shows connection with the audience.

Things I liked:

• Good use of humor
• Appropriate examples
• Intended to be read cover to cover
• Easy to read
• Current events are discussed
• PDF version included

Things I didn’t like:

• Focus on both exam and real life career (help me through the exam please, if I wanted career advice I wouldn’t look in an exam-prep book)
• Use of “she” instead of “he” is distracting to me – this goes for the official courseware too.  Not to be politically insensitive, but the VAST majority of the industry is male so please use the masculine pronoun when needed, or just use “he/she” if you care enough to be inclusive.
• Adobe Reader 7.07 on the CD??  ‘Nuff said.

LearnKey MasterExam Practice Test
This practice test was included with the textbook.  After taking the exam, I realize the practice tests and content included in the book was actually very good.  Typically when I purchase an exam-prep book I have little confidence in the practice questions included since they are based on the book information and not necessarily matching with the actual exam.  In this case, I was pleasantly surprised.  The areas I struggled with on the practice test were matched with the exam objectives, and after putting in some extra studying I understood the topics quite well.  Related questions on the exam were therefore quite straightforward.  This speaks very well to the quality of the book and the applicability of the practice test.

Exam
The test is done, phwew!  I passed comfortably, though not perfectly.  This exam was the longest exam I have taken in my career, and I have taken quite a few.  Now that it is done, I can say I was a bit underwhelmed by the experience.

Leading up to the exam, I had very high expectations at the difficulty and comprehensive breadth of CEH, but the test was considerably conceptual and only mildly deep in certain areas.  A strong background in TCP/IP and decent test-taking ability would be enough to get through the exam without much trouble.  That said, not everyone has the TCP/IP background, and if I didn’t have substantial networking experience I would have had to commit MUCH more brain power into figuring out what each exam question was really asking.

I don’t mean to knock the exam too badly.  EC-Council did a good job putting together an associate-level course for security-minded individuals.  I now feel more knowledgeable on security topics and how hackers can map out a network without much effort, but I certainly do not feel any more prepared to perform penetration testing as a career.  If EC-Council wanted to go that route, I would suggest putting together a practical of some sort, a lab exam, to be performed post-CEH.

Final Thoughts
This feels like a milestone, like the “must have” certification in the security world.  This may or may not be true; it really depends on personal goals.  For beginners, the credential seems unattainable, but it can be done.  After taking the class, reading the book and taking the exam, I can see why.  Take the class, pay attention, do a little extra work practicing and it should be no trouble at all. 

One more thing to note, most of the information presented during my course of study was already familiar to me by reading and participating in the forums of The Ethical Hacker Network, so participation on the forums is extremely helpful for long-term career progression.

I want to send my special thanks to Don and the regulars at The Ethical Hacker Network.  Achieving CEH was a goal of mine ever since I first heard it existed several years ago, and being granted the training was an amazing opportunity.

One thing to add that I discovered later on - By default, the packets are truncated at 68 bytes (anyone know why 68 is the default???).

To increase this and get full packets, use the following command:
 monitor capture buffer CAP_BUFFER max-size 1500

For good measure, CEH material has gotten a LOT better over the past couple revisions.  I thought version 7 was pretty good in terms of proofreading and slimming down the number of tools *actually* used.  That said, there are still a lot of tools.

CEH is a good introduction to a security career, but as DragonGorge says it's certainly not the end-all cert.  If you are interested in hacking for knowledge, stick around here, check out securitytube, and then do CEH if you're still interested.  If you want to pursue infosec as a career, do CEH knowing you will need way more experience and higher level certs.

Hey all, this is a neat trick I found and used to assist some network troubleshooting at a remote site earlier this week and thought I'd share.

Starting in IOS version 12.4T, the packet capture feature was added to Cisco Routers.  I haven't seen this work on switches, but if you can get access to a router you actually have more power since you'll have access to two networks rather than one.


First, let's look at a basic "capture all" configuration.

From privileged exec mode:
 ! create a capture buffer
 monitor capture buffer CAP_BUFFER circular
 
! create a capture point used for filling the buffer, all interfaces, both directions
 monitor capture point ip cef CAP_POINT all both
 
 ! tie the capture point to the buffer
 monitor capture point associate CAP_POINT CAP_BUFFER

 ! start the capture
 monitor capture point start CAP_POINT

 ! wait.....

 ! stop the capture
 monitor capture point stop CAP_POINT

 ! save the buffer to a file
 monitor capture buffer CAP_BUFFER export flash:/capture.pcap


Now it's just a matter of copying the pcap file off the router, which is easily accomplished with scp:
 ! enable scp server
 configure terminal
  ip scp server enable

 ! use scp tool included with PuTTY suite (windows)
 pscp -scp <user>@<router_ip>:/capture.pcap .\capture.pcap

 ! disable scp server
  no ip scp server enable


Pretty cool?  Second, we can also limit our capture filter based on an access-list.

 ! create access list
 configure terminal
  ip access-list extended CAPUTRE_LIST
   permit ip host <source_ip> any
   end
 
 ! create a capture buffer
 monitor capture buffer CAP_BUFFER circular

 ! apply the capture filter to the buffer
 monitor capture buffer CAP_BUFFER filter access-list CAPTURE_LIST
 
 ! create a capture point used for filling the buffer, all interfaces, both directions
 monitor capture point ip cef CAP_POINT all both
 
 ! tie the capture point to the buffer
 monitor capture point associate CAP_POINT CAP_BUFFER

 ! start the capture
 monitor capture point start CAP_POINT

 ! wait.....

 ! stop the capture
 monitor capture point stop CAP_POINT

 ! save the buffer to a file
 monitor capture buffer CAP_BUFFER export flash:/capture.pcap


Copy the file off the router and you're done!

Anyway, I thought this was pretty cool, didn't know it was possible until this week.  I can imagine using this to not only sniff cleartext passwords from telnet, but also VoIP... HTTP... all from a router that is typically not looked at every day.

Thanks, but actually the point here is that I can't get into the OS.  The phone is stuck in a boot loop.  I even flashed a new OS on there and the new OS boot loops as well.  Clockworkmod is the recovery partition, which I can get into, but I seem to be unable to mount internal storage.  Hence my problem...

2011 I got through CCNA, which was the big work-related one, then I had CEH on my plate but got distracted by a college class that took more time than I'd have liked. 

In 2012 I plan on working on CEH over the next month or so, then starting up CCNP next summer, hopefully taking ROUTE or SWITCH by Cisco Live in June.

I did try to mount the device through clockworkmod.  Booted, mounts and storage, mount USB storage.  All I am given is the SD card, not internal storage.

Were you given internal storage when mounting from clockworkmod?  That could give insight into the nature of the problem...

Nobody has experience hacking Android?  There's got to be something out there.

This is the source of confusion.  It's not only the AP services that are being accessed, it's the internet service that is being paid for by the owner that are being accessed.  Let's consider them separately.


1. Access to internal network from open wifi

This is my point from earlier.  An open door does not imply consent.  The services the AP is offering provide entry into a personal network.  Just because the network is digital instead of physical, that doesn't make it any less personal property.  The owner purchased the equipment, configured it for personal use, and it is serving the owner as such.  In the case where this serving is capable of supporting more than just the owner, it is still the owner's property and requires the owner's consent.  Unfortunately, there isn't a very good way for an owner to grant that consent to a general audience, but this does not give blanket authority.  The consent is still required for access.  Getting a DHCP address on a network for possible access is equivalent to accessing a license, so yes, even connecting to an open wifi without explicit consent is not permitted.

2. Access across subscription-based internet link to external network from open wifi

This takes the same concept one step further.  Now the use is not limited to personal property use but also could violate the usage agreement between the owner and the service provider.


Who is at fault if the owner enables this by disabling security?  Well, who is at fault if a car door is left unlocked in a mall parking lot and your CDs get stolen?  The owner may be at fault, but theft is still theft.  In the case of open wifi, the theft is just harder to classify.

I don't know about this.  The past few routers I've configured do a very good job of making strong suggestions to the user that secure is better, namely in these routers I would have had to jump through hoops and multiple warning messages in order to turn OFF security.  With WPA2, all you need is a PSK.  It's another password, not even with the complexity requirements.  I don't even care if the password is written on the router itself.  The problem is not manufacturers, the problem is always and will continue to be the human element.

That said, open wifi is not an invitation.  Legally even the police can't come into your house without a warrant, even if the door is open.  No explicit consent = no consent = illegal.

Yesterday a co-worker asked me if I could recover his personal data off his android phone.  The phone went into a boot loop and he can't get to the OS any more.  Getting another phone isn't a problem, but he has a bunch of pictures at least he wants to get off, and SMS messages if possible.  It sounded like an interesting challenge so I said I'd give it a try.

HTC Incredible (v.1), running android 2.2. Luckily (or not), the phone is rooted.  I did a bunch of research and found that a factory reset doesn't remove personal data, but memory wipe will.  Selecting factory reset brings me to the Clockworkmod 2.5.0.5 recovery menu, which doesn't give an option to factory reset without memory wipe.  I did a backup to a spare SD card and extracted the IMG files, but the pictures/SMS messages were not in there, though system data and application data were.

As almost a last ditch effort, i applied the latest CyanogenMod without wiping the device, hoping I could at least get to a point where the internal memory is mountable, but the CyanogenMod boot-loops as well.  Sounds like hardware failure to me.

SO: does anyone know of a tool that can be loaded onto the device or accessed through windows/linux that will allow access to the internal memory of this device?  Has anyone had to do this kind of recovery before?

Thanks!

Looks like this is a new exam offering, designed for post-Security+ work.  There is an additional $100 the exam price if you take it by the end of the year, though there are no study materials out since this is a brand new cert.

http://offers.comptia.org/casp100A/?utm_source=SilverpopMailing&utm_medium=email&utm_campaign=20110915_CASP_100_Off%20(2)&utm_content=&spMailingID=37289328&spUserID=OTQ5MjcxOTc0NgS2&spJobID=116707163&spReportId=MTE2NzA3MTYzS0

In my case there are humans, but they don't have access to the configuration settings, nor would they have the expertise.  I will continue to think about it, otherwise we'll just have to wait for some one to be in the area.

Thanks cd1zz and l33t5h@rk!!