Over a month after completing my course, I finally got to take my test, and I passed!  I do have to say that it was a little more challenging than I expected after going through the course and reviewing study materials.  NH did a great job with what they were given (v7.1 is still kind of rough around the edges, bug-wise,) and I'm glad I chose them for my course. 

Thanks for all the help given through this thread.  Onto my next challenge!

I decided to try Sybex's practice exams last night.  Getting much better results there.  I did miss some questions, but passed all of their 20-question segments on my own with 85-100%.  Found  the areas I need to focus on and wlll be studying them throughout the week.  In fairness, the PrepLogic demo practice test only had 50 questions, and there was a lot of focus on ancient tools that were never mentioned in 7.1 training.  I probably should have diversified my practice testing before freaking out.  

Either way, feeling a little more in-line with what I'm expected to know.  A week's practice should seal the deal on the exam.

Thanks.  I wonder if we're talking about the same instructor, then...     While he's very helpful, we have spent a lot of unnecessary time waiting for troubleshooting on his end.  I've just gone about my business on those occasions, though, and it hasn't posed a serious problem that I can tell.

I mentioned in my other thread that after taking a PrepLogic practice exam (v6 I think,) I'm feeling very underprepared now.  I think a lot of it has to do with the outdated tools referenced in the practice exam, but I'm hoping our instructor has done his best to prepare us for the v7 test.  Seriously makes me wonder now.  I plan on spending the entire weekend brushing up on my weak spots (don't remember ALL of the nmap switches off the top of my head, etc.)  I'm sure I'll pass when I'm ready, though, as I truly do understand all of the concepts we've worked on in class and have some real-world pentesting experience under my belt.  Most of what we covered seems pretty elementary for me, which is why I'm so shocked that that I bombed the practice exam.  Just a matter of knowing what I need to concentrate on, I suppose.  That and taking the correct version of the exam should help. 

I'm very glad that I went through the trouble of setting up my own lab ahead of time, and I strongly recommend that all future CEH course takers do the same.  While our instructor did set up a decent environment for each user, we remote users are stuck with VNCing into our host machines and running VMWare Player to use our VMs.  Lots of lag and keyboard input issues to say the least.  My local VMs have been working perfectly for me, however, and since no one can see my screen, I also don't feel "under the gun" when doing lab excercises.

I don't want to start another topic for this, since I've kind of been spamming this forum with my questions anyway, so I'll bring this up here:  After getting into the meat of this course, I've been feeling very confident of my abilities, as I've used and played with nearly everything we studied in class on my own over the past year or two anyway.  Since tomorrow's our last day, I decided to get a jump on test preparation.  Downloaded PrepLogic's 50-question CEH practice exam and tested.  I do want to note that I believe it's an outdated practice test (seems to be v5 or 6,) but I was absolutely shocked to see that I failed pretty miserably.  Twice.  Since the practice exam contained a lot of old info, such as Windows 2000 exploitation and near-obsolete tools that I've never touched, I don't want to put too much weight into these results, but it's making me seriously reassess my skillset, or possibly even whether the official courseware is sufficient study material to pass the CEH.  

Am I off-base in thinking this way?  Or is the v7 exam that much different from the older versions?  I was originally planning on taking the exam as soon as I could possibly get it scheduled, as class has been cake, but not so sure now.

I kinda feel strange asking him that, but he seems to be speaking from experience on a lot of this stuff.  I'd like to think that I can sense my own, and he's definitely a True Geek (that's a very good thing IMO.)

Overall, this has been a good experience and I can't say enough good about the instructor.  However, there are still some major issues with a couple of the modules in CEH 7.1.  Our instructor is working as we speak with an SQL guy on fixing the SQLi module in the course, as we had to skip it and the XSS section today.  Hopefully they can get things patched up by tomorrow and we can finish up on those. 

Well, I've completed day three of my five-day course.  I plan on writing up a review afterward, so I don't want to post too much here just yet.  Just a quick update so far:  

My instructor is excellent and very willing to help the class with any problems they may have.  I don't know how the rest of NH's instructors stack up, but I'm very happy with mine.  v7.1 seems to have far less technical / layout problems than people have reported with 7.0.

I do, however, feel that I perhaps should have chosen a more advanced course/cert.  I feel that I could probably test out of this with some light studying.  Everyone is different, though, so I wouldn't suggest that route to everyone.  I'm very glad I'm going through the course, as I've learned some pretty cool things so far, and I'm solidifying my knowledge in topics I'm already familiar with.

I'll post a full day-by-day review after my course is complete.

Ahh... hardware exploitation.  Take a look at Chris Tarnovsky's work.  This guy blows my mind.  Chemistry, precision mechanics, and code.  

http://www.youtube.com/watch?v=tnY7UVyaFiQ



PS - Didn't realize I dug up a rather old thread.  Sorry, mods.  

I just got done reading your review of your experience with the pilot, which made me start to question my patching.  Very informative review, by the way.  I wonder if I should go back and perform fresh installs on the machines that I patched up.  That way I can always snapshot afterward and then re-patch during class if necessary.  New Horizons has been somewhat vague on most things I've asked about the course so far, so it wouldn't hurt to be over-prepared.

Perfect... Setting up the lab right now.  Thanks for the answers, guys.

Thanks for the reply.  So to clarify, I shouldn't have to flatten one of my Xen boxes and install Win2k8 / Hyper-V?

I'll be starting my training next week for the CEH in a live online environment.  Documentation they sent me said this:

"You will need:
•   A host computer running Windows Server 2008
•   A web browser (Firefox, Internet explorer, etc.) with Internet access
•   A Windows Server 2003 Virtual Machine
•   A Windows 7 Virtual Machine
•   A Windows XP Virtual Machine
•   BackTrack and CEH Linux as VM"

I have a couple XenServers at my disposal, so VM creation isn't a problem.  Do they want all the VMs running under Hyper-V on Windows Server 2008, or do you think I could create a Xen VM for each system?  Do they want them all patched to the latest versions?

I also wonder if they want them all powered on at once.  Might have to free up some substantial resources if that's the case.  Any suggestions much appreciated!

Just received my course materials this afternoon.  Tons of material.  Looking through everything, I'm feeling pretty confident about how I'll end up performing.  This is a wonderful opportunity to fill in the knowledge gaps that I have as well. 

I got the instructor's bio the other day, and he is VASTLY certified.  I'm just hoping he proves to be a good teacher. 

I haven't dug through this too far yet, and haven't gotten much info from New Horizons, but is Frankenstein 1.0 included with 7.1, or is that something that only EC-Council's training offers?

I will be doing a live online course for my CEH through New Horizons next month.  Has anyone here had any experience, good or bad, with them?  It's a 5-day course, and I like the fact that I have the option to repeat the course, either live or on-site, within six months after taking the initial course.  I was even able to get them to include the voucher cost in with the training course.

Apart from that, I'm also in the process of setting up some physical and virtual machines in my office/lab.  Any suggestions on what kinds of systems I should include?  I've got a Metasploitable VM, a Lucid Lynx box, and a Windows XP SP2 box in my VLAN now.  What have you guys used in your labs?

Thanks for the heads-up.  I'll keep adding more devices/VMs to my test LAN.  Any suggestions for Linux targets besides Metasploitable?  Perhaps some older versions of CentOS or RHEL?

Just wanted to drop in and say hello before posting on the forums.  This site looks to be an excellent resource.  So funny how ethical hackers seem to have a better grasp of civility and lack of trolling nature as compared to the others.  That's going on what I've seen here so far, anyway. 

A little bit about myself:  I've been in the IT field for about 12 years now and have always been security-oriented (we'll just say my formative teenage years were a lot of fun.)  As I've grown up, I've worked my way into being the sysadmin/one-man IT show for a very respectable local accounting firm.  I've used my Linux skills to build a VoIP system for them and have made substantial improvements to the firm's IT structure as a whole.  Perform pentests with BT every three months or so, and keep sharpening the blade as time goes on.

Long story short, it's time to get my skills onto paper and to make some money doing pentesting for clients during my admin downtime.  Management has approved my CEH training, and I'm sure our firm can use the knowledge gained from the training for our own network's security.  Certainly won't stop at the CEH, as there's ALWAYS more to learn. 

Anyway, glad to be here, and am enjoying my lurking of the discussion boards so far!