Hello ppl,

I just wrote my CEHv5 and I passed.
I would like to thank don for building a communication platform, wherein I really got to know how the exam would be.

I was tensed before the exam since I did a self study for not more than a week. The practical experience made the exam study easy for me. I used the Offical CEH Review Guide only. Since I had previous knowledge on almost all the topics.
The main thing that helped me in the study was the TestKing Practice Exams that I bought, only then did I come to know how the exam questions would be.

Note: The testking, actualexam and pass4sure all have the same questions.

If you are getting a 80/100 in the practice exams I would then say you are prepared to take the exam. What I was surprised during the exam was the number of log reading type questions that I got.

I had plenty of time for the exam 275 minutes since I am in a non native English speaking country. I took only 70 minutes to end the exam.

I would again like to thank ppl around here without whom I wouldnt have passed this exam!

Hey webdevil,

First of all, congrats. Secondly, thanks for the compliment, and you're very welcome. This is why we're here.

Speaking of which...

cector,

I can appreciate your enthusiasm, but if you're looking for dumps, this is not the place (especially if you want someone else to pay for them). If it's knowledge you seek, then welcome to EH-Net, the ETHICAL Hacker Network.

Looking forward to everyone's continued participation,
Don

Having an instructor can save time and has advantages, but you can begin your journey solo just to get your feet wet. Most hackers I have met began solo and that was the traditional method. Infact, no one would even talk to you in the past if you were a total newb. You had to prove yourself and your dedication.  At least learn all the basics on your own! Eventually you should think of everthing as your "instructor". Your lab, your books, websites, online instrution courses, fellow hackers, conventions, etc...  Never limit yourself.

Thats quite true........

If you get a mentor........things are on a fast track instantly and then you can nail any certification with your knowledge and a mentor's expericnce and advices. A lot of times it is easier to learn things by listening to someone & then discuss rather than going through the books again n again.

This is what I love about the CEH test. What a joke.  At least the Offensive security cert requires you to prove a certain ability to hack.  I have said it before, the CEH is just about making money and is the worlds largest collection of script kiddie material. I was involved at a seminar once where we had 4 CEHs attempt to crack a notebook running windows xp sp2 with only the windows firewall as protection. Not one of the CEHs could crack it.  And a major corp should rely on them to say their network is hack proof?  Here, I will do everyone a favor that is reading this. Get vmware and install an unpatched version of XP sp1. Now go get metasploit or at least a dcom exploit. Make sure you are not running a firewall or anti-virus.  Now run the exploit against your vmware and get a shell. Ok, I just saved you $3000, because that is what every boot camp I am aware of does.  By the way how does anyone certify that you are "ethical" any way?

I did take it for fun. I know Muts to be a first class pentester so I was curious about what he had to offer. Its a good course for several reasons. 1. Its reasonably priced. 2. It encourages learning programming. 3. It encourages people to think. 4. It does not make outrages claims that going through this course will make you a pentester, but its a starting place.   

I would not say its not for the total beginner and its not for someone thats advanced.

I normally steer clear of this type of discussion as I don't care about the CEH one way or another but to compare pen testing/ vulnerability assessments or "ethical hacking" to a Doctor is just absurd. But perhaps your intention was not to directly compare the two.

Either way, anyone can sit for the CEH exam, pass it and get a cert. A doctor leaving med school, has already gone through years of training and is required to do a residency as well. So until there is a requirement for a CEH to have done an internship/residency/show proof of experience, etc... it is simply an introductory cert in the same class as a security+. It does not attest to the skill level of the person at all aside from a basic level.

Perhaps there needs to be some kind of assurance or proof of their technical ability similar to what the ISECOM certs require.

If this cert is to simply show that the holder has a grasp of the fundamentals as you mentioned then perhaps that should be explained in much clearer terms to the individual because most of the cert holders next questions are not "how do I expand my knowledge from the basics" but instead are "how do I get a job as a pentester now that I have my cert".

I also fail to see how the term CEH or a similar term is a "needed concept in computer security". Pen testing and vulnerability assessments are not new concepts.

dean

Even so a heart surgeon would not be coming out of med school. This is what their residency is for. To train under a qualified and experienced surgeon until they are considered experienced enough to lead the operation on their own. Perhaps something similar should be required of our industry. Not very easy to do in our industry I know. But internships are always available.


This is not implying that there is no need for certifications. I am stating that I don't see the value of a term such as "Certified Ethical Hacker". It does little to encourage me from the perspective of a person looking to hire a pen tester. As you stated dealing with corporations can be difficult due to their mindset and requires as much management ability as technical ability.

I agree that a cert does have a lot of value and does provide a certain level of assurance to a corporation. It helps open doors for the cert holder too.

Does it certify a level of skill? Yes, but not to the level most people assume or expect. I have certs in various disciplines and I teach classes for these same certs. One of the first things I do explain that a cert is a stepping stone to broadening their knowledge. This, based on postings and conversations I have seen, does not appear to be the understanding of a lot of recently certified individuals. I am not talking about people that have earned the cert for reasons such as client confidence, etc... or have years of experience  behind them, but people that are now wanting to enter the security field and figure that a cert is the way to go or all that they need.

I have interviewed so called pen testers/ethical hackers that are unable to explain how a simple ftp connection is established using the OSI model as a reference for their explaination. This disturbs me as on paper they look qualified for the position yet don't have even basic knowledge.


I agree with you here. Name of cert aside, it, and others like it, are a good beginning but still have a far way to go from teaching the tools to explaining how and why those tools work or don't work.

While it does sound as though I am dismissing the CEH as a valid cert, I'm not. I'm simply saying that the perception of these certs needs to change.  I know many people with the CEH that are incredibly talented people and very, very good at what they do. But the cert is not where they gained these skills.

OK, time to step off my soapbox

dean