Our wireless guru, Dan Hoffman, takes a stab at CEH. He shares his experiences while on the self study route and offers his thoughts on the process along the way. If you are going for CEH, this article is worth your time.

Review: CEH Via Self Study

Let us know what you think.

Don

This has been added to digg.com. Please help us get this article noticed:

http://digg.com/security/Review%3A_Certified_Ethical_Hacker_%28CEH%29_via_Self_Study

Thanks,
Don

PS - For all of our articles on digg, please visit our RSS Feed:
http://www.ethicalhacker.net/component/option,com_newsfeeds/task,view/feedid,11/Itemid,27/

The materials from EC-Council gets horrible reviews.  Check out Amazon.com to see what we mean.  Hacking Exposed 5th edition helped me out significantly.  If you study the modules you have fro that book of yours, read Hacking for Dummies and Hacking Exposed you will so fine.  Also, playing with NMap and other fun tools doesn't hurt either.  I remember specifically SQL injection questions.  Hope this helps my friend.

Apologies for the thread necromancy, but for the benefit of anybody who found this article on Google and is wondering if it's still applicable over 3 years later - it is!  The test itself is not too bad, but the study materials are a real slog, and one does get a sort of lost-in-translation feel from them.  More importantly, PrepLogic has fixed none of the issues with their terrible practice exam, and their satisfaction guarantee isn't worth the electrons it's printed on.  Only thing that's different is the price has gone up to $139.

Wow, I'm amazed. When I read Mr. Hoffman's write-up I was struck by how dead on he was on the EC Council material. But my amazement didn't really sink in until I navigated to this forum and found the article was written in 2006! All of Mr. Hoffman's dings on the EC Council material (misspelling, disorganized, et al) are still true in 2011 version!!!

One thing I was particularly unhappy with were their online iLabs - a horrible waste of time. Basically they just throw hundreds of tools at you (that much hasn't changed) with no real coherence. Worse yet, the labs themselves often don't match the software on the iLabs network.

I don't know how EC Council can miss this! Don't they solicit feedback?

Remember what Dan said about his initial impression of their website? "Hokey" was the word I believe. The same can be said for the iLabs - to call it "unpolished" would be kind. Basically, you log in and reserve time in 2-3 hour blocks. The system creates a virtual lab environment for you on their network from which you can run their Bible-sized (both Old & New Testament) book of lab "exercises". The exercises themselves are basically just a very (very, very) simplistic execution of the myriad of tools accompanied by screen shots. For example, they'll have you install Cain and attempt to crack a password file but it really amounts to click here, now click here, okay, now click here. Done! There are no targets per se, just 3-4 different platforms you can run the different tools on. And there are no end-to-end exercises.

The information in the lab instructions ran the gamut but peaked at "okay". They could be unclear: no front matter whatsoever on system requirements et al, no instructions on how to run the different OS configurations, etc. They could be wrong: instructions to install a tool that doesn't need installing, starting a [insert OS here] machine that doesn't exist on the system. They could be overly simplistic: one exercise actually ended with "Press File then press Exit to close the tool". Screenshots were often wrong and were accompanied by little blurbs in the margin which I discovered were just grabbed from the tool's website.

My favorite example was one tool that required a registration key from the vendor. Keep in mind, all the installation file(s) for all the tools are located on the iLabs machines. So when I register at the website and get the key it doesn't work with the version on the iLabs - the vendor had come out with a new version and the key didn't match. So now you have to download the latest version, get a new key, and - not surprisingly - the lab instructions were mostly irrelevant.

Overall, the iLabs came off like an afterthought. Like, EC Council is putting in a half-hearted attempt at making themselves a little more like OSCP.

Update: One other thing that's bugged me from the start, both with the DVDs & CD Labs...no TOC on the disk. So Disk 1 could have modules 1-16, 1-2, 1-5,...no way of knowing. You have to plug it in to find out.

Were you following the iLabs manuals? Or the lab guides included with the courseware? I would assume the books included with the courseware based on your description of "Bible-sized" book but just wanted to be sure.

Okay, that makes much more sense.

I don't know which was created first but I do know that there are specific lab guides for iLabs that are different from the lab manuals with the books.

I have a copy of the v7 courseware but it's still in it's wrapping in a box under my desk. Maybe I'll finally open it and take a look to see if I can recognize differences.

What I can tell you is that I personally reviewed, revised, and tested the iLabs manuals. I made sure that all of the problems you've referenced didn't exist. If a lab didn't work, I changed the instructions so it would. If they weren't clear, I added additional instruction.

I'm not going to make excuses for EC-Council but I'm sorry to hear of your troubles. That's the reason why I reviewed those manuals in the first place - to ensure stuff like this didn't happen.