Hey everyone.

Brand new to the board, just thought I would drop a note to say "hola".   I met Don last week at our CEH training in Chicago (had a dinner or two, and several laughs with him) and he pointed me, well, savagely rubber hose whipped me, until I signed up on the board.   

Just thought I would drop off a quick review of the Training for the CEH that I just completed, since there seems to be some interest on the boards, and lots of new folks with queries.

It was a 5 day bootcamp, and I went into it in total Lockdown mode for preparation, shutting off cell phone, setting up the out of office responder, etc - totally shutting myself off from the outside world.

Our class was fairly big, 14 or so with people ranging from longtime security folks, system admins, technicians, and complete newbies to infosec.   Our instructor was a fellow who had authored a few books, had a good sense of humor, and really seemed to know his stuff.  Possibly not as lively as some folks would have wished, but I found him similar to many of my college professors, so felt comfortable with him.  His Starbucks wore off at around 3:00 and that was a bit visible, and a bit humorous I felt.

Now on to the real stuff -

The coursework was pretty good.  The module order was adjusted by the group doing the training, and at the end of the day, I liked their layout better (details on order available on request).

The instructor did a very good job (IMO) of laying out the way that a given process was designed to work and how it functions, then he explained why that may be vulnerable, how it was exploited in the field, and gave us a listing of tools that did just that, wash, rinse, repeat for other modules.  Kudos for the instructor.  I didnt talk to anyone that did not feel adequately ready to take the exam Friday morning.

The material itself I found to be just a bit dated.  Part of this is understandable, because the major classifications of attacks havent really changed, but the tools and attacks discussed were often near obsolete.  During the section on Scanning and Enumeration, we were bombarded with various tools, until our eyes were crossed.  There are apparently somewhere in the neighborhood of 505,326 scanners, and I think they are ALL in my notes. 

My immediate recommendation would be to update the material, remove some of the exploits that only work with Windows 1984, and cut back on the volume of tools used, and shuffle the modules around to a more logical flow.


The Test:
I thought the test was a fair evaluation of the material.  The specificity of the questions (lots of Nmap and ettercap switch questions, SQL Injection verbage, etc) made sure that you were familar with some of the more critical tools.  The situational questions did a pretty good job of ensuring that you are aware of how the attacks were supposed to function.  I had several "analyze this packet" questions as well, which I thought was also a pretty good assessment judge.  Tools, as in the class, were very heavily represented on the test. Tons of "pick up to 4 of the folllowing" questions were on my test as well.  (aside, I HATE those questions, give me a specific number please, some of those tools are multicapable, but arent really good at doing the job referenced - rant over).  IMO, the test required some good prepwork.  I wouldnt have wanted to take that test cold or merely after reviewing the books.

Compared to a SANS course, the material was fairly close in level of detail.  The test questions were IMO a bit tougher, and the fact that it was closed book added an extra layer of pressure on top of that.   

The company that put on our Boot Camp was "The Training Camp" (hope its legal to give that info) and I think they did a pretty good job - though the hotel was a bit spotty - (may have been the renovations though). 

All in all it was a positive experience, and I picked up lots of great tools, some good insight, and some methodologies that will make my security testing better.

Thanks for paying attention (and if you didnt, well - nyah nyah nyah)

Fenris

Welcome.

Glad you two met up & enjoyed the class. 

How were the labs?  What time did you guys normally stay there 'till?

Have you guys considered adv. ethical hacking classes (CEPT, CPTE, ECSA/LPT)?


- charlottebandit

*I'm reading my CF text for the CHFI class on 7/17.  After that, I'm not sure if I'm going to be able to sit in on the CPTE class in Dallas on 7/31.  We'll see. 

Hello.  Another newbie to the site.  I didn't go through a boot camp for my prep but the idea sounds like an ideal way of preparing for the test.  I studied many hours and passed my test on 6/28.  I have another class at the end of this month for CHFI.  In October, I'll be taking the CPTS class. 

I've been a silent reader of the site and it helped me with other resources to prepare for the test. 

I've been in security for about 2 1/2 years and enjoy it very much.  In 2004 I was able to attend a SANS confernece and I'm going to try and get another one approved for next year.  That was my first exposure to Ed Skoudis and his books are a great tool to learn from and his sense of humor is just fantastic.  My goal is to take his class that he teaches for SANS. 

Thanks for the information that helped me prepare myself for the test and I will continue to be active on this board. 

CEH is an interesting place to 'start.' If asked, I would recommend that people start with CompTIA's Security+. It is more of an overview of the entire security field. CEH is more technical and focuses on a subset of the security field. If you can do it, more power to you. I didn't find either exam to be difficult, but as Fenris stated above, preparation (including experience) is a vital ingrediant of an 'easy' exam.

Hope this helps,
Don

But did Ferris pass the exam? he ddin't say. if he did, I must've missed it.
Ferris, did you have the question on URL Deobfuscation? I passed exam in DEC 04, and it was on my exam, and not covered in class.....
 

I passed the way you are currently studying.  I didn't go to the class,  but wish I had.  You can pass via the self-study route if you put the work into it.

Well, Congrats.

Yeah, we didn't even cover URL De-obfuscation in class, but there is a GREAT 10 page website that explains it all. Were you aware of it? The test allows you to use Calculator, that made it one of the easiest questions to answer.

Find out about URL Deobfuscation at http://www.pc-help.org/obscure.htm