Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
April 2013 Free Giveaway Sponsor - eLearnSecurity
Human Intelligence to Navigate the Security Data Deluge
February 2013 Free Giveaway Winner of SANS CyberCon Training
Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Network Forensics: The Tree in the Forest
March 2013 Free Giveaway Sponsor - Mile2
Book Review: Violent Python
February 2013 Free Giveaway Sponsor - SANS
Holiday 2012 Free Giveaway Winner of Metasploit Pro by Rapid7
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
The Security Consulting Sugar High
Tutorial: Fun with SMB on the Command Line
Interview: Ilia Kolochenko, CEO of High-Tech Bridge
October 2012 Free Giveaway Winner of LearningGate Training
The Broken: Assessing Corporate Security in 2012 to Make a Better 2013
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 36 guests and 1 member online
Free Business and Tech Magazines and eBooks
You are here:
Home
Ethical Hacking Discussions and Related Certifications
Network Pen Testing
CEH - Certified Ethical Hacker
CEH Bootcamp Review - by a new guy on the block
EH-Net
May 26, 2013, 12:41:22 AM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Go back to The Ethical Hacker Network Online Magazine
Home Page
Home
Help
Calendar
Login
Register
EH-Net
>
Ethical Hacking Discussions and Related Certifications
>
Network Pen Testing
>
CEH - Certified Ethical Hacker
(Moderator:
don
) >
CEH Bootcamp Review - by a new guy on the block
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: CEH Bootcamp Review - by a new guy on the block (Read 11454 times)
0 Members and 1 Guest are viewing this topic.
Fenris
Guest
CEH Bootcamp Review - by a new guy on the block
«
on:
July 03, 2006, 09:31:16 AM »
Hey everyone.
Brand new to the board, just thought I would drop a note to say "hola". I met Don last week at our CEH training in Chicago (had a dinner or two, and several laughs with him) and he pointed me, well, savagely rubber hose whipped me, until I signed up on the board.
Just thought I would drop off a quick review of the Training for the CEH that I just completed, since there seems to be some interest on the boards, and lots of new folks with queries.
It was a 5 day bootcamp, and I went into it in total Lockdown mode for preparation, shutting off cell phone, setting up the out of office responder, etc - totally shutting myself off from the outside world.
Our class was fairly big, 14 or so with people ranging from longtime security folks, system admins, technicians, and complete newbies to infosec. Our instructor was a fellow who had authored a few books, had a good sense of humor, and really seemed to know his stuff. Possibly not as lively as some folks would have wished, but I found him similar to many of my college professors, so felt comfortable with him. His Starbucks wore off at around 3:00 and that was a bit visible, and a bit humorous I felt.
Now on to the real stuff -
The coursework was pretty good. The module order was adjusted by the group doing the training, and at the end of the day, I liked their layout better (details on order available on request).
The instructor did a very good job (IMO) of laying out the way that a given process was designed to work and how it functions, then he explained why that may be vulnerable, how it was exploited in the field, and gave us a listing of tools that did just that, wash, rinse, repeat for other modules. Kudos for the instructor. I didnt talk to anyone that did not feel adequately ready to take the exam Friday morning.
The material itself I found to be just a bit dated. Part of this is understandable, because the major classifications of attacks havent really changed, but the tools and attacks discussed were often near obsolete. During the section on Scanning and Enumeration, we were bombarded with various tools, until our eyes were crossed. There are apparently somewhere in the neighborhood of 505,326 scanners, and I think they are ALL in my notes.
My immediate recommendation would be to update the material, remove some of the exploits that only work with Windows 1984, and cut back on the volume of tools used, and shuffle the modules around to a more logical flow.
The Test:
I thought the test was a fair evaluation of the material. The specificity of the questions (lots of Nmap and ettercap switch questions, SQL Injection verbage, etc) made sure that you were familar with some of the more critical tools. The situational questions did a pretty good job of ensuring that you are aware of how the attacks were supposed to function. I had several "analyze this packet" questions as well, which I thought was also a pretty good assessment judge. Tools, as in the class, were very heavily represented on the test. Tons of "pick up to 4 of the folllowing" questions were on my test as well. (aside, I HATE those questions, give me a specific number please, some of those tools are multicapable, but arent really good at doing the job referenced - rant over). IMO, the test required some good prepwork. I wouldnt have wanted to take that test cold or merely after reviewing the books.
Compared to a SANS course, the material was fairly close in level of detail. The test questions were IMO a bit tougher, and the fact that it was closed book added an extra layer of pressure on top of that.
The company that put on our Boot Camp was "The Training Camp" (hope its legal to give that info) and I think they did a pretty good job - though the hotel was a bit spotty - (may have been the renovations though).
All in all it was a positive experience, and I picked up lots of great tools, some good insight, and some methodologies that will make my security testing better.
Thanks for paying attention (and if you didnt, well - nyah nyah nyah)
Fenris
Logged
don
Editor-In-Chief
Administrator
Hero Member
Offline
Posts: 4169
Editor-In-Chief
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #1 on:
July 03, 2006, 11:07:40 AM »
See... that wasn't so hard. More participation like that and you are bound to hit upon some of our great monthly giveaways!
In all seriousness, thanks for becoming a member, and we all look forward to hearing more from you.
Don
Logged
CISSP, MCSE, CSTA, Security+ SME
charlottebandit
Newbie
Offline
Posts: 49
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #2 on:
July 03, 2006, 12:31:15 PM »
Welcome.
Glad you two met up & enjoyed the class.
How were the labs? What time did you guys normally stay there 'till?
Have you guys considered adv. ethical hacking classes (CEPT, CPTE, ECSA/LPT)?
- charlottebandit
*I'm reading my CF text for the CHFI class on 7/17. After that, I'm not sure if I'm going to be able to sit in on the CPTE class in Dallas on 7/31. We'll see.
«
Last Edit: July 03, 2006, 12:36:15 PM by charlottebandit
»
Logged
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
Fenris
Guest
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #3 on:
July 03, 2006, 02:20:59 PM »
The labs were pretty good, I thought the SQL injection lab left a bit to be desired. My favorite labs were actually the File Transversal labs dealing with WebSites. My ONLY issue is that well, once the exploits started, the that genie wouldnt crawl back in the bottle, and having folks tag your test box repeatedly while trying to take notes was a bit tiresome. I put Trojan Hunter on the PC, and that thing was going off every 20 minutes with folks seeing what it would catch and what it wouldn't. (Note - NEVER EVER plug a PC that you care about into the lab at a CEH class)
Regarding the time, we usually did Labs up until 6ish, and then some review, rather than having a dinner break and coming back.
After we left, I found that I would do further reviews for about 1-2 hrs afterwards. I am a firm believer that if you want to breeze through the tests, you have to put in the effort, and I didnt find the test to be a backbreaker (but it wasnt particularly easy either, I was just prepared for it)
I am completely interested in further certs in the field. Im currently evaluating (or Im planning on using this site to evaluate) what all certs would benefit me the most going forward. I will keep you gents posted on my plans moving forward.
Logged
smittyb
Newbie
Offline
Posts: 8
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #4 on:
July 06, 2006, 07:47:53 AM »
Hello. Another newbie to the site. I didn't go through a boot camp for my prep but the idea sounds like an ideal way of preparing for the test. I studied many hours and passed my test on 6/28. I have another class at the end of this month for CHFI. In October, I'll be taking the CPTS class.
I've been a silent reader of the site and it helped me with other resources to prepare for the test.
I've been in security for about 2 1/2 years and enjoy it very much. In 2004 I was able to attend a SANS confernece and I'm going to try and get another one approved for next year. That was my first exposure to Ed Skoudis and his books are a great tool to learn from and his sense of humor is just fantastic. My goal is to take his class that he teaches for SANS.
Thanks for the information that helped me prepare myself for the test and I will continue to be active on this board.
Logged
mctoffer
Newbie
Offline
Posts: 12
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #5 on:
July 06, 2006, 11:24:39 PM »
I enrolled also on a CEH bootcamp.. i consider this as my jumpstart on security....
Logged
MCP, CCNA, CEH
don
Editor-In-Chief
Administrator
Hero Member
Offline
Posts: 4169
Editor-In-Chief
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #6 on:
July 07, 2006, 11:26:14 AM »
CEH is an interesting place to 'start.' If asked, I would recommend that people start with CompTIA's Security+. It is more of an overview of the entire security field. CEH is more technical and focuses on a subset of the security field. If you can do it, more power to you. I didn't find either exam to be difficult, but as Fenris stated above, preparation (including experience) is a vital ingrediant of an 'easy' exam.
Hope this helps,
Don
Logged
CISSP, MCSE, CSTA, Security+ SME
smittyb
Newbie
Offline
Posts: 8
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #7 on:
July 07, 2006, 02:01:49 PM »
I totally agree with you Don. I took the CEH exam first. I'm going to get the Security + next. Wish I would of done it in reverse order.
Logged
Oyle
Sr. Member
Offline
Posts: 264
"Man. Nature. Technology".
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #8 on:
July 07, 2006, 06:43:51 PM »
But did Ferris pass the exam? he ddin't say. if he did, I must've missed it.
Ferris, did you have the question on URL Deobfuscation? I passed exam in DEC 04, and it was on my exam, and not covered in class.....
Logged
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".
From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
-Tapeworm
Sniganoo
Newbie
Offline
Posts: 13
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #9 on:
July 10, 2006, 10:00:41 AM »
Now I feel like I should be doing the Bootcamp in preparation for the test. For now I have been using books, online info and tools to prepare. Glad you are all progressing with this.
Logged
Dengar13
Sr. Member
Offline
Posts: 380
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #10 on:
July 10, 2006, 10:29:11 AM »
Quote from: Sniganoo on July 10, 2006, 10:00:41 AM
Now I feel like I should be doing the Bootcamp in preparation for the test. For now I have been using books, online info and tools to prepare. Glad you are all progressing with this.
I passed the way you are currently studying. I didn't go to the class, but wish I had. You can pass via the self-study route if you put the work into it.
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Fenris
Guest
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #11 on:
July 10, 2006, 10:43:40 AM »
I had 2 url obfuscation questions on the exam.
The Training Camp gave us pre-requesite readings, and there were 2 pretty darn good 1 page summaries in them, that broke down the method a couple of ways.
I had a minor issue with the test questions as given in that the answer didnt require you to do ALL of the math to figure it out. You decode the first octet, and thats all thats needed to get the answer.
I would have preferred going down at least 1 other level.
Regarding the other ideas, I took 2 sample tests prior to the bootcamp and passed them both (but not by much). The bootcamp let me focus entirely on the material at hand with no distractions, and I learned the material MUCH better.
The end goal is having a good knowlege of the material, and the ability to apply it, and I personally think that the bootcamps will help you get there better than just reading the material, but YMMV.
(and yes, I passed)
Logged
Oyle
Sr. Member
Offline
Posts: 264
"Man. Nature. Technology".
Re: CEH Bootcamp Review - by a new guy on the block
«
Reply #12 on:
July 10, 2006, 06:11:44 PM »
Well, Congrats.
Yeah, we didn't even cover URL De-obfuscation in class, but there is a GREAT 10 page website that explains it all. Were you aware of it? The test allows you to use Calculator, that made it one of the easiest questions to answer.
Find out about URL Deobfuscation at
http://www.pc-help.org/obscure.htm
«
Last Edit: July 10, 2006, 06:15:05 PM by Oyle
»
Logged
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".
From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
-Tapeworm
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009s
=> Ethical Hacktivism
=> News Items and General Discussion About EH-Net
===> Greetings
=> Special Events
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> General Certification
===> Networking
===> OS
===> Security
=> Compliance, Regulations & Standards
=> Control Systems
=> Cyber Warfare
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
===> EnCE - EnCase® Certified Examiner
===> GCFA - GIAC Certified Forensics Analyst
=> Hardware
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Malware
===> Advisories
=> Mobile
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
===> CPTC - Certified Penetration Testing Consultant
===> CPTE - Certified Penetration Testing Engineer
===> CSTA - Certified Security Testing Associate
===> eCPPT - eLearnSecurity Certified Professional Penetration Tester
===> ECSA - EC-Council Certified Security Analyst
===> GPEN - GIAC Certified Penetration Tester
===> OSCP - Offensive Security Certified Professional
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Andress
=> Gates
=> Haddix
=> Hadnagy
=> Heffner
=> Hoffman
=> Linn
=> RichM
=> Murray
=> J. Peltier
=> Weidman
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
===> Feb 2009 - Brady Bunch Boondoggle
===> July 2009 - Prison Break
===> October 2009 - SSHliders
===> December 2009 - Miracle on Thirty-Hack Street
===> December 2010 - The Nightmare Before Charlie Browns Christmas
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
===> Tutorial Requests
Loading...
Exclusive Deal
SANSFIRE 2013
June 15 - 22
5% Off
w/ Code
:
EHN_5
SANS Deals 4 EH-Netters
5% OFF
Any
SANS Course
in Any Format!
Coupon Code:
EHN_5
Including
SANS Rocky Mountain 2013
&
SANS Boston 2013
Polls
Compared to this year, 2013 will be:
Great!
Better.
About the same.
Little worse.
FUBAR!
Recent Forum Topics
OSCP - Offensive Security Certified Professional
: Failed my first attempt at the OSCP exam
(95) by
zeebee
News Items and General Discussion About EH-Net
: Change is Coming to EH-Net!!
(30) by
don
Tools
: Symbolic Exploit Assistant project is looking for collaborators
(0) by
galapag0
Greetings
: Hi from the UK
(5) by
prats84
GCIH - GIAC Certified Incident Handler
: Passed my GCIH
(9) by
prats84
Network Pen Testing
: Want a challenge? Want a GXPN practice exam?
(0) by
ajohnson
GCIH - GIAC Certified Incident Handler
: GCIH Free Practice test attempt
(1) by
prats84
EH-Net News Feeds
Latest Additions
Privacy Notice
for TDCC & All Properties
© 2013 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.