I dont think CEH requires to have knowledge of scripting or else . It focuses more on tools , You can get CEH book under 30 USD from amazon.com ( dont forget to read reviews of that before purchasing it ) . And as an starting point I think it would be a good idea , other then that do check out the tutorial section of EH which contains links to free logical security CEH videos .

Hi SephStorm, I read Kimberly Graves 2010 edition from Sybex, it's good, but doesn't seem to cover enough or go into depth, however the companion cd comes with a great test engine and flash cards.

The asbolute best resourse I've seen out there (which is very pricey) is Wayne Burke's video course, it's certified by the EC-Council, but like $1600 or so.  I got to watch some that a friend of a friend had purchased and it's absolutely amazing.  He goes so in depth way beyond just the CEH.

I do know that you need to know how to read and understand certain types of scripting, such as they show you a SQL Injection vulnerability or something similar that requires some programming knowledge to understand.  Not in depth by any means, but you have to know what you'll get from that output. I'd check out eLearnSecurity's free SQL module.

I have the certificationflashcardsonline, by Shon Harris for $18 and they are 300 questions that are very very good.  You can access from your mobile phone or wherever since it's web based login.  The answers to the Q's go into a lot of depth as to whatever tool or subject they are talking about, that it seems like almost a book in itself...


The CEH Study Guide by Kimberly Graves cost me $60... Yes I do Amazon, but had a BnN gift card... I wanna get rid of, mint.. Let me know if you're interested, I can seel it back to Amazon for like $12...

If not breaking any laws/ rules I could give you access to my online certificationflashcards, so you can get a little taste if you like.

The DVDs, which are included in the official courseware, don't include any lab setup, iirc, just the tools, pdf's, etc.

Yeah, I had never heard of Wayne Burke before, but I must say his Career Academy stuff is pretty impressive in scope.  I'll have to look up what else Burke has done..

Well, I did say I would chronicle my progress, so a rundown of this week.

I started studying this week, and one of my primary resourses is the Graves study guide. I read chapters 1 & 2, and started on chapter 3. As always, it is amazing reading information on the information gathering stage of hacking, as you can see just what information is out there about your orginization, and sometimes, you yourself.

I don't think I have any major problems with this section except that I really didnt have a hard target to test, while technicly I can use any company for this phase, and indeed I used ARIN and whois to lookup a few, I feel that ultimatly you are gathering this info to prepare an attack, and I have no intention of hacking any of these companies (unless they pay me for it. ; ). I also looked at Hacking Exposed vol6, the corresponding chapter, but it went, I think, overboard for my purposes. Excellent for use when actually using against a target, not so much I think for study?

Chapter 3 is the Scanning and enumeration section. I am only part way through this section, but I decided to throw up some practical excercise here. I used the Heorot.net De-ICE live cd 100.1. Now this "lab" has only limited usefulness because it is designed, I think, with a specific purpose in mind. on purpose, it is not "metasploitable" and certain things have been "broken" to add a touch of difficulty.

So after setting up my lab as decribed in the forum post on Heorot, I started my test. I am most familiar with NMAP, so I fired it up and took a swing. (FYI, I have done the scenario before, but I acted, for the most part as if I had not. Besides, I had forgotten many parts.) I attempted to practice the scenario with a touch of realisim, so first I preformed a scan to see if the host was online, followed by a scan, with the timing set to 3 as an attempt at staying a quiet as possible. I descoved several open ports, and preformed version detection on them. (again, I think the CD comes into account here, but I know its part of the methodology.)

At this point, I had my first real question, how does a beginner know where to go from here? From my previous experience, I knew what port to look at first. A year ago, I didnt. So how would I know what ports to look at and how to attack them?

An any case, I continued the 100.1 excercise up until the priviledge escalation portion, because I was using a different version of BT, that didnt have the needed password list to complete the excercise, and I sure as heck didn't remember it. But one thing I made sure to do was look at the tools presented for each purpose. NMAP and Hydra (cmd-line) were the ones I used. I was unfamiliar with Hydra, so I looked it up. I used the instructions given by the tool to perform the excersise, I did a YT search, but the video I looked at used the GUI option, which doesnt really help you learn much I dont think...

anyway, today I want to finish Chapter 3 and perhaps move on to Chapter 4. We'll see what the day brings... It is my birthday after all... Which begs a question... If youre born in the US, and you are aroundd the world on your birthday, should you celebrate it on the day in the timezone you are in, or when it is actually your brthday in the states? ....

lol, if you have my address, youre a better hacker than I am

Hey and who says I'm not a better hacker than you, just cuz I don't post your SS # on forums... JK of of course