CEH v7 Review

Viewing 22 reply threads
  • Author
    Posts
    • #6213
      hayabusa
      Participant

      So, after the weekend wait, here’s my review:

      CEH version 7

      I was excited when EC-Council announced that I was being awarded one of their ‘scholarship’ spots, for the Global Launch of CEH version 7.  Having passed my CEH, originally, 6 or 7 years ago, I was looking forward to seeing what had changed with the training, and welcomed the opportunity to collaborate with other professionals, who would be attending the class with me.  To me, the professional connections that are built, and the camaraderie that is shared among students, is often the ‘icing on the cake,’ when given the chance to sit in a bootcamp.

      *** Note – as you read this, remember that this was a ‘First run’ / pilot of the class, and is designed to help work out the bugs, typos in the manuals, etc, so that as I mention some of these things, below, they were semi-expected, going in.  All in all, I think EC-Council did a good job with the course materials and the instructor for our class was as prepared as he could have been, without having been given a lot of time with the materials, prior to our class.  That said, I think more time could have been focused, for those who attended solely for certification, on exam prep materials, as in honesty, had I not already had experience in this realm, nor been CEH-certified in the past, I don’t know that I would have felt prepared for the exam, at the end, based on the questions I had on my exam, versus what we covered in class.

      Anyway, without further adieu, on to the actual course / bootcamp.

      Day 1

      The first day opened with the usual introductions, the instructor giving background about themselves, and the students doing the same.  Our class was pretty small, only about 10 of us.  Of those in the class, not counting myself, we had one guy (a developer) who’d previously sat for CEH v6 class, but hadn’t tested at the end, another developer, some IT / security folks from medical organizations, an IT Security professional from the IRS, and a student / IT security lab worker, from a college.  

      (*** Author’s note- Additionally, we were told that our hours for the class were 9 AM to 4 PM, with a one-hour lunch, each day, and that the labs would be open from 8 AM to 5 PM, should anyone be a little early, or want to spend some extra time in there, after class.  In this case, this was a drawback, for me, from my original CEH, in that at my original bootcamp, we had access to the facilities, 24 hours-a-day, for the entire week, and the instructor also stayed late, most evenings, even throwing a “capture the flag” exercise and such in, to give us added practice with tools and techniques.  While I know that original training provider was going above and beyond with that practice, there was much to be said for the experience, and so this one was a bit of a different feel, and relied, much more specifically, solely on EC-Council’s books and lab.)

      We cracked open the courseware, and quickly surveyed the materials.  Of obvious note / mention was the fact that the course / lab manuals consist of  roughly 1426 pages of slides, with exercises mixed in, followed by 84 pages of reference URL’s, sorted by slide reference from the book, for the student to be able to go out and dig for further, deeper information on their own time.

      Next, the instructor introduced us to the lab machines.  Each student had a lab machine loaded up with Windows Server 2008, and a handful of Hyper-V virtual machines.  The VM’s were setup for BackTrack 4 r2, Windows XP SP1 (unpatched), Windows 7 and Windows Server 2003.  All of the guests were supposed to have been minimally patched, although, as we found out in later exercises, most of them were patched current, and some of the labs (Metasploit) failed to work.  More on that, later.  The instructor took us through the first couple of modules – “Introduction to Ethical Hacking” and “Footprinting and Reconnaissance” – and we got part of the way through module 3, “Scanning Networks,” before we left for the day.

      Day 2

      The second day brought us into more of the hands-on aspect of the class, as we began with the labs from module 3.  The labs here worked fine, and the instructor gave some tips from his experience, as well as taking feedback from myself and others in the class, with regards to how we use some of the tools, etc.  This was one thing that I think this instructor did well, in that, not only did he try to bring in his personal experiences, but he opened up the floor and we had some good discussions, with regards to each of the modules, without spending so much time on them as to take away from the flow of the course.

      We proceeded into modules 4, 5, and 6 – “Enumeration”, “System Hacking” and “Trojans and Backdoors” – spending roughly 20 minutes of lab time, for each.  Due to the fairly substantial number of labs for each module, there simply wasn’t enough time to go through all the labs in each section, and in all honesty, I think that was a good thing, in that many of the labs were simply showing that a task could be accomplished with multiple tools.  While that is valuable to know, in a real pentest, for the sake of a bootcamp environment, it isn’t conducive to time management, and would’ve greatly slowed things down.  So, typically, we’d do two or three of the five to eight exercises for each module, and everyone seemed in agreement that it was for the best.

      Before the day ended, we wrapped up with module 7, “Viruses and Worms.”  Here, the class kind of slowed down for the night, as things were wrapping up, and we had to spend some extra time, getting tools to work with.  The instructor had copied the 5 DVD’s from the courseware to the 2008 host, but many of the tools were missing from the target directories, either because they weren’t actually ON the source DVD’s, or because antivirus was installed, and removed them from the destination.  So a few of us had to quickly track them down, put them on the class’ publicly-available share, and let everyone pull from there.  By this time, most of the students were ready to head out, for the evening, so some folks quickly did the labs, while others saved them for the next morning.

      Days 3 and 4

      The third and fourth days took the class from module 8, through the middle of module 14 – “Sniffers,” “Social Engineering” (which he only briefly touched on in class,) “Denial-of-Service,” Session Hijacking,” Hacking Web Servers,” Hacking Web Applications” and “SQL Injection.”

      The material was good, however, one residual note (agreed upon by all in the class) was that there could’ve been more written information, rather than just slides.  While the slides held a lot of data, there were so many of them that we often had to skip sections, or touch them so quickly that the information didn’t sink in, as it could have, had there been more information provided to us.  So along with other feedback, we asked our instructor to provide that to EC-Council, too.

      Again, there were some lab issues here, specifically for missing tools on the host, a patched server not allowing the lab exploit to work for Metasploit, and some missing configurations of SQL and IIS on the host 2008 server, which stopped the SQL injection lab in its tracks.  I quickly pointed out, for the sake of ‘seeing Metasploit in action’ (which was the goal of one exercise,) that the XP VM wasn’t patched, and the class could hit it with the always handy DCOM exploit, and the students came back to do that, after the class moved on to the next module, to keep the class progressing.  The IRS guy and I then went about finding and fixing the misconfigurations, and the two of us were able to successfully complete the labs, with some of the students watching, so they could see / understand the concepts.

      We closed out the day with a very brief discussion about module 15, “Hacking Wireless Networks,” and carried the discussion into Day 5.

      Day 5

      Day 5 began with a brief synopsis from the end of the previous day, and we quickly went into the final 4 modules (16 – 19) – “Evading IDS, Firewalls and Honeypots,” Buffer Overflows,” “Cryptography”  and “Penetration Testing.”  While all of the information in the slides for these was useful, it became clear that we were going to fly through with high-level overviews on most of the day’s information, as the exam was scheduled for those who wanted to take it, from 1 PM onward.  The exam is 4 hours in duration, if you need the entire time, so they wanted to ensure, for those commuting or traveling home, that they’d have ample time and opportunity to test for the certification by the end of the day.

      The exercises, which we had time to look at, were OK, for most of these modules.  However, those of us who already understood the concept and usage of Buffer Overflows were a bit underwhelmed by the exercise for that module.  While it gave a very brief look at how the overflow worked, by pointing out the return address, clearly, from the compiled source code, it wasn’t as realistic, as the program literally was designed to run the given module (for instance /bin/sh) that was passed from the command line, rather than showing that it could be run, simply by overflowing a buffer and changing EIP, etc, to point to your code.  So again, while it did demonstrate a very basic overflow, it was highly unrealistic, and really didn’t serve to show how it might work, in real-life.  So I think that’s one exercise that might be worth an extra revision / rewrite, or if it stands as is, over time, will require the student to do much more self-study on, after the class.

      The final module, “Penetration Testing,” was an overall follow-up and piecing together of information from days one through five.  It explained, once again, the differences between the types of pentests (White Box, Grey Box, Black Box,) differences between vulnerability assessments and pentests, and legalilties, etc.  It went back through the phases of a pentest, as defined by CEH, and how to progress through them.  And it emphasized the need for pentesting, the ROI involved, and the value of having properly trained folks doing the work.

      Finally, before lunch (and the exam, for those who stayed to take it,) the instructor discussed Frankenstein, EC-Council’s new tool and data repository for CEH’s, to be able to find tools and other useful information from a ‘trusted source,’ rather than taking a chance and finding someone else’s ‘weaponized’ tools, out on the public internet.

      Summary

      All in all, for those wanting to begin a career in pentesting, the CEH is a good starting point.  While it focuses more on methodology and legalities, it dabbles enough into tools to help someone begin to understand the concepts necessary to ‘continue’ to learn, and to know what they need to study, further, should they want to progress as a professional pentester.  The material in version 7 showed many more tools, and gave a lot more references to back them up, but the overall experience wasn’t as nice, IMHO, as my original CEH, due to less ability to exercise and practice in the labs, as well as, again, the focus on slides on the books, and less actual ‘description’ to back them up.  

      So my penultimate review – for beginning security folks, 8 of 10 stars.  By itself, it won’t make you a pentester, but it will certainly guide you, as you begin, and would be a worthwhile beginning to launch your career.  For seasoned vets, if you’re looking for the certification, or to renew it, and have the experience, already, it’ll suffice to pass and earn the cert.  But if you’re looking for something groundbreaking, or that will challenge your thinking and show you a lot of new material, I don’t think it’ll give you much of a rise.

    • #38812
      BillV
      Participant

      Nice in-depth review, hayabusa, thanks!

      It doesn’t seem as though it came across as “revolutionary” as it was made out to be. Did they end up getting the courseware printed in color? I thought they said they cut down the amount of tools and were only focusing on a very select few in each module. Was that not the case? And what about the pen-testing parts? As I understood it before, each module was supposed to include some penetration testing steps.

      It sounds as if they missed the mark.

    • #38813
      hayabusa
      Participant

      I guess it depends on the person doing the review, BillV.  Definitely understand, my review wasn’t meant to be negative, at all.  Purely objective, and based on my specific experience in the class, last week.  Like I said, I went in knowing that it was a pilot, and that you always find typos (we did) and glitches in labs, etc (we did.)  And as with any new or revised curriculum, you have to take an objective look, and base it on your own experiences.  So for some, it might be perfect.  For others, not so.  For me (and echoing the others in my class) it was good, but still could’ve used some work.  This particularly held true with regards to a week-long bootcamp situation.  If it were lengthened, or given as a longer class at a tech school, college, or whatever, where more time could be spent, and closer analysis given to each piece, I think it’d be easier to digest.  We all know bootcamps are intense study, so you go in, expecting, but it’s definitely a LOT in a short time.

      As for courseware, yes, it was in color.  So it was eye-catching, and made things easy to digest, from a purely visual standpoint.  Two thumbs up for that. 

      And they might’ve cut down the tools some from previous revisions of the courseware (recall, I hadn’t seen CEH courseware in 6-7 years.)  It certainly was MORE than I’d seen in there, previously, and the instructor DID hint that they’d cut it back some, so perhaps it was.  (Can’t imagine how bad it was in CEH v6, then… wow!)  But, IMHO, it was still too much focus (during lab segments) on multiple tools, and less on the focusing on the underlying ‘concepts’ BEHIND the lab.  My fellow classmates seemed to agree.  Biggest thing is, when you have VERY limited time to do the labs, you often have to hurry so much, to get through them, that you really don’t get a GOOD understanding of what you’ve just done.

      Just seemed like more of the ‘do this and you get this output’ scenarios, but less of the overall time and good understanding of what / why it was accomplished, still, by the way it was put together, with multiple tools / labs.  So if they did cut it back, perhaps, they could still afford to cut it back, some more.  (Note, again, I KNOW the intent is for the students to study at night, and on their own time, too, so I’m NOT saying it was all bad.  Just that, at least for a bootcamp scenario, it didn’t seem to work as well, for our class.) 

      Some sections weren’t bad, in this regard, but some were still too much.  One example of ‘too much’ were the labs on Cryptography.  While they were OK, it just seemed like overkill.  I can say, with total confidence, that for most modules, we were lucky if we did 2-3 of the 5-6 labs for the given module, based on time, and at least SOME redundancy.

      As for breaking it down with each module covering some penetration testing steps, in the labs, though… They did give brief explanation of the tool(s) in use, and what it / they did, in relation to a pentest, and based on the fact that the modules were broken down as they were, it kind of goes along with that idea.  I think they did a decent job improving that piece.  I’d probably give that effort a ‘thumbs up.’

      For example, a short quote (taken from a few of the labs in the course, on “System Hacking,”) where they clarify what’s being worked on in this section of labs:

      *****
      “To be an expert Ethical Hacker and Penetration Tester, you must have a sound knowledge of Footprinting, scanning and enumeration.  This process requires an active connection to the machine being attacked.  A hacker enumerates applications and banners in addition to identifying user accounts and shared resources.

      You should also have knowledge on gaining access, escalating privileges, executing applications, hiding files, and covering tracks.”
      *****

      So they explain what / why, although I still think this could’ve been improved upon.  For instance, they give some description about hping3, as well, and what it is / is used for.  But, for instance, rarely are any tools / labs chained together enough to really show you the benefit of the tools, in even a semi-realistic scenario.  So it’s better, but not best, yet…

      Also, to quote a point from a classmate (and the instructor,) with all the slides, they really didn’t leave much room for footnotes and such (barely any, at all,) if you wanted to ‘mark up’ your books, to study from.  The provider handed out legal pads for us to use, which was a nice gesture, and suited the purpose.  Just that it was kind of awkward not being able to easily find / reference specific information, amongst the multitude of slides.  Most of what I did, was start a page for a module (ie – Module 1) and then, if I spotted a slide I wanted to review, at night, put down a note to the slide number.  Very little of what I noted in my notes was more than slide numbers, as the course progressed so quickly, there just wasn’t time.  Alternatively, had there been at least a LITTLE more room on the pages, it would’ve consolidated the notes WITH the material, and make it easier for followup study.  (My opinion, take it as you will.  ;-))

      I could be dead wrong, or biased in my perspectives (having been through other advanced courses, etc, I realize I might be tainted,) and believe, me, as I’d noted in my review, for someone starting into pentesting, I still feel it’s great material.  Just that, to me (and those in my class all tended to agree, MOST of whom were relatively new on the security / pentesting scene) things still seemed too ‘rushed’, and again, even if it was pared down, we skipped a lot of labs, for sake of time, simply because the instructor felt they were a detraction and couldn’t be pursued and accomplished in the course of the class time, and I’d have to agree.  For a newcomer to get through the materials presented, in a week, with that much thrown into a short time span, it would be very difficult, I think, to retain and grasp knowledge to pass the certification, if you planned to take it immediately after the course ended.

      I’m all for the cert, and am still a supporter, for those new to pentesting and IT security, in general.  I just think that, for anyone needing to re-certify, or for those already heavily involved with this sort of work, day-to-day, it did miss the mark a bit, at least, to me, as from what I’d seen / heard, I honestly expected more.  Is that wrong?  Perhaps, as again, everyone’s objective opinions will differ.  And I don’t frown on EC or the cert at all.  I fully support it.  Just didn’t seem all that grandiose or “revolutionary” in comparison to what I’d taken before, as you put it, BillV.

      Would I take it again?  As a supporter of EC-Council and the CEH, sure.  It IS a good cert, and is a good baseline, worth having as a security professional / pentester.  But would I even begin to compare it as a fantastic change from the previous materials I’d studied from… nah.

      (My opinion… others may vary widely)  😉

    • #38814
      nikmidu
      Participant

      Thanks for the review… but it makes me feel like I was attending another v7 launch in a different planet…

      How do I bring this to the notice of Ec-council ?

    • #38815
      hayabusa
      Participant

      Can you explain?  What is it you want to discuss with EC?  BillV has connections in there, and might be able to point you in the right direction.

    • #38816
      nikmidu
      Participant

      @hayabusa wrote:

      Can you explain?  What is it you want to discuss with EC?  BillV has connections in there, and might be able to point you in the right direction.

      First I want to be sure on who picked the launch class candidates. ATC told me it was Eccouncil. Only one candidate showed up,so ATC had to call 3 others who registered (via the site) to make up the class ( this is their own version of the story) – No clear communication coming from Eccouncil.

      Seems the launch class finally held at the insistence of Eccouncil, ATC wanted postpone the launch class till this week..things were hurriedly put together..

      No access to iLabs,Frankienstien, Win7 and Win2008 VM were not provided..

      Finally told exam would not be available until 1st May !!!… how true is that ?

      Too many complaints…

    • #38817
      hayabusa
      Participant

      I definitely can’t speak to those, so hopefully, BillV can track down some info for you.

      As for the VM’s, the provider was supposed to have those setup, per their setup instructions, I believe.  I know the lab sections specifically stated what was required for each.  That said, I know my training provider got their setup and materials something like the week prior to class.  So I suppose maybe yours got them late?  I can’t speak for them, either, but I can definitely understand your frustrations, if it went like that for you.

      At least, for our class, I’d had my CEH from the older version, and was available (and didn’t mind) to help the folks out, and help keep things moving forward, while fixing labs.  Sometimes, as you’ll see from others’ posts, elsewhere, unfortunately, it all depends on the specific training partner, and in that respect, EC-Council would have to speak to the ones they chose for launch week.

      Sorry to hear you had a bad experience :-(, though, nikmidu, and hopefully, EC-Council will work out something to make up for it, with you.  Definitely let us know what you end up with.

      Edit:  also, not sure on the exam availability they told you about…  I took mine on Friday, immediately following the class…

    • #38818
      WCNA
      Participant

      The whole thing sounds a lot of material to take in in only 5 days. I don’t know how much you can really learn in that time. It would probably be a good idea for the student to get the materials beforehand so they could do some studying on their own. It took me quite a few weeks to learn the OSCP course. It was just so much stuff to take in because of all the side tools you needed to learn, like how to use Olly, basic perl, python, bash scripting, awk, sed, fuzzers, metasploit command line, etc.

      Of course it was a boot camp  🙂

    • #38819
      mohaab
      Participant

      thanks for your great review

      for any one who want to know better buffer overflow and how it works in real life you can view this video here

      Windows Exploit Development (Real World Penetration Testing Course)

      http://bit.ly/f7UgUN

      and also here is the tools

      http://bit.ly/fnv6y4

      and here is the course syllabus ( if you want to take a look ^_^ )

      http://bit.ly/emzbR3

      thanks very much

      best regards

      http://about.me/mohaab

    • #38820
      BillV
      Participant

      @nikmidu wrote:

      First I want to be sure on who picked the launch class candidates. ATC told me it was Eccouncil. Only one candidate showed up,so ATC had to call 3 others who registered (via the site) to make up the class ( this is their own version of the story) – No clear communication coming from Eccouncil.

      Seems the launch class finally held at the insistence of Eccouncil, ATC wanted postpone the launch class till this week..things were hurriedly put together..

      No access to iLabs,Frankienstien, Win7 and Win2008 VM were not provided..

      Finally told exam would not be available until 1st May !!!… how true is that ?

      Too many complaints…

      What country are you in and what training provider did you take the class through?

      As I understand it, the ATCs were required to set aside a certain number of seats for EC-Council. EC-Council then selected from the pool of applicants on their website who would get to use those free seats.

      The ATCs were selected because of their past training recording with EC-Council. I have heard of courseware being delivered late but I can’t imagine EC-Council would be behind on this launch. It is typically the responsibility of the ATC to setup the labs and so forth.

      This is the first I’ve heard of the exam not being available until May. Again, it’s possible it’s due to your location.

      I will see what I can find out.

    • #38821
      BillV
      Participant

      And thanks for the thorough reply, hayabusa 🙂

    • #38822
      hayabusa
      Participant

      @BillV wrote:

      And thanks for the thorough reply, hayabusa 🙂

      Sorry…  :-[

      Must’ve been in “book-writing” mode, this week.  LOL!  But would rather spell it out clearly, than leave things to interpretation. 

      ( I wanna stay at least ‘somewhat pertinent’ on folks’ reading lists…  ;D )

    • #38823
      Steve_Sanchez
      Participant

      I also attended the inaugural CEH v7 class and would like to give my opinion/perspective of the class. But first a little background on me so that my views may be better understood.

      I have been doing forensics for around 10 years, mostly on standalone desktops and laptops. Very minimal interaction with servers and none with Linux based systems. On a scale of 1-10 with 10 being an expert I would say my experience with servers is at a 2, Linux about a 2 and any sort of coding about a 1. I have my Security+ and I have the v6 video tutorials and prior to the class made it through about the first third of the videos. With that said here is my take on the class;

      Going in my understanding was that this would be what I call a 30,000 foot view (basically a broad overview) of hacking and it’s methodologies. On the first day of class the instructor told us that one of the main differences from v6 was that v7 would focus more on the methodologies of pen testing or hacking and a very quick “exposure” to some of the tools.

      The material (slides, CDs etc) was first rate, very nicely put together and very good quality. The school where I attended my class was “first class” in all aspects. There were definitely some bugs and issues with labs, we actually had XP, 2003, 2008, Win7, a special CEH Linux distro and BT4 setup as Virtual Machines.

      This class was held 9am to 5pm, and the labs were available for us from 7am until around 7 or 8 pm and it was said numerous times that whatever time we wanted to utilize the labs they would be made available to us. There were 6 onsite students and about 8 “virtual” students taking the class.

      There is a LOT of information to digest in a week’s time. And for me being a full on newbie it was like drinking from a fire hose, however that is exactly what I expected it to be. I had no illusion that I would be walking out on Friday being able to hack anything. The course gave me exactly what I expected it would. A well rounded base from which I could build upon.

      An instructor teaching this course must have very good time management skills as there is so much material if it is not presented well it is very easy to let time get away from you. An instructor would then need to quickly cover relevant material or skip large sections altogether.

      I think the only complaint I have about the course is that many of the labs could not be completed do either to the configuration of the VMs or the labs were poorly laid out in the manual (some were just plain wrong). Now to be fair this was the first class held for v7 and those labs can be fixed or updated fairly easily and in fact the instructor and school were extremely diligent in documenting ANY issues so that they could be corrected.

      All in all I think it is a fantastic program and one that when the bugs are worked out (very minor) it will all run smoothly. As was said earlier in this thread, this is a course for people just starting out and it met my needs for a boot camp completely. I am already looking for an online course where I can build upon the information I received in CEH v7.

    • #38824
      BillV
      Participant

      Great, thanks for the review. Where and what training center did you take the class with?

    • #38825
      Steve_Sanchez
      Participant

      My training was at NetCom Learning based in New York and the class I took was in Las Vegas where they also run a small 5 classroom facility.

      I have been in Vegas going on about 8 years and actually had never heard of them, but their operation is very impressive. Not so much the classroom facilities but their attention to details and customer service. Way beyond anything I have aver experienced.

    • #38826
      BillV
      Participant

      Hmm, NetCom.. is that Titu’s company? I’m pretty sure that sounds familiar. If it is, I’m not surprised. They are a highly respected ATC by EC-Council have won numerous awards. I met him last year at Hacker Halted down in Miami. Very cool guy.

    • #38827
      ba22er
      Participant

      I also attended the class, but as a paying customer and not someone on a freebie I was totally underwhelmed buy the course materials provided. What good is the book of slides that was provided as course notes? They were not indexed and contained many inaccuracies, as such there was no way they could be used for revision or for reference later on.

      The screenshots for the labs differed from the instructions that were given under them and were usually wrong. In some cases the software provide was a different version than the examples and in some cases the labs did not work.  

      The course topics did not match the exam topics and due to how the course notes were provided (a copy of the course slides!), there were questions on things that were not mentioned in the notes. A lot of the questions had inaccuracies and there were several questions that only permitted you to put one answer even when there were more than 1 correct answer (even where the correct answer was repeated even down to the spelling mistake).

      The only good thing was the excelent knowledge and skill of the trainer.

      The course covered the correct topics and would have been fine if this was a pre-release runthrough and proofing exercise but it is not. It is the final version that they have released and are charging for. This will be worth doing in a few months when the instructors have corrected all the slides and excercises and basically done the proofreading and basic spellchecking that EC-Council didn’t.

    • #38828
      Steve_Sanchez
      Participant

      BillV – yes Titu’s Company, just spoke with him on the phone briefly but was assisted greatly by his team in Vegas, all good guys.

      ba22er – I can’t comment on the test as it relates to the courseware as I have not taken the test yet, planning on it in the next few weeks. And yes I agree that the labs should have been vetted by a few folks as there were some obvious inaccuracies.

    • #38829
      BillV
      Participant

      I was honestly wondering about the content of the exam and how it relates to the courseware. If anyone else that takes the exam has some feedback on that it would be nice to hear about it.

    • #38830
      hayabusa
      Participant

      I can tell you, there was much on the exam, BillV, that had I not been more well-versed, and had not already been a CEH, I wouldn’t have expected.  In honesty, the exam threw some curveballs that were NOT discussed, in any manner, during the class.  Again, my reviews came as someone who had been there, before.  I didn’t go much into the exam, because, honestly, I didn’t want to frighten people.  If the instructor is good (ours was,) he or she will clue you in, a bit, on some things to watch out for on the exam, that weren’t really ‘covered’ well, during normal class flow, and you’ll still pass.  (After all, that IS the point of a bootcamp, right, and many have ‘MUST PASS GUARANTEES.’

      As noted by Steve_Sanchez, I think it’s a good course, overall, for those getting started, but I also have to acknowledge ba22er’s frustrations, as I could easily have seen our bootcamp go that way, had we not had both a good instructor, as well as the couple of us that ‘lent a hand’ to get over the humps that were the mis-configurations, incorrect options shown in 1 or 2 slides, and just the extra effort.  Admittedly, it did make a difference, both with who the instructor was, as well as who attended.  And this time around still, IMHO, wasn’t as good as my original CEH bootcamp, not because of instructor or material quality, but because the original provider went above and beyond.

      That first time around was more along the line of what Steve_Sanchez said about his, with extended opportunity to spend time in the labs, etc.

      ba22er, I feel for you, and maybe, if you approach that ATC with a positive attitude, they’ll try to make it up to you.  While I passed mine, I can say the ATC I took it from, Solutient, in Independence, Ohio, even GIVES all bootcamp participants the option, for free, of sitting the class again, one more time, within a year period, on their dime.  The only requirement is that you bring your original books and class materials with you.  They don’t give you a second set.  (This – the re-sit, not the needing to being my books for the second sitting – came as a shock to me, as I’d never heard of such, but it is a very cool practice, I must say!)  I might re-sit it, just to help out and make personal connections, again.  who knows…

    • #38831
      BillV
      Participant

      Yeah, that’s definitely something for ba22er to look into. I think many training places off a free re-sit within a certain time frame. Thanks again, hayabusa.

    • #38832
      ba22er
      Participant

      I’m not after a resit, I passed the exam so my comments were not sour grapes, I felt that i needed to put forward my thoughts on the course and exam.

      I also felt that the EC-Council appear to think that they can just trot out any old course with what would appear to be no internal validation prior to launching this course for paying customers!
      The course was not ready and the final exam did not match the course content.

      All the people on my course have complained that we were not there to proof read and test a course which was clearly not ready.  We were customers attending the grand launch of a new fully finished course and that was simply not the case.

    • #38833
      hayabusa
      Participant

      I can understand your frustrations, and I AM glad that you passed.  With regards to the resit, I only mentioned that, as it might’ve at least given some (I know you’re not looking for it) folks the opportunity to go back, and take it when it’s more polished, and have a better experience with it.  It’s sad, unfortunately, that someone would need / want to consider that, but it does happen.  Sounds, though, from what I’m hearing, that this launch went off wrong in more places than just yours, so that’s a shame.

      I’m also glad, at least, that you found value in the instructor, so at least that gives me more hope for things, knowing that EC-Council DID get a qualified instructor for you.  Often times, even in the worst bootcamps I’ve attended, the instructor could’ve / had made all the difference in the entire experience.  

      Again, I understand your frustration, and can easily see why you feel that way, based on our experiences, as well.  Had I been a paid customer, and one who didn’t actively participate to help resolve some of the situations we ran into in our class, I might’ve felt differently, especially if mine went as bad as some of the others have said theirs did.  So while I’m not EC-Council, and certainly, therefore, can’t speak for them or on their behalf, I’m sorry that your experience went badly.  Definitely, at least, make sure you send your feelings and thoughts to them.  I can’t speak for what will come of it, but hopefully, they’ll take them into strong consideration, when planning future courses.

Viewing 22 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?