C|EH v8?

This topic contains 21 replies, has 10 voices, and was last updated by  j0rDy 6 years, 1 month ago.

  • Author
    Posts
  • #7347
     opticalcarrier 
    Participant

    Hello. Does anyone have any indication on when C|EH v8 materials will be released? I see some references to it on the EC-council website and the store has the v8 exam voucher listed for purchase.  Specifically the CEH Candidate Handbook v1.6 has several references to v8.

    I’m looking to purchase training materials and sit for the exam this year. The EC-Council site leads me to think that v8 is just around the corner. If that is the case I feel that I may want to wait for v8 to be released instead of going for v7.

    Anyone have any additional information or speculation on this?

    Reference PDF: https://cert.eccouncil.org/wp-content/uploads/2011/11/CEH-Candidate-Handbook-v1.6-31012012.pdf

  • #45907
     DragonGorge 
    Participant

    I’ve heard that v8 will be coming out soon and, based on my experience with v7, I’d urge you to wait for it. Scratch that, I urge you to wait for the reviews on v8. I’ve heard rumor that v7 was the first try with new material and v8 is basically a cleaned up version of v7.

  • #45908
     BillV 
    Participant

    The launch dates for the exam and courseware are different.

    If I recall, the exam is targeted for an April launch and the courseware is not due out until roughly November.

    My guess is that the courseware is going to be “cleaned up,” as DragonGorge put it, but will also be aligned with the new exam (expected to be ANSI accredited soon).

    A lot of effort has been put into developing this exam per ANSI standards (started back in late 2010). New objectives and task and knowledge domains have been developed by SMEs working in the field. There were a large amount of beta testers that provided feedback on each question. Multiple ‘panels’ were created to review all of this information and decide what to keep, change, or throw out.

    In the end, I expect the exam itself will be a decent change but I don’t know anything about the courseware.

  • #45909
     opticalcarrier 
    Participant

    Thanks Billv. Looks like v8 is worth waiting for. EC-Council made some nice improvements between v6 and v7. Further clean-up and making it more refined for v8 makes sense.

  • #45910
     SephStorm 
    Participant

    I cant believe they are releasing a new version. they should save the money on releasing a new cert and materials. They could have just fixed v7… How annoying and completely expected. I am thinking that CEH will be my last EC-Council certification.

  • #45911
     dynamik 
    Participant

    @sephstorm wrote:

    I cant believe they are releasing a new version. they should save the money on releasing a new cert and materials. They could have just fixed v7… How annoying and completely expected. I am thinking that CEH will be my last EC-Council certification.

    Maybe I’m missing something, but what’s the big deal? I actually think it would be odd to modify the material once it’s out; wrapping improvements up into the next version seems more natural. You retain the certification once you pass (as long as you keep up with continuing education), so I’m not sure why this bothers you so much.

  • #45912
     SephStorm 
    Participant

    The BIG issue is ECC, but beyond that… 🙂

    I dont like the new version because such a big deal was made about v7, they have already pushed it out to testing providers, and companies have released study material for it. and now less than an actual full year later, we are getting a new release to fix courseware… They could simply insure they send out new couseware to people taking the new exam. Also the issue is studying. For the most part we have recommended v6 CW for studying for v7. Now we can extend that to v8. That is three major releases with no significant content change…

    In addition, the versioning could become an issue. Now v6 certified individuals are that much less valid in the grand scheme (honestly ive never had an employer ask about an exam version, but it could be a concern, especially with what i’ve heard about the older versions.). If i’m not mistaken, ECC now prints the version on the certificate, so its not just an internal issue.

    My final issue is with v7 itself. We have seen numerous unresolved issues with it. without a real review of what is being changed in v8, i’m skeptical.Issues with the courseware, issues with the instructors, issues with Frankenstein and iLabs. Thats all that made v7 worthwhile. I just dont want someone going in with fishscales over their eyes.

  • #45913
     BillV 
    Participant

    The BIG issue is ECC, but beyond that… 🙂

    I dont like the new version because such a big deal was made about v7, they have already pushed it out to testing providers, and companies have released study material for it. and now less than an actual full year later, we are getting a new release to fix courseware… They could simply insure they send out new couseware to people taking the new exam. Also the issue is studying. For the most part we have recommended v6 CW for studying for v7. Now we can extend that to v8. That is three major releases with no significant content change…

    In addition, the versioning could become an issue. Now v6 certified individuals are that much less valid in the grand scheme (honestly ive never had an employer ask about an exam version, but it could be a concern, especially with what i’ve heard about the older versions.). If i’m not mistaken, ECC now prints the version on the certificate, so its not just an internal issue.

    I can’t speak for the courseware but the exam itself has been completely redesigned from the ground up. Things that a CEH-level person should know are included and things that are irrelevant have been removed.

    That being said, objectives will have to be changed which should mean that courseware has to follow suit.

    If that’s the case, then v6 and v7 study guides will not be as valuable to the v8 exam as v6 guides were to v7.

    The whole push for the new version revolves around ANSI accreditation. The exam was developed per their standards. I don’t know if they set standards for the courseware as well or not. Anyone that passes CEH v8 (and forward) will have the ANSI accredited version.

    Per ANSI guidelines the version has to remain. If you are a CEH v6, you are a CEH v6, not a CEH. This is how they will distinguish who passed the exam before and after the accreditation.

    My final issue is with v7 itself. We have seen numerous unresolved issues with it. without a real review of what is being changed in v8, i’m skeptical.Issues with the courseware, issues with the instructors, issues with Frankenstein and iLabs. Thats all that made v7 worthwhile. I just dont want someone going in with fishscales over their eyes.

    I can’t speak to the courseware as I’ve never actually unwrapped my copy. Instructors are a problem for any course. Frankenstein is for instructor use only. And, personally, I never had any problems with the iLabs. I went through every lab in the manual and revised as needed or rewrote the lab if it didn’t work right. What happened after that, I have no idea.

    edit: I don’t mean I changed the labs on-the-fly so they worked as I was studying but I was asked by EC-Council to review the iLabs manuals and make sure the labs worked.

    I’m not going to defend EC-Council, that’s their own job and I’ve already done enough of it in the past. There are plenty of unhappy people out there (in their own members portal as well). Just wanted to explain why the changes are happening.

  • #45914
     opticalcarrier 
    Participant

    Overall EC-Council moving to ANSI accreditation is a good thing. It brings more value to holding a CEH.

    I can see where current v6/v7 CEH holders are upset that their cert may be seen as less valuable, but that is just the nature of the beast. The introduction of the continuing education requirement should help offset some of the stigma.

  • #45915
     SephStorm 
    Participant

    I’m glad to hear the exam is being updated as well. Though the concept of updating a program FOR accreditation is much like a company making changes FOR compliancy. In any case, I suppose i’ll wait for the reviews. But ECC still has a long way to go Bill, you’ve seen the member portal. They have issues, and while I have reached out to them numerous times to help get them resolved, the positive work forward lasts for about a week.

    The reports of issues with instructors were numerous and significant. EC-Council claims that these “Master Instructors” received training on Frankenstein and iLabs and were unable to access them in some cases or get them working in others. Many reports claimed that the instructors were knowledgeable, and well suited, the issues were with the 2 programs. And the issue with Frankenstein was reported by an instructor on the member forum if I remember correctly.

    On the iLabs, we recently had a report on this portal about the failure of iLabs. They work, but it appears by report to be put together very poorly. Can you tell us about how it worked when you tested it? (NOTE: I see you replied to that post, not knocking your efforts, the poster said the labs appeared to work, but just not intuitively. I’ll quote the relevant portion for those who havent seen the thread)

    The same can be said for the iLabs – to call it “unpolished” would be kind. Basically, you log in and reserve time in 2-3 hour blocks. The system creates a virtual lab environment for you on their network from which you can run their Bible-sized (both Old & New Testament) book of lab “exercises”. The exercises themselves are basically just a very (very, very) simplistic execution of the myriad of tools accompanied by screen shots. For example, they’ll have you install Cain and attempt to crack a password file but it really amounts to click here, now click here, okay, now click here. Done! There are no targets per se, just 3-4 different platforms you can run the different tools on. And there are no end-to-end exercises.

    My real question Bill, is do you think that people should look forward to CEH v8 considering the organization behind it?

  • #45916
     BillV 
    Participant

    I don’t disagree that they have work to do. They know they have work to do. What takes so long, I have no idea.

    I know we’ve seen posts about problems with instructors. I can’t disagree there either. My own CEH instructor was horrible when I took the course. The guys recognized as Master Instructors that I know, are good at what they do and I’d happily sit in their course. How many are out there? Not a clue. Are there some designated as Master Instructors that truly don’t know what they’re doing? Again, I’m not sure but it wouldn’t surprise me. We all know that the experience and ability of the instructor can easily make or break a class though.

    On the iLabs, we recently had a report on this portal about the failure of iLabs. They work, but it appears by report to be put together very poorly. Can you tell us about how it worked when you tested it? (NOTE: I see you replied to that post, not knocking your efforts, the poster said the labs appeared to work, but just not intuitively. I’ll quote the relevant portion for those who havent seen the thread)

    The same can be said for the iLabs – to call it “unpolished” would be kind. Basically, you log in and reserve time in 2-3 hour blocks. The system creates a virtual lab environment for you on their network from which you can run their Bible-sized (both Old & New Testament) book of lab “exercises”. The exercises themselves are basically just a very (very, very) simplistic execution of the myriad of tools accompanied by screen shots. For example, they’ll have you install Cain and attempt to crack a password file but it really amounts to click here, now click here, okay, now click here. Done! There are no targets per se, just 3-4 different platforms you can run the different tools on. And there are no end-to-end exercises.

    My experience with iLabs was similar to what DragonGorge posted. Keep in mind I went through this about a year ago before iLabs was actually rolled out so I don’t know if anything has changed (and it’s hard to remember all the details).

    You basically access the system and reserve a block of time for doing your labs. The system then configures your virtual network for use. It consists of several different systems – I want to say 5 but I can’t remember what all they were (Windows 2008, Windows 7, BackTrack and there may have been a second 2008 box).

    The instructions are similar to what was pointed out. At the beginning they give you some type of overview or scenario about when/why you might use the tool(s) in the lab. You are then told about the environment and which systems you will be using for the lab (W2K8, W7, BT, etc.). After that it walks you step-by-step through installing and running the tool. As DragonGorge mentioned, the labs only go so deep into the tool. They get you up and running and show you the basic functionality – it’s left to you to explore the tool in greater detail and play within the lab. I believe they add some ‘additional tasks’ at the end of the lab or ask you questions about using the tool in other scenarios. Again, this is where it’s up to the student to go the extra distance and do these tasks.

    If there are any targets required, the lab will tell you that you need multiple machines and you will use one to attack the other (e.g., the BT system attacking the W2K8 system). There are no end-to-end exercises as pointed out but probably should be.

    When working through the lab guides, there were spelling/grammar mistakes, wrong names of virtual systems, wrong systems selected, or stuff that just didn’t work. I fixed the simple spelling/grammar errors, renamed the virtual systems (apparently the systems in the class are slightly different than iLabs, which would certainly cause confusion), and basically made sure the lab worked. If there were missing instructions I would add them or if something wasn’t needed I removed it. For a couple of labs, I remember rewriting large portions. I wasn’t responsible for creating or selecting the labs, just making sure they worked.

    When I was finished and turned everything back into ECC, everything was accurate and worked fine. What happened after that (whether they accepted all my changes, changed systems, changed/added labs), I have no idea.

  • #45917
     BillV 
    Participant

    And to answer your final question…

    If they do it correctly, this could be a significant improvement.

    I can tell you that I’ve been involved in a lot of the exam development process since back in October of 2010. The exam itself will be a better reflection of the skill set and knowledge required for this type of certification. It’s up to EC-Council to do the same with the courseware (unless they outsource or contract some other people to write it).

    I think it should be treated like any other new certification. Personally, I’d be hesitant to jump to anything new until it’s been vetted by someone I know or respect.

  • #45918
     BillV 
    Participant

    I think this may have changed slightly but this CEH v8 blueprint is publicly available on EC-Council’s website:

    https://cert.eccouncil.org/wp-content/uploads/2011/11/CEHv8-Exam-Blueprint-v1.1-17012012.pdf

    https://cert.eccouncil.org/

  • #45919
     SephStorm 
    Participant

    Well I suppose its not great for me to judge the system until I try it. I guess I can give them the benefit of the doubt. 🙂

  • #45920
     DragonGorge 
    Participant

    I think the upgrade is a good thing…provided it’s a “true” upgrade and the training is improved.

    My fear is this: EC Council seems to have gotten away with flagrantly shoddy training and testing for some time, almost with a bit of hubris, like “We’re the certificating authority; we can do whatever we want.” I hope this latest version isn’t just lip service to get more $$$$ with no meaningful changes. I recently looked at the All-In-One guide for v7 and the content there was much more readable and better organized – it  “flowed”. Instead of taking a “how much info can we cram into this?” it was “how much can we strip out and still have the student be competent?”

    Here’s what ECC needs to do for their training:
    1. Hire a REAL proofreader.
    2. Hire outside Pen Testing professionals to check all slides for content.
    3. Take aim at cutting material. One of their ads boasted “16GB worth of data” – that’s not (or shouldn’t be) a selling point!!
    4. Reduce the focus on exposing the student to every tool on the web, instead narrowing the scope to the most popular ones. Of those tools, really teach them the ins-outs.
    5. Delete any slide that
      – Is a screenshot that the instructor simply says “Tool XYZ” to and moves on. They are absolutely useless.
      – Just lists 8 or so tools where the instructor just reads the names of the tools. Those are equally useless.
    6. Understand that everyone, EVERYone, taking this training can read – if the instructor is just reading the slide to us…what’s the point?
    7. Any acronym should be defined the first time it’s used (again, basic tech writing/training).
    8. Create true end-to-end tests in the labs.
    9. Create a table of contents for training content and labs. It’s unconscionable that they’d release 40 lbs worth of books without a TOC or Index. How is one expected to look up something in those 3000 pages or so?
    10. Similarly label the CDs – it’s just plain amateurish to have to stick in the CD/DVD to see if the module I’m interested in is on it.

    For their testing most of the above applies but eliminate the verbosity of the questions:
    “Jim, a security analyst at BZW Corp, woke up late Monday morning after getting into an argument with his girlfriend who was an accountant and WZB Inc. Feeling upset and out of sorts, he cut himself shaving before going into work, only to find that someone took his parking space. When he finally arrived at his desk he had an email from another admin asking if he knew of a good packet sniffer. Which of the following tools would qualify?”

  • #45921
     SephStorm 
    Participant

    @BillV wrote:

    The launch dates for the exam and courseware are different.

    If I recall, the exam is targeted for an April launch and the courseware is not due out until roughly November.

    My guess is that the courseware is going to be “cleaned up,” as DragonGorge put it, but will also be aligned with the new exam (expected to be ANSI accredited soon).

    A lot of effort has been put into developing this exam per ANSI standards (started back in late 2010). New objectives and task and knowledge domains have been developed by SMEs working in the field. There were a large amount of beta testers that provided feedback on each question. Multiple ‘panels’ were created to review all of this information and decide what to keep, change, or throw out.

    In the end, I expect the exam itself will be a decent change but I don’t know anything about the courseware.

    Bill, can you comment on this, I found it on the forum I dont have a source yet, but I’m looking:

    ah..found the answer.. basically the same with v7:

    EC-Council has released the new CEH v8 certification and with this being relatively close and on the tail of the CEH v7, people want to know what the deai is with this back to back change.

    The Certified Ethical Hacker Version 8 only differs by name and test delivery from the Version 7. The change came because of the ANSI accreditation that the EC-Council went through. The ANSI accreditation required a few, more stringent, delivery techniques in the certification exam process. To be more specific, the ANSI accreditation required that the CEH v8 exam was delivered to each and every student with the same set of guidelines and proctoring procedures. Since the CEH v7 came out prior to the ANSI accreditation, the guidelines were not in place and therefore a new version of the CEH was required.

    The CEH v8 does not have any different content or courseware from the CEH v7. Since the CEH Version 8 is the same content as v7, it will not be “launched” or even promoted like the pervious version.

    EDIT: found the source: http://www.cehversion8.com/, trainace is the Academy of Computer Education’s (a Training provider) website.

  • #45922
     BillV 
    Participant

    Yeah, I noticed (and replied to) that post as well. I’m not sure where they are getting their information.

    I have not heard anything either way. I would think that in order to align with the updated exam, the courseware will have to change. Maybe they’ll keep most/all of it and add in parts that need to be included. Maybe they’ll scrap it all and rewrite it. I honestly don’t know.

    If I were to make a guess, it will be (unfortunately) very similar to v7 with some minor changes. At which point, I don’t know how that puts your chances for passing the exam. I would have to look through the v7 courseware and see how close it actually is to the new v8 exam.

  • #45923
     oluwunmiemmanuel 
    Participant

    Plz i need some help here… i had my training last year but due to some financial problem i couldn’t finished my CEH course at my local academy, since then i decide to learn personally and also to prepare for the certified exam myself but unfortunately for me my laptop and my course materials was robbed from me and getting another material since then as been a problem coz i’ve left the academy. Please i need help on getting the materials back.
    Thanks, your help would be sincerely appreciated.

  • #45924
     shadowzero 
    Participant

    @oluwunmiemmanuel wrote:

    Plz i need some help here… i had my training last year but due to some financial problem i couldn’t finished my CEH course at my local academy, since then i decide to learn personally and also to prepare for the certified exam myself but unfortunately for me my laptop and my course materials was robbed from me and getting another material since then as been a problem coz i’ve left the academy. Please i need help on getting the materials back.
    Thanks, your help would be sincerely appreciated.

    Sorry to hear that, but you should probably contact http://www.eccouncil.org/ and see if they can help you.

  • #45925
     stormbyte 
    Participant

    Hi guyz! Just to update this CEH v8 subject.

    I passed some days ago the CEH v8 Blueprint with 94,4% result! (I was part of the instructors having the opportunity to challenge it!)
    This test is really a good quality: questions are relevant, users definitely need practice with tools before answering. 125 questions in 4H, I’ve done it in less than 3H so I think there’s enough time to analyze each question/simulation described. [I’m already a CEH/CHFI/ECSA/LPT since 2008 plus CISSP,CRISC, CISA, ISO27K1LA, MSCE:Security, CWSP, etc.]

    The Official CEH v8 is not available at this time and will not in next months. Q3/Q4 2013 may be a launching date for CEHv8 but courseware will remain the same only the name change aka ANSI accreditation.

    Wish you all good luck for you with this newest CEH v8! (PS: we’re making CEH Bootcamp training at AKAOMA, just check on Linkedin or website).  You can contact us on: http://www.akaoma.com

    More information in French about it: http://www.akaoma.com/nouveautes-ssi/302-obtention-certification-cehv8-ansi  (English translation will be soon available)

  • #45926
     MH@773r 
    Participant

    @dragongorge: I think you’re right on the money from what I’ve seen so far. I have two different V7 CEH video series, got the second because the first was being taught by a guy that I couldn’t listen to for any amount of time.
    As a training instructor and web training developer, I was extremely disappointed by the series I got from Career Academy because this guy, although seemingly very knowledgeable, sounds like the mother in “Throw Mamma From the Train”.
    No offense but he literally sounded throughout the series like he was either succumbing to a tumor on the vocal chords or in process of a huge bout of Laryngitis. Made it impossible to sit through more than 30 minutes without jumping out the second story window.
    The course I got from CBT nuggets uses the same slides from the course manual, but the narrator is much easier on the ears and engaging, makes it fun to get the info and really understand it. NO, I do not work for that company.
    I am really concerned by all this thread because I’ve been working very hard to grasp the information and really learn the materials of the V7 course. I would hate to think that all this effort would be negated by the time I get to the point of being prepared to test.
    I was so glad to hear you say they need to focus on the few tools that are most used. That would really help. I had a friend who is very old in the security industry tell me that main effort would be best spent initially with really learning to use NMAP, Metasploit, and some BASH scripting experience. There are of course minor things such as whoami, dnsookup, etc. for recon, but he said that with proper use of Google you can recon a good portion of a hack. Got a Johnny Long Google hacking book for that one, and man I had no idea how powerful Google is. Anyway, I completely agree with every single point you made, and no I’m not sucking up. I just know from experience that these are true pain points with the manual for this cert. Thanks!

  • #45927
     j0rDy 
    Participant

    Got this in my mailbox yesterday:

    In conjunction with the launch, EC-Council has prepared a complimentary First Look session for cyber professionals to test drive the program. Details below:

    CEHv8 First Look (Open to the public)

    Date : May 8th, 2013
    Time : New York 10am / Singapore 10pm / London 3pm / Dubai 6pm / India 7.30pm / Singapore 10pm / Korea 11pm
    Duration : 2 hours
    Speaker : Haja Mohideen,
    EC-Council Co-Founder and Vice President (Technology)

    More info:
    https://www.eccouncil.org/courses/new_release/certified_ethical_hacker_v8.aspx

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?