.

CEH v5 - the exam

<<

webdevil

Post Mon Aug 06, 2007 1:32 am

CEH v5 - the exam

Hello ppl,

I just wrote my CEHv5 and I passed.
I would like to thank don for building a communication platform, wherein I really got to know how the exam would be.

I was tensed before the exam since I did a self study for not more than a week. The practical experience made the exam study easy for me. I used the Offical CEH Review Guide only. Since I had previous knowledge on almost all the topics.
The main thing that helped me in the study was the TestKing Practice Exams that I bought, only then did I come to know how the exam questions would be.

Note: The testking, actualexam and pass4sure all have the same questions.

If you are getting a 80/100 in the practice exams I would then say you are prepared to take the exam. What I was surprised during the exam was the number of log reading type questions that I got.

I had plenty of time for the exam 275 minutes since I am in a non native English speaking country. I took only 70 minutes to end the exam.

I would again like to thank ppl around here without whom I wouldnt have passed this exam!
<<

cector

Newbie
Newbie

Posts: 7

Joined: Tue Sep 19, 2006 5:00 am

Post Mon Aug 06, 2007 9:21 am

Re: CEH v5 - the exam

:D Congratulation  ;)

Can u share me all practice exams (testking, actualexam and pass4sure).

<edited>

Thanks in advance..
Last edited by cector on Mon Aug 06, 2007 10:02 am, edited 1 time in total.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Aug 06, 2007 10:01 am

Re: CEH v5 - the exam

Hey webdevil,

First of all, congrats. Secondly, thanks for the compliment, and you're very welcome. This is why we're here.

Speaking of which...

cector,

I can appreciate your enthusiasm, but if you're looking for dumps, this is not the place (especially if you want someone else to pay for them). If it's knowledge you seek, then welcome to EH-Net, the ETHICAL Hacker Network.

Looking forward to everyone's continued participation,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

hackly66

User avatar

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Jan 24, 2007 10:44 am

Location: Florida

Post Thu Aug 30, 2007 5:09 pm

Re: CEH v5 - the exam

Question for you guys in reference in taking the CEH exam do I need a  instructor for ethical hacking am thinking of creating a personal lab in my home to simulate attacks’ and using VMware to avoid virus leaks. I would love to save money if not do anyone have any suggestions Thank you. :)
A+,Net+,Sec+
<<

Kev

Post Sat Sep 01, 2007 11:08 am

Re: CEH v5 - the exam

Having an instructor can save time and has advantages, but you can begin your journey solo just to get your feet wet. Most hackers I have met began solo and that was the traditional method. Infact, no one would even talk to you in the past if you were a total newb. You had to prove yourself and your dedication.  At least learn all the basics on your own! Eventually you should think of everthing as your "instructor". Your lab, your books, websites, online instrution courses, fellow hackers, conventions, etc...  Never limit yourself.
<<

hitechpo

User avatar

Newbie
Newbie

Posts: 9

Joined: Mon Sep 03, 2007 7:50 am

Location: Cow Country, USA

Post Mon Sep 03, 2007 9:41 am

Re: CEH v5 - the exam

Kev is absolutely right.  You learn by doing.  (Note:  Setup test labs or work on networks that you have permission to work on.  Never test your knowledge on unauthorized systems.)  Attempt to find a mentor or someone who has the experience and knowledge and is willing to share it with you.  Sometimes, those who can't do something, teach, so be careful who you learn from.  If you are a good hacker, everyone knows your name, if you are a great hacker, no one knows who you are.
CISSP, CEH, NSA-IAM/NSA-IEM, MCSE, A+
<<

oasis_inin

Newbie
Newbie

Posts: 20

Joined: Thu Mar 01, 2007 4:36 am

Post Mon Sep 03, 2007 2:57 pm

Re: CEH v5 - the exam

hitechpo wrote:Kev is absolutely right.  You learn by doing.  (Note:  Setup test labs or work on networks that you have permission to work on.  Never test your knowledge on unauthorized systems.)  Attempt to find a mentor or someone who has the experience and knowledge and is willing to share it with you.  Sometimes, those who can't do something, teach, so be careful who you learn from.  If you are a good hacker, everyone knows your name, if you are a great hacker, no one knows who you are.


Thats quite true........

If you get a mentor........things are on a fast track instantly and then you can nail any certification with your knowledge and a mentor's expericnce and advices. A lot of times it is easier to learn things by listening to someone & then discuss rather than going through the books again n again.
CISSP, MCSE Sec, Security +
studying for C|EH
<<

hackly66

User avatar

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Jan 24, 2007 10:44 am

Location: Florida

Post Tue Sep 18, 2007 3:04 pm

Re: CEH v5 - the exam

Thank you All I will see if I can find someone online, for now I will teach myself I don’t have the intensions to harm anyone but I will be hacking my own enviroment, thank you again it is the reason I love doing things ethical especially my goals to becoming a computer forensics’. :)
A+,Net+,Sec+
<<

EmanoN

Newbie
Newbie

Posts: 41

Joined: Wed Sep 12, 2007 3:37 pm

Post Thu Sep 20, 2007 9:30 am

Re: CEH v5 - the exam

webdevil wrote:The main thing that helped me in the study was the TestKing Practice Exams that I bought, only then did I come to know how the exam questions would be.
Note: The testking, actualexam and pass4sure all have the same questions.


This is what I love about the CEH test. What a joke.  At least the Offensive security cert requires you to prove a certain ability to hack.  I have said it before, the CEH is just about making money and is the worlds largest collection of script kiddie material. I was involved at a seminar once where we had 4 CEHs attempt to crack a notebook running windows xp sp2 with only the windows firewall as protection. Not one of the CEHs could crack it.  And a major corp should rely on them to say their network is hack proof?  Here, I will do everyone a favor that is reading this. Get vmware and install an unpatched version of XP sp1. Now go get metasploit or at least a dcom exploit. Make sure you are not running a firewall or anti-virus.  Now run the exploit against your vmware and get a shell. Ok, I just saved you $3000, because that is what every boot camp I am aware of does.  By the way how does anyone certify that you are "ethical" any way?
Last edited by EmanoN on Thu Sep 20, 2007 9:33 am, edited 1 time in total.
<<

LSOChris

Post Thu Sep 20, 2007 2:59 pm

Re: CEH v5 - the exam

did you take the Off-Sec 101 course?
<<

EmanoN

Newbie
Newbie

Posts: 41

Joined: Wed Sep 12, 2007 3:37 pm

Post Thu Sep 20, 2007 5:54 pm

Re: CEH v5 - the exam

I did take it for fun. I know Muts to be a first class pentester so I was curious about what he had to offer. Its a good course for several reasons. 1. Its reasonably priced. 2. It encourages learning programming. 3. It encourages people to think. 4. It does not make outrages claims that going through this course will make you a pentester, but its a starting place. 

I would not say its not for the total beginner and its not for someone thats advanced.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Sep 29, 2007 5:19 pm

Re: CEH v5 - the exam

Yes Emanon (or Noname?) , you  have some valid points, but I don’t agree with everything you stated.  Just because a newly certified CEH might not be on the cutting edge of hacking doesn’t mean the CEH cert has no value.  For instance, when a Doctor first graduates from Med school he certainly is not qualified to present himself as an expert in his field.  Depending on the field he pursues, there might be several years of internship.  To dismiss the value of his Doctor “certification” simply because he might not be at a high level in his field would not be justified and nor would dismissing the CEH certification on similar grounds. IMO, a newly certified CEH is simply showing that particular individual has the grasp of the fundamentals of how an attacker might “think”.  Now how far a CEH wants to develop his skills will depend on his ambition and natural abilities. As in the Doctor analogy, there are good Doctors and bad Doctors. So ultimately it will depend on an individuals reputation, rather than simple certifications.  The CEH cert is rather new and developing, but it is a needed concept in computer security. Let’s work on improving it rather than throw the baby out with the bath water.

I do agree that perhaps the term Certified Ethical Hacker might not be the best choice.  You cant really certify someone as ethical and the term hacker has so many negatives that some times I am tempted to throw in the towel on that one.  I can think of a few easier ones for the public to embrace like Certified Computer Security Consultant, etc…
 
BTW, the next time you know a group of CEHs being asked to crack a window xp sp2, let me know so I can be there!  I do it all the time as do many other CEHs I know.
<<

dean

Post Sat Sep 29, 2007 7:11 pm

Re: CEH v5 - the exam

I normally steer clear of this type of discussion as I don't care about the CEH one way or another but to compare pen testing/ vulnerability assessments or "ethical hacking" to a Doctor is just absurd. But perhaps your intention was not to directly compare the two.

Either way, anyone can sit for the CEH exam, pass it and get a cert. A doctor leaving med school, has already gone through years of training and is required to do a residency as well. So until there is a requirement for a CEH to have done an internship/residency/show proof of experience, etc... it is simply an introductory cert in the same class as a security+. It does not attest to the skill level of the person at all aside from a basic level.

Perhaps there needs to be some kind of assurance or proof of their technical ability similar to what the ISECOM certs require.

If this cert is to simply show that the holder has a grasp of the fundamentals as you mentioned then perhaps that should be explained in much clearer terms to the individual because most of the cert holders next questions are not "how do I expand my knowledge from the basics" but instead are "how do I get a job as a pentester now that I have my cert".

I also fail to see how the term CEH or a similar term is a "needed concept in computer security". Pen testing and vulnerability assessments are not new concepts.

dean
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Fri Oct 05, 2007 2:06 pm

Re: CEH v5 - the exam

Yes I agree, comparing a newly certified CEH to a Doctor would be absurd and I certainly didn’t mean to create the impression that I was doing that.  I was simply trying to say in a nice way that a newly certified CEH does not necessarily mean he is qualified to practice. If I was looking for a heart surgeon I would rather use someone with years of experience rather than someone fresh out of med school.  I see the CEH as a flawed beginning, but I am hoping it will continue to improve.

I have been active in the security field for years and I assume others posting here have also? I mean pentesters that have to try and win a gig doing an audit on a large company. Not people that hack for fun or Admins that only hack test their own networks. Dealing with corporations can be difficult because people there often have a certain mind set.  Being able to provide credentials goes a long way in getting the contract for a security audit, at least that has been my experience and other pentesters that I associate with.

  I am not sure if I follow the logic of there is no need for a certification because pentesting has been around years before any certification process was available. One could use that argument against any cert then, all the way from a cissp to an A+.  Why do certifications become available any way?  Because people begin practicing in a certain field and soon there are many people with variations of skill levels all claiming to provide the same level of skill. So the certification process becomes available in an attempt to prove or certify a certain level of skill. Am I saying the CEH as it stands today does this. No I am saying that at all. I would like to see this cert improve or another one comes in its place that the majority of us in the security field would say “yes this proves a good level of skill.”.
<<

dean

Post Fri Oct 05, 2007 5:29 pm

Re: CEH v5 - the exam

Even so a heart surgeon would not be coming out of med school. This is what their residency is for. To train under a qualified and experienced surgeon until they are considered experienced enough to lead the operation on their own. Perhaps something similar should be required of our industry. Not very easy to do in our industry I know. But internships are always available.

I also fail to see how the term CEH or a similar term is a "needed concept in computer security". Pen testing and vulnerability assessments are not new concepts.


This is not implying that there is no need for certifications. I am stating that I don't see the value of a term such as "Certified Ethical Hacker". It does little to encourage me from the perspective of a person looking to hire a pen tester. As you stated dealing with corporations can be difficult due to their mindset and requires as much management ability as technical ability.

I agree that a cert does have a lot of value and does provide a certain level of assurance to a corporation. It helps open doors for the cert holder too.

Does it certify a level of skill? Yes, but not to the level most people assume or expect. I have certs in various disciplines and I teach classes for these same certs. One of the first things I do explain that a cert is a stepping stone to broadening their knowledge. This, based on postings and conversations I have seen, does not appear to be the understanding of a lot of recently certified individuals. I am not talking about people that have earned the cert for reasons such as client confidence, etc... or have years of experience  behind them, but people that are now wanting to enter the security field and figure that a cert is the way to go or all that they need.

I have interviewed so called pen testers/ethical hackers that are unable to explain how a simple ftp connection is established using the OSI model as a reference for their explaination. This disturbs me as on paper they look qualified for the position yet don't have even basic knowledge.

I see the CEH as a flawed beginning, but I am hoping it will continue to improve.


I agree with you here. Name of cert aside, it, and others like it, are a good beginning but still have a far way to go from teaching the tools to explaining how and why those tools work or don't work.

While it does sound as though I am dismissing the CEH as a valid cert, I'm not. I'm simply saying that the perception of these certs needs to change.  I know many people with the CEH that are incredibly talented people and very, very good at what they do. But the cert is not where they gained these skills.

OK, time to step off my soapbox :)

dean
Next

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software