.

CEH Bootcamp Review - by a new guy on the block

<<

Fenris

Post Mon Jul 03, 2006 9:31 am

CEH Bootcamp Review - by a new guy on the block

Hey everyone.

Brand new to the board, just thought I would drop a note to say "hola".  I met Don last week at our CEH training in Chicago (had a dinner or two, and several laughs with him) and he pointed me, well, savagely rubber hose whipped me, until I signed up on the board. 

Just thought I would drop off a quick review of the Training for the CEH that I just completed, since there seems to be some interest on the boards, and lots of new folks with queries.

It was a 5 day bootcamp, and I went into it in total Lockdown mode for preparation, shutting off cell phone, setting up the out of office responder, etc - totally shutting myself off from the outside world.

Our class was fairly big, 14 or so with people ranging from longtime security folks, system admins, technicians, and complete newbies to infosec.  Our instructor was a fellow who had authored a few books, had a good sense of humor, and really seemed to know his stuff.  Possibly not as lively as some folks would have wished, but I found him similar to many of my college professors, so felt comfortable with him.  His Starbucks wore off at around 3:00 and that was a bit visible, and a bit humorous I felt.

Now on to the real stuff -

The coursework was pretty good.  The module order was adjusted by the group doing the training, and at the end of the day, I liked their layout better (details on order available on request).

The instructor did a very good job (IMO) of laying out the way that a given process was designed to work and how it functions, then he explained why that may be vulnerable, how it was exploited in the field, and gave us a listing of tools that did just that, wash, rinse, repeat for other modules.  Kudos for the instructor.  I didnt talk to anyone that did not feel adequately ready to take the exam Friday morning.

The material itself I found to be just a bit dated.  Part of this is understandable, because the major classifications of attacks havent really changed, but the tools and attacks discussed were often near obsolete.  During the section on Scanning and Enumeration, we were bombarded with various tools, until our eyes were crossed.  There are apparently somewhere in the neighborhood of 505,326 scanners, and I think they are ALL in my notes. 

My immediate recommendation would be to update the material, remove some of the exploits that only work with Windows 1984, and cut back on the volume of tools used, and shuffle the modules around to a more logical flow.


The Test:
I thought the test was a fair evaluation of the material.  The specificity of the questions (lots of Nmap and ettercap switch questions, SQL Injection verbage, etc) made sure that you were familar with some of the more critical tools.  The situational questions did a pretty good job of ensuring that you are aware of how the attacks were supposed to function.  I had several "analyze this packet" questions as well, which I thought was also a pretty good assessment judge.  Tools, as in the class, were very heavily represented on the test. Tons of "pick up to 4 of the folllowing" questions were on my test as well.  (aside, I HATE those questions, give me a specific number please, some of those tools are multicapable, but arent really good at doing the job referenced - rant over).  IMO, the test required some good prepwork.  I wouldnt have wanted to take that test cold or merely after reviewing the books.

Compared to a SANS course, the material was fairly close in level of detail.  The test questions were IMO a bit tougher, and the fact that it was closed book added an extra layer of pressure on top of that. 

The company that put on our Boot Camp was "The Training Camp" (hope its legal to give that info) and I think they did a pretty good job - though the hotel was a bit spotty - (may have been the renovations though). 

All in all it was a positive experience, and I picked up lots of great tools, some good insight, and some methodologies that will make my security testing better.

Thanks for paying attention (and if you didnt, well - nyah nyah nyah)

Fenris
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Jul 03, 2006 11:07 am

Re: CEH Bootcamp Review - by a new guy on the block

See... that wasn't so hard. More participation like that and you are bound to hit upon some of our great monthly giveaways!  ;D

In all seriousness, thanks for becoming a member, and we all look forward to hearing more from you.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Mon Jul 03, 2006 12:31 pm

Re: CEH Bootcamp Review - by a new guy on the block

Welcome.

Glad you two met up & enjoyed the class. 

How were the labs?  What time did you guys normally stay there 'till?

Have you guys considered adv. ethical hacking classes (CEPT, CPTE, ECSA/LPT)?


- charlottebandit

*I'm reading my CF text for the CHFI class on 7/17.  After that, I'm not sure if I'm going to be able to sit in on the CPTE class in Dallas on 7/31.  We'll see. 
Last edited by charlottebandit on Mon Jul 03, 2006 12:36 pm, edited 1 time in total.
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

Fenris

Post Mon Jul 03, 2006 2:20 pm

Re: CEH Bootcamp Review - by a new guy on the block

The labs were pretty good, I thought the SQL injection lab left a bit to be desired.  My favorite labs were actually the File Transversal labs dealing with WebSites.  My ONLY issue is that well, once the exploits started, the that genie wouldnt crawl back in the bottle, and having folks tag your test box repeatedly while trying to take notes was a bit tiresome.  I put Trojan Hunter on the PC, and that thing was going off every 20 minutes with folks seeing what it would catch and what it wouldn't.  (Note - NEVER EVER plug a PC that you care about into the lab at a CEH class)

Regarding the time, we usually did Labs up until 6ish, and then some review, rather than having a dinner break and coming back.

After we left, I found that I would do further reviews for about 1-2 hrs afterwards.  I am a firm believer that if you want to breeze through the tests, you have to put in the effort, and I didnt find the test to be a backbreaker (but it wasnt particularly easy either, I was just prepared for it)

I am completely interested in further certs in the field.  Im currently evaluating (or Im planning on using this site to evaluate) what all certs would benefit me the most going forward.  I will keep you gents posted on my plans moving forward.
<<

smittyb

User avatar

Newbie
Newbie

Posts: 8

Joined: Wed Jun 28, 2006 2:47 pm

Location: Kansas

Post Thu Jul 06, 2006 7:47 am

Re: CEH Bootcamp Review - by a new guy on the block

Hello.  Another newbie to the site.  I didn't go through a boot camp for my prep but the idea sounds like an ideal way of preparing for the test.  I studied many hours and passed my test on 6/28.  I have another class at the end of this month for CHFI.  In October, I'll be taking the CPTS class. 

I've been a silent reader of the site and it helped me with other resources to prepare for the test. 

I've been in security for about 2 1/2 years and enjoy it very much.  In 2004 I was able to attend a SANS confernece and I'm going to try and get another one approved for next year.  That was my first exposure to Ed Skoudis and his books are a great tool to learn from and his sense of humor is just fantastic.  My goal is to take his class that he teaches for SANS. 

Thanks for the information that helped me prepare myself for the test and I will continue to be active on this board. 
<<

mctoffer

Newbie
Newbie

Posts: 12

Joined: Mon Jun 05, 2006 4:13 am

Post Thu Jul 06, 2006 11:24 pm

Re: CEH Bootcamp Review - by a new guy on the block

I enrolled also on a CEH bootcamp.. i consider this as my jumpstart on security....  :)
MCP, CCNA, CEH
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jul 07, 2006 11:26 am

Re: CEH Bootcamp Review - by a new guy on the block

CEH is an interesting place to 'start.' If asked, I would recommend that people start with CompTIA's Security+. It is more of an overview of the entire security field. CEH is more technical and focuses on a subset of the security field. If you can do it, more power to you. I didn't find either exam to be difficult, but as Fenris stated above, preparation (including experience) is a vital ingrediant of an 'easy' exam.

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

smittyb

User avatar

Newbie
Newbie

Posts: 8

Joined: Wed Jun 28, 2006 2:47 pm

Location: Kansas

Post Fri Jul 07, 2006 2:01 pm

Re: CEH Bootcamp Review - by a new guy on the block

I totally agree with you Don.  I took the CEH exam first.  I'm going to get the Security + next.  Wish I would of done it in reverse order.
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Fri Jul 07, 2006 6:43 pm

Re: CEH Bootcamp Review - by a new guy on the block

But did Ferris pass the exam? he ddin't say. if he did, I must've missed it.
Ferris, did you have the question on URL Deobfuscation? I passed exam in DEC 04, and it was on my exam, and not covered in class.....
???
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

Sniganoo

Newbie
Newbie

Posts: 13

Joined: Mon May 22, 2006 5:19 am

Post Mon Jul 10, 2006 10:00 am

Re: CEH Bootcamp Review - by a new guy on the block

Now I feel like I should be doing the Bootcamp in preparation for the test.  For now I have been using books, online info and tools to prepare.  Glad you are all progressing with this.
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Mon Jul 10, 2006 10:29 am

Re: CEH Bootcamp Review - by a new guy on the block

Sniganoo wrote:Now I feel like I should be doing the Bootcamp in preparation for the test.  For now I have been using books, online info and tools to prepare.  Glad you are all progressing with this.


I passed the way you are currently studying.  I didn't go to the class,  but wish I had.  You can pass via the self-study route if you put the work into it.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

Fenris

Post Mon Jul 10, 2006 10:43 am

Re: CEH Bootcamp Review - by a new guy on the block

I had 2 url obfuscation questions on the exam.

The Training Camp gave us pre-requesite readings, and there were 2 pretty darn good 1 page summaries in them, that broke down the method a couple of ways.

I had a minor issue with the test questions as given in that the answer didnt require you to do ALL of the math to figure it out.  You decode the first octet, and thats all thats needed to get the answer.

I would have preferred going down at least 1 other level.

Regarding the other ideas, I took 2 sample tests prior to the bootcamp and passed them both (but not by much).  The bootcamp let me focus entirely on the material at hand with no distractions, and I learned the material MUCH better.

The end goal is having a good knowlege of the material, and the ability to apply it, and I personally think that the bootcamps will help you get there better than just reading the material, but YMMV.

(and yes, I passed)  ;D
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Mon Jul 10, 2006 6:11 pm

Re: CEH Bootcamp Review - by a new guy on the block

Well, Congrats.

Yeah, we didn't even cover URL De-obfuscation in class, but there is a GREAT 10 page website that explains it all. Were you aware of it? The test allows you to use Calculator, that made it one of the easiest questions to answer.

Find out about URL Deobfuscation at http://www.pc-help.org/obscure.htm
Last edited by oyle on Mon Jul 10, 2006 6:15 pm, edited 1 time in total.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software