.

Beginning the CEH

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Nov 07, 2010 3:34 am

Beginning the CEH

Well, since i've decided to do what ive been putting off forever, i've finally decided to attack the ethical hacking part of my career (Bad pun intended.)

At this point I believe I will start with the CEH. ELS's student program will probable follow, we'll see what kind of timeframe I am looking at later. This thread will hopefully serve to chronicle my progress towards this exam, and hopefully keep me motivated and on track.

First and foremost, I am not looking at this point at ordering the official guide for financial reasons, and reviews of the material would seem to indicate that the money could go elsewhere.

So my first question is, what should be the first book that I should read? What kind of timeframe should I set for myself to master this exam material? I think I am firm on security knowledge at the Security+ level, and I have user level Linux knowledge, no programming knowledge.

Thanks in advance for your replies!
sectestanalysis.blogspot.com/‎
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Sun Nov 07, 2010 8:34 am

Re: Beginning the CEH

I dont think CEH requires to have knowledge of scripting or else . It focuses more on tools , You can get CEH book under 30 USD from amazon.com ( dont forget to read reviews of that before purchasing it ) . And as an starting point I think it would be a good idea , other then that do check out the tutorial section of EH which contains links to free logical security CEH videos .
It has become appallingly obvious that our technology has exceeded our humanity.
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Nov 07, 2010 4:53 pm

Re: Beginning the CEH

Looking at that now. By the way, does anyone have a good lab setup for use in studying the CEH? I know the official kit comes with several DVDs.
sectestanalysis.blogspot.com/‎
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Sun Nov 07, 2010 5:52 pm

Re: Beginning the CEH

Hi SephStorm, I read Kimberly Graves 2010 edition from Sybex, it's good, but doesn't seem to cover enough or go into depth, however the companion cd comes with a great test engine and flash cards.

The asbolute best resourse I've seen out there (which is very pricey) is Wayne Burke's video course, it's certified by the EC-Council, but like $1600 or so.  I got to watch some that a friend of a friend had purchased and it's absolutely amazing.  He goes so in depth way beyond just the CEH.

I do know that you need to know how to read and understand certain types of scripting, such as they show you a SQL Injection vulnerability or something similar that requires some programming knowledge to understand.  Not in depth by any means, but you have to know what you'll get from that output. I'd check out eLearnSecurity's free SQL module.

I have the certificationflashcardsonline, by Shon Harris for $18 and they are 300 questions that are very very good.  You can access from your mobile phone or wherever since it's web based login.  The answers to the Q's go into a lot of depth as to whatever tool or subject they are talking about, that it seems like almost a book in itself...


The CEH Study Guide by Kimberly Graves cost me $60... Yes I do Amazon, but had a BnN gift card... I wanna get rid of, mint.. Let me know if you're interested, I can seel it back to Amazon for like $12...

If not breaking any laws/ rules I could give you access to my online certificationflashcards, so you can get a little taste if you like.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Mon Nov 08, 2010 4:42 am

Re: Beginning the CEH

very interesting... I have access to the graves book through books 24/7, so I I am good on the book, but the CD isn't included, but I am far from looking at testing at this point.

Is this the company selling the Burke video? http://www.learninggate.com/about/meet_our_experts.php hes on the page there, but I am concerned, as the claim to be affiliated with career academy, which has a IMO, horrid CEH video set (I believe the presenter is Kenneth Mayer, who is on that site as well. But I might be mistaken. Whoever it is, he was the most annoying habit of attempting to use his hands constantly... non stop, to illustrate the most basic of concepts. In addition to the series' other faults.

Anyway, I couldnt find a link to purchase the videos there, or elsewhere yet.

OH, I am however loving the logical security videos  linked from here, great resource! (I still have yet to see Shon Harris in a video of any kind...)
Last edited by SephStorm on Mon Nov 08, 2010 4:44 am, edited 1 time in total.
sectestanalysis.blogspot.com/‎
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Nov 08, 2010 9:52 am

Re: Beginning the CEH

SephStorm wrote:Looking at that now. By the way, does anyone have a good lab setup for use in studying the CEH? I know the official kit comes with several DVDs.


The DVDs, which are included in the official courseware, don't include any lab setup, iirc, just the tools, pdf's, etc.
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Mon Nov 08, 2010 10:03 am

Re: Beginning the CEH

Thats too bad, I know many training programs use lab setups for classes. hence, why I hate self study...

After doing some research, I will have to reconsider the Career Academy program. I was correct with my info regarding Ken Mayer and CA, however, it appears that those videos may be dated. The videos referenced on the site appear to be the Burke videos. I will still have to do some research before I drop a grand on it, but the more I think about it, the more I like it... :o I am wondering why Wayne didn't do a CPT video series with them, or anyone else...
sectestanalysis.blogspot.com/‎
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Tue Nov 09, 2010 2:01 am

Re: Beginning the CEH

Yeah, I had never heard of Wayne Burke before, but I must say his Career Academy stuff is pretty impressive in scope.  I'll have to look up what else Burke has done..
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Nov 09, 2010 12:11 pm

Re: Beginning the CEH

If you want ideas for labs, look in to chapter 4 of Practical Penetration Testing. You can find a link to the chapter in the book review section above. (Features).

The book over all, I'm not too far into it yet because other things taking have a higher priority, seems to be pretty good. I've already learned some things from it.
OSWP, Sec+
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Thu Nov 11, 2010 11:16 pm

Re: Beginning the CEH

Well, I did say I would chronicle my progress, so a rundown of this week.

I started studying this week, and one of my primary resourses is the Graves study guide. I read chapters 1 & 2, and started on chapter 3. As always, it is amazing reading information on the information gathering stage of hacking, as you can see just what information is out there about your orginization, and sometimes, you yourself.

I don't think I have any major problems with this section except that I really didnt have a hard target to test, while technicly I can use any company for this phase, and indeed I used ARIN and whois to lookup a few, I feel that ultimatly you are gathering this info to prepare an attack, and I have no intention of hacking any of these companies (unless they pay me for it. ; ). I also looked at Hacking Exposed vol6, the corresponding chapter, but it went, I think, overboard for my purposes. Excellent for use when actually using against a target, not so much I think for study?

Chapter 3 is the Scanning and enumeration section. I am only part way through this section, but I decided to throw up some practical excercise here. I used the Heorot.net De-ICE live cd 100.1. Now this "lab" has only limited usefulness because it is designed, I think, with a specific purpose in mind. on purpose, it is not "metasploitable" and certain things have been "broken" to add a touch of difficulty.

So after setting up my lab as decribed in the forum post on Heorot, I started my test. I am most familiar with NMAP, so I fired it up and took a swing. (FYI, I have done the scenario before, but I acted, for the most part as if I had not. Besides, I had forgotten many parts.) I attempted to practice the scenario with a touch of realisim, so first I preformed a scan to see if the host was online, followed by a scan, with the timing set to 3 as an attempt at staying a quiet as possible. I descoved several open ports, and preformed version detection on them. (again, I think the CD comes into account here, but I know its part of the methodology.)

At this point, I had my first real question, how does a beginner know where to go from here? From my previous experience, I knew what port to look at first. A year ago, I didnt. So how would I know what ports to look at and how to attack them?

An any case, I continued the 100.1 excercise up until the priviledge escalation portion, because I was using a different version of BT, that didnt have the needed password list to complete the excercise, and I sure as heck didn't remember it. But one thing I made sure to do was look at the tools presented for each purpose. NMAP and Hydra (cmd-line) were the ones I used. I was unfamiliar with Hydra, so I looked it up. I used the instructions given by the tool to perform the excersise, I did a YT search, but the video I looked at used the GUI option, which doesnt really help you learn much I dont think...

anyway, today I want to finish Chapter 3 and perhaps move on to Chapter 4. We'll see what the day brings... It is my birthday after all... Which begs a question... If youre born in the US, and you are aroundd the world on your birthday, should you celebrate it on the day in the timezone you are in, or when it is actually your brthday in the states? ....
sectestanalysis.blogspot.com/‎
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Fri Nov 12, 2010 12:58 am

Re: Beginning the CEH

Happy Birthday!  I dunno, I suppose I'd celebrate it when I feel most full of energy.. We tend to celebrate a birthday on a whole day, in my case being born at 7am I could use that as a reference.. Or just celebrate twice!

I'm glad you're liking the Graves book.  I'm going to start my second reading of it tomorrow as now that I've had other resources and some of eLearn's modules, going back makes what is more "vague" make more sense in a way..

I actually purchased Hacking Exposed 6 along with the Graves book, which I can see being much more beneficial in the long run, but I've only gotten through the first couple of chapters, so I plan to try and finish that up by the end of this week.

I feel like Grave's book is more like a good "guideline", then as you're doing, research on your own from there, expanding on each topic.  After I re-read what you're talking about right now tomorrow, I'll give you my opinion as to what I think..

Check your mail, I have a b-day gift for you, I know will help alot to expand on what your're getting from the CEH material you have gone through so far.

I purchased my voucher today, will probably take the exam mid to end of next week, depending on when I actually get the voucher or voucher number..
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri Nov 12, 2010 10:22 am

Re: Beginning the CEH

lol, if you have my address, youre a better hacker than I am ;)
sectestanalysis.blogspot.com/‎
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Fri Nov 12, 2010 4:24 pm

Re: Beginning the CEH

Darn, I just put the one you have listed on the site here.. lol

I'm supposing it's the wrong one.. ?
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Fri Nov 12, 2010 5:13 pm

Re: Beginning the CEH

Hey and who says I'm not a better hacker than you, just cuz I don't post your SS # on forums... JK of of course  ;)
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri Nov 12, 2010 7:52 pm

Re: Beginning the CEH

theres one on the site here?  :o  Oh, are you talking email address?
sectestanalysis.blogspot.com/‎
Next

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software