My EC-Council Certified Ethical Hacker Study Guide
Let me start off by saying that ethical hacking or anything penetration testing related was not in my initial plans, but everything changed when I earned my CompTIA CySA+ certification. CySA+ introduced some vulnerabilities and attack methods and the CompTIA PenTest+ certification really dug more into those areas plus basic coding. Having both certifications really helped with my C|EH studies and I highly recommend taking those two certifications.
The reason I pursued C|EH is because C|EH has strong value within the defense contracting employment process. When you search most job description, C|EH populates in a lot of them.
As with all my study process, I started searching Reddit and joined the C|EH group. This group was helpful because we shared valuable information which each other like tips and study references. Also, I recommend joining Dion Training: IT Certification and Study Group. This group is also a good to be part of because there are people that holds the C|EH certification and or studying for it. The link is provided down in the resources section.
I always use video courses first and fine tune my studying with a reference book. Here is a breakdown of my studying process:
1) Jason Dion’s CompTIA PenTest+ Course
I highly recommend any course from Jason Dion. You can find this on his site. The link is in the resources section.
2) FedVTE CEH V10 Prep Course
The only reason I took this course was because it was a requirement to get an exam voucher through DoD but I found out later that I did not qualify because I already met the DoD 8570 Baseline Certification for CSSP category with my CySA+. Also, this course is very boring. I do not recommend this course unless you are DoD and do not have any CSSP certifications. The only plus to this course is the 29 CEUs you earn upon completion. You must be a US federal, state, local, tribal, and territorial government employees, federal contractors, and US military veterans to get access to this site.
3) Certified Ethical Hacker All-In-One Guide (AIO), Fourth Edition by Matt Walker
Very solid book. I enjoyed the authors information flow and humor. It really made things easier to understand. This is really the only book you need.
4) Jason Dion’s Certified Ethical Hacker V10 Exams (Unofficial)
Great study questions with explanations.
5) Boson Ex-Sim Max for Ethical Hacking
This is gold. Boson not only explain the correct answers, it also explains why each choice is incorrect. You should really review the explanations well. I was averaging around 85% on my exams and passed my C|EH with 112/125 so about 89%.
I initially tried to get a voucher from DoD but did not qualify, then I tried through the Army Credentially Assistance program but ran into many hiccups. I ended up paying out of pocket for the exam but reimbursable through my unit. I opted for the ECC C|EH Exam Center option and took the test in the comfort of my home. This was a fairly easy process. What you need is good/reliable internet connection and a webcam, preferably one with 360-degree capability. If you do not have this type of webcam, your proctor will ask you to conduct a few simple steps to validate your testing environment. My proctor was solid. I had a total of 125 questions and 4 hours to complete the test. I breezed through it in about 45 minutes and spent about another 20 minutes reviewing my answer choices.
I cannot tell you the exact questions but here are some of my suggestions to focus on:
Banner Grabbing. Understand what it looks like in action and how to conduct it.
Ports, Ports, Ports!!!! Know your ports. You can use process of elimination to figure out a few ports.
Know the TCP three-way handshake process and what attacks takes advantage of it
Nslookup and zone transfers
The different types of Hackers
Encryption. There are less Asymmetric encryption algorithms than there are Symmetric. So remember Asymmetric and the basic of DES and AES.
Nmap and Hping switches. Know what each switch does.
Know the difference between XSS, CSRF, SQLi, Clickjacking etc. Know how to identify them in script and know the theory behind each.
Know what an IDS is, how to use it, and how to defeat it.
Know Bluetooth attacks
The Hackers Methodology. Know it by heart.
How to conduct a sniffing attack and how to defeat it.
Learn the various tools. The AIO is a solid reference for all the tools.
Learn how to read a firewall log. You need to know how to setup the rules correctly. Not hands on but being able to look at a log and figure out what is going through the network.
Know the different virus types and other attacks like RUDY, smurf, fraggle, etc.
Honestly, I had former colleagues state this exam was super tough but compared to PenTest+ this exam was pretty mild if you prepare yourself. You do not need to purchase the EC-Council official material unless you do not have the experience required to take the exam. The materials I listed are more than enough to pass. My goal for the remainder of 2020 is to earn ISACA Certified Information Systems Auditor (CISA), eLearnSecurity Junior Penetration Tester (eJPT), and Offensive Security Certified Professional (OSCP).
Dion Training: IT Certification and Study Group
Reddit CEH Group
CEH AIO by Matt Walker
Boson Ex-Sim Max for Ethical Hacking