I’ve spent the last six months working on completing the CEH V9 exam. I wanted to share some of the technics and resources I used to complete this milestone. This list is definitely overkill, but I didn’t want to leave any material I used out.
My goal in completing CEH was two fold.
- Complete the exam (Obviously)
- Be able to preform the skills presented in the exam
Often when it comes to industry certifications candidates’ study to complete the exam and less on learning the material. Though there’s a time and place for that I wanted to immerse myself into the material using the exam as a guide for what content to learn. You could definitely say I over studied, but I don’t regret all the different perspectives of the material I acquired. Even still I’m not sure you ever really feel 100% ready to take an exam.
First of all this test is mad expensive. It’s 500 bucks plus a 100 dollar application fee. Check to see if your employer will foot the bill. If you’re in the military and in a cyber related field I know there are programs to pay the fees. The Navy used cool.navy.mil . If you, as myself, have separated check out the “Veterans Career Transition Program” sponsored by JPMorgan Chase. This is what I used. They will give you a grant for all testing fees and provide training through Syracuse University. Check it out here: http://vets.syr.edu/education/employment-programs/
Syracuse University Skillsoft V8 Course + Test
This was required for the grant I received in order to be granted funding for the exam. It essentially was the V8 course modules presented PowerPoint style while a monotone voice narrated what I was looking at. The test was hard and none of the questions were even similar to the actual exam.
These video lectures are recordings of everything from pentesting, networking, server operations, and cyber defense for CERT provided by Carnegie Mellon University. There is a specific lecture on CEH V8 recorded in 2015. If you are a veteran or government employee you can access these for free. They are full of great content, very informative and not boring. Sign up here: https://fedvte.usalearning.gov
“Skillset.com” I used the paid version, but if I were to go again I’m not sure I would use this at all. It’s advertised as a lighting round question generator to get you test ready. Maybe it would be a good resource for someone already knowing the material and just needing to pass the exam because their work requires it. I found myself researching questions with wrong answers all to often. In a way I guess it forced me to research test content, but it also could get you to memorize wrong information. I think I saw maybe 5 questions on the exam that were very similar to what was on Skillset. Also, before I took the test and cancelled my Skillset account I emailed them asking how I get refunded for a failed exam attempt with 105% readiness score as this is what is advertised by them. They never responded.
I have a friend who has IT Pro TV and I watched the CEH V8 with Sean-Philip Oriyano and CEH V9 with Adam Gordon. This was loaded with information! They basically use the CEH exam outline to guide their conversations and take you along for the ride showing examples of programs and websites. This is a great resource to observe conversations with security professionals as they dissect the topics.
This website is loaded with free training videos. The CEH’s Videos are granularly broken down by topic. Excellent place to brush up on areas you’re not feeling comfortable about. Cybrary.it
CEH V9 Study Guide
CEH V9 Practice Test
CEH V8 Study Guide
CEH V8 Practice Test
These books by Mr. Oriyano have pretty much become the quintessential study material within the self-study CEH community. When I started studying for the exam the V9 books weren’t out yet, so I started with the V8. Really all you need is V9.
This is a technic I use to create pages of useful information to memorize such as ports, scan commands, software tools, etc. For me the process of writing these down helps to memorize them more than studying the sheets themselves.
CEH V9 Exam Modules
You can find these all over the Internet. The modules are the PowerPoint slides they use in the instructor led classes. Studying these can help you anticipate what content is testable.
Security Now: www.youtube.com/user/TWiTSecurityNow
7 Minute Security: www.7ms.us
2600 is a quarterly magazine that has articles about current hacking related issues. In the back of the magazine you’ll find a listing of all the 2600 meet-ups. Find one in your area and prepare to be humbled. Very intelligent people here. Great conversation. www.2600.com
SecurityTube.net is hours of tutorials and hackercons curated from around the web all in one location.
Home Built Lab
My lab was in a constant state of change but here were the basics. I repurposed an old tower with different vulnerable images. Some of the images I played around with were the OWASP WebGoat Project, Windows XP and 7, different ones found on www.vulnhub.com. For my attacking machine I ran Windows 7 and VMware with Kali. Infosec Institute has a nice blog post on building a basic pentesting lab I found useful. http://resources.infosecinstitute.com/hacking-lab/
Websites With Useful Information: