CEH review
As Instructor (CEI , check here) of the year for EC Council classes, many of my students are asking how the CEH exam (312-50) was, what is the course about etc.
I am more then happy to explain all this , but one of my Students Daniel Weis’s done a great job, explaining the course, the course structure. Below is a good review about the CEH course, and the exam from a real Security Adviser , a happy CEH v7 student:
Back in march (14th) , I was one of the lucky 375 individuals globally who got into the global launch class for the EC-Council’s Certified Ethical Hacker Version 7.
Because we are based in Australia, our classroom of 10 became the first in the world to start and complete the course.
I had been spending the 7 months prior to the course studying for the CEHv6 and if any of you have seen the amount of material you will understand how painful that is. When the opportunity came to go straight for the v7 I took it.
I took the course through a company called CEO IT Training (were fantastic), who, at the time, were one of the only providers who were authorized to run the course in Australia.
My trainer was Erdal Ozkaya, I have to say the best trainer I have ever had for any course. He knew how to keep the class interested, motivated and provided great examples to assist us our memory on the material, not to mention is currently a pentester, a MS MVP, and a definite legend. You can check out Erdal’s Blog here: http://www.erdalozkaya.com/.
If you are looking at sitting the course, let me put you straight now. Experience in the I.T industry is a MUST. Heavy exposure to windows/ knowledge of linux, networking etc is essential, or like a lot of my colleagues in the course, have a background in coding, web development etc.
If you do not have a strong I.T background you will struggle.
Secondly, Expect Long, Long Days. Due to the massive amount of content to get through (and labs) within the 5 days, I found we would start at 9 and finish around 5-30:6PM, however we would just run through the slides and labs very quickly (due to limited time), so, expect to go home (or to your hotel) each night and do an extra 3-4 Hours worth of work to go over the material in more detail so you understand it and also complete and missing labs, repeat the same process from 7-9AM before the class starts also 
If you are like me, there is way too much material to take in during classroom time only and will need to go through a few times.
The course content itself, I can’t discuss due to an NDA, Module list is here,
but it was an extremely interesting, cool and satisfying course, that really teaches you how to be a malicious hacker, how they utilize different tools and techniques to break into your network.
To sum up the course: Simply awesome.
Due to being one the first to complete it, the exam was not yet available at the end of my course to sit. In the end I was able to sit the exam on the 4/4. But had to fly up to my training center to do it.
The exam was the hardest exam I have done, I have taken Microsoft, Cisco, Comptia and a multitude of other vendor exams and they do not come close to this one. You have 4 hours to complete the exam and its 250 questions, with a 70% pass mark.
I think the hardest part was keeping your attention and focus for that large amount of time, it took me about 3.15 hours to complete, the only issue with being one of the first to do the exam, is that we were not prepared for the exam within the classroom as it was not yet available, so basically it involved studying EVERYTHING. I passed on my first shot with 84 points out of 100.
For those preparing to sit the exam, Know like the back of your hand: ALL TCP flags & responses (SYN, Connect, Stealth, FIN,
XMAS, NULL, IDLE etc)
Port Numbers, port numbers and more port numbers, you will be queried on all ports in different types of questions ranging from pop3 to smb, to netbios, used both in rule based IDS construction and in port lockdown. Also know all stages of the TCP sequence and handshaking mechanisms and appropriate responses. I got a stack on this.
I also received questions on:
Cisco commands, 2 on different switch config’s to reduce ip spoofing etc (all in the curriculum )
TCP sequence numbers and IPID generation, I received one of the questions to identify the next set of sequence numbers etc, so you need to know how to calculate them
You Need to know how to convert base 10 ip’s and how to obtain local SAM’s from servers
Session Hijacking & MITM – few questions
had about 10 questions relating to reviewing Snort logs to determine the attacks used, so students need to get familiar with snort!
some questions on machine code & what to do to cause buffer overflow attacks.
some sql injection attacks question, and also had to know the command to add a user to the database.
Lots of questions on port filtering and countermeasures across the board.
I also found some questions were similar to the version 6 questions, so any testking’s, exam cram’s etc for version 6 will help as well.
In terms of study….I went through the curriculum about 7 times in full (takes about 8-11 hours a hit to go through all of the material depending on how fast you read) , I did about 130 odd hours worth of study (plus all the study throughout the class) plus I did another 3-400 questions from the version 6 before going in and of course the 6-7 months of version 6 curriculum prior to the course.
Like the age old saying, you get out what you put in. Hope this post helps some of you guys out if you are looking for info on the CEH. My next endeavour is the ECSA/LPT. You need to complete the CEH before ytou can hit the ECSA so should be fun.
Until next time.
And if you wonder who this awesome student is , below is his photo from the Global CEH v7 launch class, straight from EC Council web site.
