The other day, I stumbled across an interesting blog post with the subject Certified Ethical Hacker (CEH) vs. Offensive Security Certified Professional (OSCP) . . . and How to Start Your Ethical Hacker Career”. I did not only read this article but I devoured it and kept nodding my head, in agreement, as I read through it. I am at a stage of my ethical hacking career that I am seriously considering the notoriously difficult OSCP certification.
Let me explain why I would introduce a blog post on Certified Ethical Hacker review by mentioning another post comparing CEH to OSCP. After reading the post, I immediately shared it with my colleagues. One of them will be undertaking the CEH course and exam shortly. He asked me to advise him on how to approach this undertaking. His request is in a way, what prompted me to write this post.
Before I can share my opinion on the course and how I think one should go about preparing for the exam, allow me please, to share a few words about myself; I think that will give context to my opinion and review of CEH course.
I am an Information Security Analyst with several years of experience as part of the defensive team (aka Blue Team) and almost two years as part of the offensive team (aka Red Team). My daily responsibilities include a blend of “blue team activities” and “red team activities”. I have a post-graduate degree in Chemistry. My undergraduate majors were Physics and Chemistry. I am not a Computer Science graduate.
With that background in mind, let me share my personal experience on the Certified Ethical Hacker course. In response to my colleague’s enquiry, I mentioned this about CEH: if there was one book that could teach you everything there was to know about ethical hacking, and that book had 100 pages, passing the CEH exam would equate to completing the first five pages of this book. What do I mean? Well, if it is not clear enough after reading the previous sentence, passing the CEH exam is just the beginning of one’s ethical hacking learning process. (Please put this into the context of my educational background – see the opening paragraphs above.)
I am not going to go into the details and facts that are already available elsewhere on the Internet. (If you are reading a piece on CEH, you likely know how to perform an online search.) This is the format of the CEH exam: it is a multiple choice questions exam, consists of 125 questions, and lasts 4 hours or less. You can read about the other details here.
One question that is always top of the mind of those considering a cyber security certification is: Who is the course for? I think that this course is a very good starting point for anyone with aspirations of becoming a penetration tester. The EC-Council has this to say about CEH: “A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).”
Having said that, someone who has solid experience as a penetration tester, but without any formal training, may consider this certification. I am told that human resource departments of many organizations consider Certified Ethical Hacker certification to be a minimum requirement when looking to appoint someone for a cyber security role. This certification may be exactly what you need to get the recruiter’s attention.
Let me elaborate, from a beginner’s viewpoint: the 5-day course that I attended covered the basics of ethical hacking. Arriving at the training center on Monday, I was given a box with the following contents: courseware, a lab manual, an exam voucher, and login credentials to the APSEN portal.
Courseware: this is made up of two hard cover copies but you can download soft copies from the ASPEN portal. The total number of chapters covered by these manuals is about nineteen. The manuals cover, among others, the following topics: Introduction to Ethical Hacking, Cryptography, Session Hijacking, SQL Injection, etc. Each of these topics is covered at about “1 inch vs. 1 mile” depth-level. It really is up to the student to research and learn more during and after the 5-day course.
The courseware is loaded with useful URLs and pentesting tools. It is impossible to cover each tool to any level of detail during the five days. The courseware endeavors to only introduce the tools and further learning is recommended. Let’s relate this back to the exam; you will be presented with screenshots of some of the popular tools, e.g. Wireshark, and you will be expected to either identify the tool or interpret the results.
Lab manual: our instructor did not directly refer to this at all during the 5-day course. I am not suggesting that the manual is to be ignored during your preparation for the exam. I think the purpose of this manual is for the student to set-up a lab after the course, or better yet, to subscribe to The Virtual Hacking Labs and start practicing before taking the exam. (I took about 4 – 5 weeks after the conclusion of the Certified Ethical Hacker course to prepare for the exam. I did not specifically spend this time on practical learning in the labs. I spent it studying the courseware. However, you will do well to practice some nmap commands, SQL statements, etc. before you take the exam.)
ASPEN Portal: your entire course resources are available here, e.g. soft copies of the courseware. I recommend that you login to this portal as soon as you can. You are able to download tons of material, including virtual machines that you can use to build your own lab.
The second question that you probably have on your mind is: What did I like and not like about the course? It really is hard to say what I did not like about the course. The reason being that what I “didn’t like” about the course was that it focused mainly on theory, and was limited in practically learning “how to hack.”
I am reluctant to state minimal practical training as a dislike because I don’t think that the creators of this course designed it to be a practical course. IMHO, it definitely was not intended to be like OSCP; you can read my associate’s OSCP review here.
I liked the simplistic approach in which the material was presented. I had the opportunity to attend a course presented by a very experienced pentester with many years of experience. The EC-Council recognizes the best Certified Ethical Hacker course instructors annually and our instructor was awarded this recognition a few years back. I only became aware about this award after the exam. It would be worthwhile to do a bit of research about your prospective instructor. (I am not sure if information about award-winning instructors is available outside of the ASPEN portal.)
CEH Instructor Led Training
Let me share what happened during one of the classes to highlight the importance of attending a course led by an experienced instructor. I attended the course during the week of May 8th, 2017. On Wednesday the 10th, our instructor asked if we’d like to see a demo of the EternalBlue Double pulsar hack. We, of course, said YES! On May 12th, major international news networks covered the news about WannaCry Global Ransomware attack. The WannaCry attack exploits the same vulnerability that was demonstrated in our class a few days before the Global Cyber Attack. It is absolutely imperative to choose your training centre well. An experienced instructor will bring some fresh and latest content to the class and this will inspire you to learn more than what is covered in the class.
The Exam: I recommend that you find yourself a very good study guide and study it very well. I mentioned that this is very much theory-based, and there are certain things that you will have no choice but just memorize – I hated this about the course. (I apologize for not mentioning this earlier under the dislikes!) I got hold of a 761-paged study guide and studied it. I managed to pass the exam on my first attempt. I should mention that my instructor recommended the study guide that I used to prepare for the exam. (I cannot overemphasize the need to find a reputable training center employing experienced instructors.)
Exam voucher: I think that you have an option to purchase this with your training voucher. Please keep in mind that the voucher is valid for 12 months. The exam must be taken at a certified exam center.
Certified Ethical Hacker Career perspective
Career Perspective: Again, you probably have noticed that I like to provide some context when rendering an opinion. I live in South Africa, and it is a developing country. You might have a different experience depending on where you live. So, will this certification increase your prospects of employment in cyber security? I believe so. Several recruiters have approached me ever since my LinkedIn Profile reflects completion of the CEH.
In conclusion: You need to recognize and acknowledge the CEH course for what it really is: a basic training in ethical hacking. If you are serious about a career in penetration testing, then you must consider at least one of the following after you get certified: Offensive Security Certified Professional (OSCP), EC-Council Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT), etc.