Posted in ethical hacker, certification, ceh

Passed the CEH Yesterday

Yesterday, I passed the CEH certification exam.

Big woop, right?

Well, it was for me. Mainly because I'm not a sysadmin. Nor am I an IT guy. My college degree was in journalism (public relations, actually) and for my day job I'm a web designer, developer and marketer (if that's even a thing). And for that, I was self-taught. Friends of mine in college decided they didn't want to help a local business with their website anymore and asked if I was interested in helping. To which I (ignorantly) said yes and proceeded to teach myself how to do it. I've been doing that ever since.

I became interested in all things "cyber" at a job I held a while back. I was the webmaster for a Seattle-based security company. Even though I'm just the web guy, I really like to get to know the subject matter and the audiences that are consuming the information. As I started down the security rabbit hole, I realized that it was a subject area that I could be passionate about.

As many infosec professionals do, I began building my pen testing lab at home, playing with firewalls, participating in CTF events, playing war games just to get my hands dirty and to learn. That's how I learned web development. Why not security?

And then a project came along that was tangentially related to the stuff I had started doing as a hobby. I had the opportunity to help on a project for DARPA around Plan X.

So I started devouring every book, blog post, Linux image, article, CVE and tweet that I could. Learning more about this world and how the sausage was made. I know I'm barely at the tip of the iceberg at this point, but that's okay. I'm excited to continue on.

The CEH exam

The exam itself wasn't very difficult. 150 questions, 4 hours, passing score of 70%. I didn't have any trouble passing, even though I was entirely self-study. My main focus going forward will likely be in the world of web app security, mainly because I have a head start on that already being a web dev so it seems to be a natural fit. However, I've heard that, regardless of what are of security you're planning to go, the CEH is a good cert to get when you are early in your security career.

For preparation I used the following:

  • The Matt Walker Book (All-in-One Guide)
  • CEH Certified Ethical Hacker Practice Exams
  • Boson CEH Practice Exams
  • Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses
  • The Basics of Hacking and Penetration Testing
  • NMAP Cookbook
  • And a bunch of other ad hoc reading on Wireshark, TCP/IP, tcpdump, etc.

I have to say that I felt like the test covered a fraction of what I studied and did in my labs. But if the function of a test is to get you to learn lots of different things that may or may not be in the actual exam, then it worked just fine.

What it did cover (that I can recall anyway):

  • Ports & protocols
  • Botnets
  • SQLi
  • MAC flooding
  • ARP spoofing
  • Outsider/insider affiliates/associates
  • Multi-factor authentication
  • MAC spoofing
  • Snort rules
  • Wireshark filters (based off hex, what tcp flags are they looking at?)
  • Three-step handshake
  • TCP/UDP per protocol
  • SQLi
  • Buffer overflows
  • Malware encoding
  • Steganography
  • Encryption and its relation to wireless
  • XSS
  • SQLi

Probably my #1 gripe with the test is that the quality of the writing/proofreading (translations??) left something to be desired. Sometimes I wasn't sure if they meant to word one of the choices differently or if there was actually a typo in the question... I was left scratching my head on more than one occasion. If there are misspelled or questions with typos in them and then you ask a question about code syntax, how do I know if the syntax was intentionally incorrect or if it was just a typing mistake?

I've heard this from other CEH candidates as well.

Nonetheless, I'm pleased with my certification and look forward to the next step. GCIH, anyone?