Friday, May 18, 2012

Thoughts on the C|EH

I just got back from taking EC-Council's CEH v7 exam and all I have to say is WOW. However this is not a good wow... this is an "Really guys? Really?" type of wow. Any before you start accusing me of being bitter, yes I did pass :-) . I have heard a lot of good things about this cert and probably the most important is how it relates to DoDD 8570, which honestly is the main reason I took it. I said to myself "Self, you just passed the OSCP so you (should) know how to be a hacker, you should be able to pass this test." That and since I just went through the OSCP training I shouldn't need to do too much studying and I sure as hell don't need to pay for their course. Although, I should mention they hit you up for an extra $100 if you don't take their expensive official training. So for me it ended up being $600 just to sit for the exam.

So I asked a former co-worker, who just got his C|EH about last November, what book he used to study for it and he told me THIS book. Picked up a copy and over two weeks got though the whole thing and was able to do fairly decent on the chapter questions. (Oh by the way this actually is a really good book if your just starting out and I love the fact that it is an easy read, this guy is a great author and needs to write more books.) Now just like anyone who takes exams I felt it was time to move to some practice tests. Now the first thing I did was go to EC-Councils website and look at what practice test they recommend, since I figure they would point me to the best one to use. Boy was I wrong! They pointed me to PrepLogic (See bottom if this page), and boy was that a mistake. The sample questions were simply unrealistic and totally off target. If you are looking for test questions STAY AWAY FROM PREPLOGIC. I could simply not score more than a 40% on these practice test yet was able to answer every question in the book I was reading. It was simply destroying my confidence. As I was talking about how unprepared I am to another co-worker he suggested I check out actualtests.com, "Great another one of these sites.." I thought but I checked it out and ended up using the PDF version of the questions to study from and I was able to a heck of a lot better on these.

Now for the exam itself, sorry, once again I can't go into detail about it :-/ . But I will say this, the PDF I got from actualtests.com was freaking SPOT ON for the questions. I would highly recommend grabbing it from them if you are going to study for this test. I finished the test in under an hour even thought they give you over four (why exactly is beyond me). I did not notice any of the major grammar/spelling errors that I have heard others complain about, I mean I am sure there are more errors here in this write up than there were on the exam.

I did start out with a negative view didn't I? Let me get back to that. This cert is in NO WAY an accurate view of a persons skills as a "hacker". Let me take that back, passing this test actually means they are a GREAT "multiple choice hacker", I am sorry but this is how I feel. This is more along the lines of an entry level/introduction to hacking cert, which is totally defeated by requiring a min of two years experience. You really don't need to know how to hack to pass this test, you need to know the theory and nmap switches. For the love of the Flying Spaghetti Monster, no one should be tested on switches like this... you know why "--help" that's why! We could even go with "man", or how about the almighty "GOOGLE". I do think you should know what some of these tools do and what they are capable of but if you really think that requiring people to be intimately familiar with all switches is what a good cert is all about you should be brought out back and well you get the picture. I'll stop ranting now.

The bottom line is while yes people (read: job recruiters) will look at you in a better light your going to need to know a lot more than what this is claiming you know. I would like to see them blend in some practical questions, like actually preforming a port scan or SQL injection and such, but I don't know if they could do it properly. If not they they should really consider aiming this towards an "Introductory Level" exam, similar to the Security+. It doesn't mean you your a pro but it means your on your way.

To be fair, there are many benefits to being a C|EH, especially for your average sysadmin. Learning the techniques people are going to use against you and to know what you need to look out for or what to ask the infosec pros you should be consulting, but if ya'll want a sales pitch go to the CEH webpage! Now, if you want to REALLY learn how to use all this theory go visit the guys from Offensive Security.