How do you prepare for CEH ?
The first question that you should ask yourself is why CEH over other certs ?
Apart from CEH being a highly recognized Cert, CEH gets you strong with you basics in the security domain,
this branches out into different paths such as:
# Penetration testing (VAPT)
# Management Level roles
# Audit level roles / Forensics
On completion of CEH you will be able to decide in which path you wanted to move your career into. However a lot of people are interested in VAPT over other career choices. CEH is one of very few Certs that focuses on wide range of Modules, while most other Certs focus only on a specific domain.
So, how do you prepare for CEH ?
# Get good with the basics, studying each modules in depth for your own knowledge.
# Ask for help, there are a ton of security forums that would help you with if you have difficulty with an concept, one of which is https://0x00sec.org/
# OSINT is highly important, this book would help you with this [ https://tinyurl.com/y6nqn6nq Conversations into cyberspace]
# Start with CTF that would teach you the basics, for instance someone who is new to CEH, its possible that you are not flexible with Linux operating system. Here is a youtube tutorial which would teach you about Linux
[ https://www.youtube.com/watch?v=bju_FdCo42w&list=PLtK75qxsQaMLZSo7KL-PmiRarU7hrpnwK ]
# CTF 1st stop : [ https://overthewire.org/wargames/ ] overthewire is a great platform that not only teaches you the basics, but it also teaches you about how to exploit the system / server. Start with “Bandit” in overthewire which focuses on Linux and command line utility. Once you are done with it move on to “Natus” which will teach you about web application exploits on a basic-intermediate level.
# To learn web application exploits: Try to solve all challenges from below listed, they would teach you about SQLi, XSS, HTMLi etc…
DVWA [ http://www.dvwa.co.uk/ ] ,
OWASP Juice shop [ https://www.owasp.org/index.php/OWASP_Juice_Shop_Project ]
WebGoat [ https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project ]
# Social Engineering: This is a concept that is very hard to teach, the CEH course trys to deliver as much as possible but the it purely depends on the individual itself. Here is a set of books that has a collection of books regarding social engineering & Human Manipulation
[ https://greysec.net/forumdisplay.php?fid=11 ]
# System Hacking: Metasploitable would help you learn about system hacking and exploits. Try to complete a significant number of challenges from Metasploitable.
[ https://sourceforge.net/projects/metasploitable/ ]
# Learn to script : Personally I think Python, Bash , Powershell are like the best in terms of scripting. For python you can read The blackhat python or Python for Pentesters which would benefit you in a long run.
# Preparing for CEH Exams : The exam consists of 125 questions and a 4 Hours duration.
If you spend 100 Seconds on an average on a single question, you will be able to complete the test in about 03:00 Hours, you can use the rest of 01:00 hour to review all the questions. Since they are all multiple choice questions you need to be careful with the answers.
# Here is a coupe of links that consist of previous year CEH questions tht would help you prepare for you CEHv10 Examination
Aoowe [ http://www.aoowe.com/certified-ethical-hacker.html ]
Iced Milo Code [ https://icedmilocode.wordpress.com/cehexamquestions/ ]
This should be enough to get started with CEH, but wait its just the beginning listed below are some useful links that would help you practice and improve your skills.
# blankdash [ https://github.com/Karma47/temp/blob/master/hello.txt ]
# Hackthebox [ https://www.hackthebox.eu/ ]
# Vulnhub [ https://www.vulnhub.com/ ]
# Wechall [ https://www.wechall.net/ ]
# hackerone [ https://www.hackerone.com/ ]
# CTFTime [ https://ctftime.org/ ]
Good luck, Hope to see you soon.
-blankdash
.png)
Comments