Monday, April 27, 2015

How to prepare for Certified Ethical Hacker exam (CEH v8.0)?

Hello all. This blog will give you a fair amount of idea on why & how to prepare for this really good certification, Certified Ethical Hacker (312-50) (CEH v8.0).

As far as information security, network security and/or cyber security,  is concerned there is no boundary as such which defines the scope of overall computer security.

Information Security, mostly deals with the security of computer information(data in the form of anything, e.g. emails, text files, critical documents, databases etc.). Network Security, talks about securing your network devices(routers, switches, firewalls, IDS/IPS, etc.) which are a critical need in establishing an organization.

Cyber Security is a generic term which defines the security of Information, Networks, Cloud, Mobile, etc.

Why should you prepare for this certification?

Well, you don't really need to pass the exam unless your organization wants you to. But I would recommend reading all the topics in details. This would give you an excellent idea & will improve your basics on anything related to security. The study is mostly theoretical but you can relate it to real-time experiences or try to hack into your system.(Remember the warning in WWE fights. Similarly, Do Not Try to Hack Into anybody's space/computer/ipaddress.)
You can always setup labs, like Virtual Machines & run the vulnerable Operating Systems inside of it.

So, the answer is simple, want to learn hacking? This is a good way to start learning the basics of computer/cyber security.

Should I join a coaching institute? 

I would recommend joining a good reputed coaching institute(unlike as in CCNA, I said No).
Reason being, there won't be much difference for the fees you would pay if or not you join coaching classes. CEH v8.0 exam costs are $ 500 (~30000 Indian Rupees). You can easily get CEH coaching classes of at around INR 35000, inclusive of exam fees and official CEH books along with 6 DVDs that contains around 30 Gb of hacking tools.
Note: Do not try the tools, just like a small kid. Learn them & understand their significance. Try to analyse their behavior or the kind of work they do.

How should I prepare or study or learn?

As I said, join a coaching institute. But the fact is they will teach you, like you're in a bullet train running in around Europe. The classes usually contains 40 hours of learning(can be 5 straight full days or 2 hrs a day for 20 days).
They will walk you through the fantasy world of computer security, hacking etc. They might even talk you about hacking movies you need to watch. Guess what? Only for fun.
Do your home work, study the books the same day. Or you'll forget everything, if you are newbie into this field.

One main reason why you should join classes is, you will get to know the real world experience from the teachers or students(who may be already working with IT companies).

What are the important topics or ares?

Everything in the book & beyond. That's it.
Passing an exam wouldn't be tough if you go through the book just once. But if that's your ultimate motive, I would advise you to drop the idea of learning.
If you're well-verse with security thing, below are the chapters you should concentrate on:

  • System Hacking 
  • Sniffing
  • Denial of Service
  • Session Hijacking
  • Hacking Webservers
  • Hacking Web Applications 
  • SQL Injection
  • Hacking Wireless Networks
  • Hacking Mobile Platforms
  • Evading IDS, Firewalls, and Honeypots
  • Buffer Overflow
  • Cryptography
  • Penetration Testing
Every single chapter in this book is like a drop in the ocean. Learn well.

How to schedule exam?

Exam consists of 125 MCQs, you need just 70% to pass the exam.
As long as you are taking classes from an institute, you don't need to worry. Mine was the same case. If you want to know how to schedule it, write in comments, I'll update this section.

Before I windup, I would like you to go through below websites/links. Email me if you have specific requirements.

Official website for CEH & related details
How To Become A Hacker? I love this article and the way he summarizes everything related to hacking or being a hacker. To read the article, it would just take some 20-30 minutes. But it will take years of practice to be one.
Interview with a Blackhat. Read all the 3 parts of this interview based article. I'm sure you will like it.
Subscribe to this facebook page of OpenSourceForYou.

Did i left anything to mention? Let me know your experience & suggestions in comments section.