Certified Ethical Hacker (CEH) is a qualification obtained by demonstrating knowledge of assessing the security of computer systems by looking for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system.
C|EH Master (Certified Ethical Hacker) Certificate consists of two parts: C|EH -Practical Exam, that as the name suggests, is a practical, hands-on exam and a theoretical Ansi C|EH.
Ansi C|EH consists of 125 theory questions and lasts 4 hours. I won’t write much about it here as I prepared for it three years ago. I don’t really remember what I used to prepare, and probably many good courses showed up since then 🙂
In this post, I will write more about preparations for C|EH -Practical and the exam itself. It lasts 6 hours and has 20 questions and hands-on questions similar to the Aspen iLabs environment. It took me 4,5h hours to complete, with some annoying hiccups along the way. You will not know the results until you press Submit button. To pass it, you need 14 correct out of 20. I ended up having 18/20, but I know exactly where I made a mistake.
Once you pass both exams, you have to write to practicals@eccouncil.org and send them both certificates and your Aspen username, and they will award you with C|EH Master Certificate.
Is it worth it?
Depends.
I have used this certificate as a milestone that helped me focus on an immediate feature goal that I worked for and studied for. I found out that scheduled fixed exam dates help me get motivated to stay late nights to study. Additionally, because I studied pretty intensely for it, I can confidently say I progressed a lot in the hacking/security domain. Earning the certificate boosted my confidence and gave me a feeling of achievement. On top of all that, I have a really supportive boss that was willing to pay for it and gave me space for development. So for me, it was worth it, and I am pretty happy I did it.
On the other hand, if I were to pay for it myself, I think I might have skipped it and tried something more complicated later on. It is quite an expensive certification (like all of them are) with a price tag of 550$ for the practical exam voucher and 199$ for access to iLabs. The opinions on how important it is for a career are divided, and there are more prestigious exams out there like OSCP.
What to expect
As I mentioned before, the exam consists of 20 hands-on questions; most of them are open where you type in the answers, couple of them are multiple-choice. If you read the question carefully, finding the solution should not pose the problem, and once you have it, you know that this was what you were looking for.
The exam environment looks exactly the same as the iLabs; instead of explaining each module, you get the exam questions. The environment comes with preprepared tools both on Windows and Linux(Parrot) machines, which are enough to solve all the tasks. It is the same tools that were available in the labs.
It is an open book exam, meaning you are free to use the internet anyway you want as long as you don’t talk to anyone. I had made some personal notes for quick access, and I also had some parts of iLabs on my google drive.
It is important to mark that you don’t have access to the internet on the lab machines, nor is it possible to copy-paste. So you whatever commands you find on the internet, you have to type it in. You can’t install any extra tools except the ones that are provided (no internet).
There is one break of 15 minutes to go to the toilet. You are allowed to eat and drink during the exam. But don’t drink too much; one peeing break might not be enough 😛 You can stretch and stand up as long as you are clearly seen on a camera.
You can’t have anyone in the room, no music in the background, and no headphones. The microphone and camera have to be turned on all the time. And, of course, your screen will be shared during the whole process, with the proctor being able to take over the mouse if you encounter some problems.
How to prepare
That is the most exciting part.
Aspen iLabs
It is the official CEH playground. You can buy six-month access to iLabs for 199$ that covers the complete material, and go through all the tools. While I don’t regret getting access and going through some of the tools, I would not go through otherwise; I must admit it was the most boring exercise I did for this exam.
The course goes through a very long list of tools, some free for use, some commercial, and it is impossible to remember all of them. The course is constructed in a way that it leads you by the hand, step by step. While this might be fine in most cases, I don’t need a screenshot of “login in Linux“, “type sudo su in termial” at each exercise on Linux. Sometimes I had a feeling that if I turned off my thinking, I would still be able to complete all activities.
The course wasn’t a challenge, and I really struggled to go through it because of how boring it was. One of the reasons was me finding other tools to help me, which were way more engaging.
That being said, doing the iLabs made the exam easier as I immediately knew which tool to use for each exercise. I think I would be more challenged on some questions if I didn’t go through them, mainly because you can’t download any other tool.
TryHackMe
I enjoyed this platform a lot! It is an online platform for learning cybersecurity using hands-on exercises and labs. You can use a free version, but I would recommend you get a paid one – 10$/month is not much but well worth it!
The rooms give you intro, show tools, and require you to do actual work and some research on your own. It was a fun and engaging way to learn.
If you are new, check out the “Complete Beginner” path that covers fundamentals.
There are many rooms to chose from, but below I listed the ones I think are helpful for the exam. They go through the main tools and methodology. And as they say, practice makes perfect 🙂
- Linux fundamentals:
- Hashing:
- John The Ripper
- Hydra:
- Burp Suite:
- Network Services:
- Metasploit:
- Nmap
- Wireshark:
- SQL Injection:
- Other:
- https://tryhackme.com/room/owasptop10
- https://tryhackme.com/room/adventofcyber2 !!! – recommended
- https://tryhackme.com/room/ccpentesting !!! – recommended
- https://tryhackme.com/room/zthweb2
- CTFs that combine all the knowledge you got from other rooms:
- https://tryhackme.com/room/picklerick
- https://tryhackme.com/room/owaspjuiceshop
- https://tryhackme.com/room/brooklynninenine
- https://tryhackme.com/room/lianyu
- https://tryhackme.com/room/anthem
- https://tryhackme.com/room/agentsudoctf
- https://tryhackme.com/room/easyctf
- https://tryhackme.com/room/attackerkb
- https://tryhackme.com/room/kenobi
- https://tryhackme.com/room/avengers
- https://tryhackme.com/room/toolsrus
- https://tryhackme.com/room/jurassicpark
- https://tryhackme.com/room/blue
Offensive Security Proving grounds / Vulnhub
Head to this website: https://portal.offensive-security.com/
Offensive security prepared a playground of Vulnhub machines that you can just power on and play. You have to exploit the machines and find the user’s and root’s flags.
The free version offers access to the machines 3 hours a day, while the paid version costs 20$/month for unlimited access. While you can get the same machines from Vulnhub, I was just too lazy to bother with docker and just wanted to connect to the machine with one click.
When I was preparing, I did all Easy machines (rated as easy by the community) and most of Easy (rated as intermediate) in the WARM UP section. That helped me get my methodology down, taught me what to pay attention to, and challenged me in using different tools.
INE – Penetration Testing Student
I also completed the Penetration Testing Student Black-box Penetration Tests that provide simulation for eJPT certification, which is similar to CEH. The whole course is for free on this website, so check it out:
What tools to revise
As I mentioned, there are so many tools mentioned during the course; your head will spin. However, if you master the ones mentioned below, you should be fine.
- Scanning
- nmap (check out my post on how to get an Initial foothold). A lot of other sources mentioned Zenmap, but I didn’t use it.
- Sniffing
- Wireshark
- SQL Injection tools
- sqlmap
- Password brute-forcing tools
- Hydra
- John The Ripper
- WordPress Hacking
- wpscan
- Cryptography
- HashMyFiles
- Veracrypt
- Steganography
- Quick Stego
- Snow
Cool links:
- https://github.com/CyberSecurityUP/Guide-CEH-Practical-Master
- https://anontuttuvenus.medium.com/ceh-practical-exam-review-185ea4cef82a
- https://diarium.usal.es/pmgallardo/2020/11/18/how-to-prepare-certfied-ethical-hacker-ceh-practical-exam/
- https://github.com/scottymcraig/CEHv10StudyGuide
- My very messy notes (that I will sort out at some point xD ) https://github.com/Yokonakajima11/HackTheBox
Hiccups
My first problem was that I am used to working on three monitors, where I have my machine on one and then notes on the others. However, because the exam is proctored and you have to share your screen, you can only have one screen plugged in. Turning it off is not enough; you have to unplug it.
Juggling the browser with the exam machine, a browser where you google things, your notes, the proctors chat, proctors control buttons, and share desktop buttons was a nightmare. On top of that, proctors menus, chats, and so on were not collapsable (or at least I didn’t find how to make them disappear).
And that led me to problem number two. Thirty minutes into my exam, while trying to juggle all the windows, I clicked the back button on a browser with my exam. And that broke my exam ;( I still could see the questions, but the lab environment was unresponsive.
I contacted my proctor, and an hour later, I could continue with the exam. He tried different things for a while, asking after a while if I consent to restart my whole exam. I agreed, even though I was already on question 5 as I wanted to be done with it. Thankfully the exam picked up from where I broke it (question and time-wise) instead of an entirely new set.
At that point, I already went through a mental breakdown because I feared that I would fail because of stupid mistake like that, to acceptance, so I could more or less calmly continue hacking xD
The third problem I encountered that I’ve read in many other posts prior to the exam was a laggy environment. While my Windows machine was all right, Linux was a nightmare. Pure, utter agony. Moving a cursor to a field took me more than a minute. At some point, I was not even able to type dir into the console as while I was typing, I got an input like diiiiiiiiiiiiiiiirrrrrrrrrrrrrrrrrrrrr. Backspace was deleting the whole input and so on—a mess. At some point, I gave up on Linux and continued with tasks on Windows. After some time, the lag improved, and I could go back to Linux. If not for the lag, I would easily be done with the exam at least 30 min earlier.