Taking the Certified Ethical Hacker (CEH) certification from ECCouncil has been on my bucket list for some years now. I planned on taking it five years ago, but never found the time to do it – until this year. In this blogpost I will share how I approached taking this certification!
Attending the offical class
My journey began attending a five day class in autumn 2018. It was a fast paced instructor lead class which covered somewhat the entire curriculum. The curriculum consisted of twenty modules and a couple of thousand pages, so there were limited time to cover everything. In addition there were labs and assignments.
Due to class being so fast paced, I found it useful to use SimpleNote for notetaking during the class. That way my notes were synchronied between all my devices. The notes came in handy while reviewing them on my train ride home and for the exam – and everything in between.
Reading a quickstarter book
After finishing the class I decided to invest in a quickstarter book. At that time there weren’t many books available and the few who were around had lousy Amazon reviews. I ended up buying this Kindle book: “CEH v10: EC-Council Certified Ethical Hacker Complete Training Guide with Practice Questions & Labs: Exam: 312-50“. The reviews wasn’t exactly great, but the book wasn’t all that bad either. It was for the most part okay. I quickly sped through it taking some notes.
Read the official courseware material and do the practice labs
After reading the quickstarter book I began reading the official coursware material. The courseware were delivered as encrypted PDF’s of which I had to use a specific PDF reader. I got provided a digital license for the reader which was valid for an unspecified amount of devices.
The courseware consisted of PDF’s for each course module as a mixture of Powerpoint slides and notes. They were for the most part clearly written and easy to read. As with all technical books, there were areas that could be more concise. A tip: while reading, take notes of things that are unclear and look them up on the Net. Make a bookmark of it and save for later studies.
The courseware had a couple of thousand pages. My route to tackle all those pages was to load the courseware on my iPad and read whenever I got the time. I made myself a routine to identify difficult topics and then look them up on Wikipedia, saving them as bookmarks reflecting the module layout. I figured out that I couldn’t read the courseware more than once. Hence I made sure to make good notes while reading it.
Also, the courseware contained digital hands-on labs to show how various tools and attacks works. I did them across some weekends and took notes using AsciiDoctor, then converting the notes to PDF to carry around.
Reread the quickstarter book – this time with goal to link content up to various web resources
Having covered the courseware and having some good notes, I decided to reread the quickstarter book. But this time I focused on finding topics I was unsure of or found difficult. I continued building my bookmarks and notes using this strategy.
Read the web resources I’ve collected
At this point I had a decent collection of bookmarks at hand. It took me two weeks to read through all the bookmarks I had collected whilst sitting on the train on my daily commute. Sure, many of the resources were overly complex. But I felt I learnt a lot from reading more than what was necessary.
Reread the quickstarter book, notes and web resources
All of the previous steps were mostly done during my daily commute. Hence, it took a while. At the end of April or beginning of May I scheduled my exam date. I chose to have it somewhat early in the morning in mid June-ish. Now I had a specific goal and had to hurry. From now on I spent pretty much every spare time I got to reread the quickstarter book, brushing up on my notes and web resources.
Taking the exam
On exam day I took the train to town and the test center. I arrived a bit early. Had roughly 50 minutes to spend before the exam. To my surprise I could start the exam straight on. Since I couldn’t bring any personal effects such as wallets, watches and phones with me, I locked them away and went on to start the exam.
The exam consisted of 125 mutiple choice questions. During the exam I got a bit stressed since I had no way to tell the current time. The only thing I had to cling on to was the count down timer in the exam interface. Stressing down and trying to forget time I answered the questions. All of sudden I had answered all the questions. Thinking what to do now, I decided to review my answers and change some answers here and there. I submitted my answers and got an instant reply that I had passed. Then I went to work.
reedphish 