How should one prepare for CEH (Certified Ethical Hacking) at home?
To directly answer your question:
When you sign up for a course they will provide materials - I got full transcripts of the course, plus access to some online resources, all included. The quality will depend on the organisation. If you have none, and have paid for the exam, it’s going to be tougher.
Look at the tools they use and practice with them again and again. NMAP is a good example, as is Wireshark. Learn that shit at home by setting up systems and scanning them as practice. NMAP actually lets you scan its servers, so do that immediately - go to their site and go deep on it. It’s a great tool.
There are some good tools online for practice tests (skillset.com for e.g.). Take the tests again and again. The pro version costs (99 per month I think) but the free version is OK as a basic guide.
I would become familiar with at least basic TCP/UDP networking, tools like NMAP and NSLOOKUP
Familiarise yourself with crypto/authentication (key exchanges, certificates etc.)
Learn some Linux - get Ubuntu or Mint and command line the shit out of it so you know how to grep, cat and ls and other navigation/search/interaction commands.
There are a million things you can research - do some Google searching! If you want to be a security pro you should at least be able to find some documents about CEH training :)
CEH vs technical hacking
I disagree with a few of the answers. I think CEH is useful and there is a big distinction to make here:
- Being a professional pen-tester and learning business support & process
- Being a cool hacker and learning how to break into shit
Qualifications like CEH will not teach you a lot of technical stuff. Some of the questions reinforce knowledge of tools like NMAP, but most of the CEH is process driven and this is really, really important. It is theory more than practice.
If you are a pro pen-tester you can’t just wander in to a company and start fucking with their systems - you need contracts, SLAs and agreements, you need to define scope, you need to audit their security documents, you need to draw up new security policies and then present them to CEOs for approval. Much more. So much more.
You have to learn this and be able to present it in meetings, to people who don’t care and are often a few 00s above your pay grade. Hacking skill has very little to do with this.
ITIL is a good comparison. It taught me nothing technical, but I did learn about liabilities, contracts and SLAs etc. and lots of employers still ask for it. It did teach me how to present IT to the rest of the business, how to arrange support models and SLAs, and basically everything about the process of IT without the technicals.
Employers look for this. They want people who know procedure and technicals.
Let me be clear - I hate the term ethical hacker. There is no such thing. However the CEH course (much like ITIL) will teach you about how your IT must function within a business, and lots of employers like that.
On the road to become an Ethical Hacker, the utmost thing to consider first of all is to understand your field that you are coming from. In case, you are still seeking which field you want to go into, considering military services is relatively, a very promising option.
- Step – 1 To begin with, you may want to start with basics and fundamentals to networking such as – Network+ or A+, even better option is to get CCNA and attain a tech support position.
- Step – 2 Upon gaining some experience, after few years you may now put efforts into earning basic security certification and gain security position in an organization.
- Step – 3 Meanwhile, working at this position you may slowly want to concentrate on penetration testing and learn tools of the trade and work towards gaining CEH certification(Certified Ethical Hacker) offered by EC-Council.
- Step – 4 Now, you can begin displaying yourself as an Ethical Hacker.
You can read more in more detail
How to Become an Ethical Hacker? Benefits, Syllabus and Fee
Preparing CEH at home is a good idea, maybe the best.
First of all, You must know the latest Syllabus of CEH.
Books are the best friends to give you good basics.
1. CEH: Certified Ethical Hacker Study Guide (Published by Wiley)
2. The Basics of hacking & Penetration Testing (Published by Syngress)
If you are unable to hard copy of these books, you can pm me. I'll provide you with the eBooks available online.
Start with it and then you will need tools and site links.
Some of them are already given in the books but for the latest updates you may need to join the cyber-underworld :D
I hope, these will help you to a certain point.
Never go for CEH i.e CERTIFIED ETHICAL HACKER. First of all you can't do that course on your on (as it is against EC-Council Norms), you have to visit their ATC's and their ATCs don't have professional trainers. If you dream of becoming an ethical hacker read books, join ethical hacking blogs and instead of paying to an institute pay to a trainer, hacker, cyber security consultant or an ethical hacker who is going to share with you his knowledge and experience.
I sold my iPhone 6 to do CEH Training and Certification (best part was EC Council says you can't only do training you have to do certification also for that you have to pay a hefty amount of 500$).
What I got after doing this certification?
1. A Certified Ethical Hacker - CEH certificate.
2. Very Poor quality of training.
3. To clear their examination I paid another 100$ to their ATC.
4. Poor quality of black and white study material.
First they lure you to join their course by using fancy names like Certified Ethical Hacker, Licenced Penetration Tester, blah blah...
Then they ask you for 500$ fee for training ang certification. Ask yourself you paying 500$ just for a certification with a training of only 5 days. They are just businessman and know how to make money out of innocent people.
If you are a college going student then 500$ is the fees for complete semester and you study for a complete 6 months period and college staff will teach you 5-6 courses and the fees includes examination and degree cost.
No one ever gets a job after doing their certifications. All you can get is the job of a trainer at their ATC with salary of 150-200$ per month.
Finally, its your choice what you want to do. I was just my opinion.
No one will ever tell the truth as they have already paid the hefty amount and its human nature to praise the things for which we have paid heavy amounts.
Disclaimer: If you don't believe me or have questions in your mind. Then go for EC-Council and you will know the truth by yourself. Don't forget to post your reviews about the course.
My suggestion is don't go for it. It's a certificate that is pretty useless. Instead get your hands on networking first. Because it deals with a huge part in hacking. I had a friend who claimed himself as a hacker but had never logged in on a router, even a virtual one. So learn how the network works. See how it's designed and built and maintained before you exploit it. CCNA would be a good start and is a valuable certificate as well.
Of course, this answer is in perspective of network security.
Certified Ethical Hacker (CEH) is a certification that proves your experience in
using hacking tools in penetration testing. It basically takes you the
various tools a hacker would use and as well as the countermeasures that
you can employ to prevent security exploits.
As the CEH certification is a practical certification with hundred of hours in labwork then this provides a lot of experience in using real world examples to carry out penetration testing. There are multitude of tools that you are familiar while undergoing the CEH certification, then it is just a matter of being provided with a platform to demonstrate your skills.
The IT security field is an area that is constantly changing and even the CEH course has evolved over the years and now it is in its 9th version. So you must be always be updated in what is going on in the security field.
Some of the books you can use to prepare for the exam include:
- CEHv9: Certified Ethical Hacker Version 9 Study Guide by Sean-Philip Oriyano
- CEH Certified Ethical Hacker Bundle, Second Edition (All-in-One) by Matt Walker with; CEH Certified Ethical Hacker All-in-One Exam Guide, CEH Certified Ethical Hacker Practice Exams, and CEH Quick Review Guide
- Certified Ethical Hacker (CEH) Cert Guide by Michael Gregg
This means you can be able to prepare at home if you have all the resources you need.
Opt for a quality online CEH (Certified Ethical Hacker) course from a quality training institute, offering round the clock study access, customised course materials, and in-depth statistical analysis, that helps you get hold of the subject concepts and fundamentals comprehensively. All this, you can get from Multisoft Systems , which offers advanced online learning with 360 degree Learning Management System, imparted by certified trainers. Assessments, mock tests, and progress reports help learners become proficient in network security, testing and scanning technologies.