CEH Training

IRJ

This week I am in Certified Ethical Hacker Training. So far even in day one we are learning some cool stuff.

scottalanmiller

Classroom setting?

WrCombs

CEH has interested me, how long did it take you to get to this point? How many different certifications did you go through?

IRJ

@scottalanmiller said in CEH Training:

Classroom setting?

iClass which is a live online class.

IRJ

@WrCombs said in CEH Training:

CEH has interested me, how long did it take you to get to this point? How many different certifications did you go through?

I dont have any security certifications. I have A+, Net+, MCSE, and other microsoft certs but nothing directly related to security. I have been working with vulnerability and pen testing for about a year now, though.

WrCombs

@IRJ said in CEH Training:

@WrCombs said in CEH Training:

CEH has interested me, how long did it take you to get to this point? How many different certifications did you go through?

I dont have any security certifications. I have A+, Net+, MCSE, and other microsoft certs but nothing directly related to security. I have been working with vulnerability and pen testing for about a year now, though.

So you are just trying it out? or starting in Security rather?

IRJ

@WrCombs said in CEH Training:

@IRJ said in CEH Training:

@WrCombs said in CEH Training:

CEH has interested me, how long did it take you to get to this point? How many different certifications did you go through?

I dont have any security certifications. I have A+, Net+, MCSE, and other microsoft certs but nothing directly related to security. I have been working with vulnerability and pen testing for about a year now, though.

So you are just trying it out? or starting in Security rather?

I am starting in security.

IRJ

The certification map from ECC Council for what I want to do is:

CEH > ECSA > LPT

WrCombs

@IRJ Well I wish ya luck! sure it will be an enjoyable experience!

Lakshmana

@IRJ I am also interested in CEH.Any good links to learn

IRJ

Wow this class was great. The best IT class I have ever taken.

It increased my security awareness 10 fold and shows the importance of security patches, user training, and a stringent security policy. Every IT person hears about security risks, but you never understand the real risk until you play for the red team (hackers).

Some of the exercises we got to do:

We hacked Windows machines, Linux machines, and Android phones. We also were given techniques on hacking iPhones, Windows phones, and the ever elusive blackberry.

Hacking websites using various techniques such as script attacks, SQL injection, and changing the website coding itself.

After playing with web applications we focus specifically on wordpress sites with techniques such as plugin backdoors, theme files, and dictionary password attacks.

We also built trojans that were undectable by most antivirus companies (only 7 out of 52 tested companies detected them). We built malware and spyware packages, cloned websites for credential harvesting. We also learned how to package trojans into nested packages. For example we wrapped a trojan into an .exe, which we could disguise as a legitimate application. When you run the application nothing happens in the background and the original application still launches like it is supposed to do.

We also learned how to send hidden messages in pictures and other files using stenography.

For most hacking that we did we learned how attackers would cover their tracks by deleting log files, evading IDS, and using undetectable attacks that throttle packets slowly to mask themselves.

IRJ

Some of the other perks:
Access to lab environment for 6 months
All course content and lab manual
Prebuilt VMs of the lab environment to create your own lab. (Server 2012, Server 2008, Server 2003, Windows 8.1, Windows 7, Windows XP, Kali Linux, Back Track, Ubuntu Server, and Android.)
Test Prep materials
Videos of the instructor performing hacking in the lab environment
Every single hacking tool we used and many more we didn't even get a chance to try.
Android Hacking Apps (Most require Root)
Example Security Policies you can use as templates in your organization (about 25 of them)
Pen Testing Templates (about 25 of them)
All of this and more is on a google drive for us. They keep updating it and never take away access.

scottalanmiller

That's pretty cool.

IRJ

@scottalanmiller said in CEH Training:

That's pretty cool.

I am taking the cert test this week. I haven't scheduled it yet, but I am thinking friday.

scottalanmiller

@IRJ said in CEH Training:

@scottalanmiller said in CEH Training:

That's pretty cool.

I am taking the cert test this week. I haven't scheduled it yet, but I am thinking friday.

Good luck.

IRJ

@scottalanmiller said in CEH Training:

@IRJ said in CEH Training:

@scottalanmiller said in CEH Training:

That's pretty cool.

I am taking the cert test this week. I haven't scheduled it yet, but I am thinking friday.

Good luck.

Thanks. My test is scheduled for Thursday.