— Certification, Experience — 3 min read
Hello internet, it's been a long time since I wrote a post on this blog. Many things have happened in my personal life. In this post, I want to share a little about my experience in obtaining the CEH Practical certification 2022 edition.
CEH itself may be familiar to enthusiasts in the IT security field, perhaps it is one of the certifications that must be obtained to be able to get a job in the IT Security field. CEH itself is a certification issued by the EC Council and in this case, I took their "practical" edition. Why take practical? Well, as a beginner who just entering a professional career as an IT security professional, the certificate is suitable in terms of the portion of the material being tested. I hope this certification can be taken as a proof for myself that I have learned and know the fundamentals of offensive security from a practical point of view. Another reason is that I'm not a fan of theoretical examinations things using multiple choices like the regular edition of CEH. But it all goes back to each individual but in my case it's. For more detailed information about the exam, please see their official website below!
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh-practical/
They also provide a platform to learn the materials to be tested.
Now let's talk about the exam format itself. Just like the previous year's edition, we are given 6 hours to work on the available questions using the web platform they provide. There you will be given 2 machines that you can access via a web browser. The 2 machines are a Windows Server and a Parrot OS. You will use these two machines as tools to get answers to the questions given. You are also freely given access to the internet! The question itself consists of 20 items. If you are familiar with the CTF format, the system is more or less the same. So we are given a challenge and we are asked to submit a flag (or the answer) to earn points. The minimum points you must get to pass this certification is 14 of out 20. You are also guided by an online instructor (called Proctor) who will guide you during the exam. Also, ensure your equipment meets their standards! Like your internet quality, camera, microphone, etc.
As I said, they actually provide a platform to learn to prepare for this exam, but I don't think it's really necessary because this exam is aimed at beginners who want to dive deep into the IT security field, and in my case, I'm quite confident with the skills I have now. I think armed with free resources on the internet it's very possible to pass the exam. But if you have more money, there's no harm in trying their learning platform too because it's structured and you can easily overcome the challenges given in this exam as they will provide similar cases on the given challenges.
The exam scope itself is quite wide, ranging from Network to Android vulnerabilities. Some important things you must know before taking this exam:
nmap
, netdiscover
, metasploit
, hydra
, john
, and more related to the hacking technique that you want to perform)To learn the things above I can give you free resources that I found useful on the Internet:
The tips I can give may be to learn the fundamental elements above and try playing around with HacktheBox and Tryhackme's free Labs. Trust me, the free machines from them are more than enough. I've taken the exam on Wednesday (18/5/2022) and got a score of 19/20 with the free resource I found myself on the internet!
I noted important things during the exam, which you can see here:
https://notes.abdarafi.net/ceh-practical-notes
Overall, this exam is very interesting not only will you get the CEH certificate which HRD really loves but also get a technical experience that is very similar to the real world!
If you have any questions regarding the exam (like detailed format, learning strategies, etc), just comment below or contact me on Twitter! Cheers! 🍻