Whether you have just completed the official EC-Council training for the Certified Ethical Hacker (CEH), or have not yet taken your first step onto the certification path, it is important to focus your study plan early on. Here are some steps you can take to prepare for the 312-50 (CEH) exam with the highest probability of success.
Create a Hacker Box
“To beat a hacker, you have think like one.”
This pearl of wisdom has an additional corollary: “And to think like a hacker, you need to use the same tools.” Hackers use a variety of tools in their attack, whether scoping out vulnerabilities during scanning and enumeration, developing a malicious payload to gain access, or installing backdoors for long-term control of targets. The sophistication of a good hacker toolbox can turn even the greenest of script kiddies into serious threats. So you need to gather and master your own hacker arsenal, and become familiar with not just the types of attacks, but how these tools are used in those attacks—that is if you want any hope of stopping them when you’re in their crosshairs.
From vulnerability detection tools like Nessus and Nexpose, network sniffers like Wireshark and Tcpdump, password crackers like Cain and Abel and HashCat, and robust suites of tools like Metasploit, the list of possibilities to a newbie can be overwhelming. Don’t worry…the ethical hacking field has grown more popular over the years, and with that comes some formal toolkits to get a budding pen tester started. Here are two popular ones:
They come with everything—an operating system and tools pre-installed and pre-configured. Just find an old laptop and copy the image to a USB stick or DVD. What if you don’t use Linux? Well, you better start learning it now—many of these tools have GUIs to avoid the tedium of command-line, but you’ll hit a wall pretty soon if you don’t get comfortable doing some typing. Luckily, Linux has only become more user-friendly over the years. So, together with the extensive documentation and rabid community support, the installation should be fairly easy to complete, even for those with a keyboard phobia.
Hopefully, you completed this step before you took any formal training so you could bring it to the class. There are some great cloud-based labs out there, but nothing replaces a physical box you can take with you into the field. And at the end of the day, those fancy labs will time out, whereas your box is yours to keep, configure, test, update, and document along the hacking journey.
Recon the Objectives
Before you get too much further into studying for the Certified Ethical Hacker exam, it’s a good idea to ground yourself first. Information security is a broad field across many diverse topics and overlaps with many other related fields. So you need to focus—not on everything you’ve learned online and in your classwork—but on what you really need to know to pass the CEH exam. The first step is to review the CEH exam blueprint (revised November 1st, 2018).
There are seven domains/objectives for the 312-50 exam:
Background (22%): Basics about networking, mobile, web, and system technologies, in addition to common vulnerabilities and exploits
Analysis/Assessment (12%): Knowing how to assess and analyze potential cybersecurity threats
Security (23%): Familiarity with common security controls, and how to detect vulnerabilities and prevent exploits
Tools/Systems/Programs (29%): Familiarity with pen testing tools, operating systems, and devices
Procedures/Methodology (9%): Experience using security testing methodology and data protection methods
Regulation/Policy (2%): Identification of common security policies and laws/regulations
Ethics (2%): Conducting yourself ethically and when hacking is allowed
Looking at the percentages of the highlighted domains above, it’s clear you need to focus on common cybersecurity tools and threats, and be able to relate them to common vulnerabilities and exploits to get the 70% required to pass the exam. The best way of learning which tool is right for the job is to use them and play. And the best way of remembering a threat is to try to exploit it! If you have a hacker box, find a safe network to practice on. If you have a cloud-based lab, then go beyond the prescribed steps and try new scenarios. The more hands-on work you do now, the easier it will be to recognize screenshots and outputs on the exam.
Even if it’s only 2%, you should easily master the low-hanging fruit of the Ethics domain now. Just go to https://www.eccouncil.org/code-of-ethics/ and memorize it. Congratulations! You’re 2% closer to passing the Certified Ethical Hacker exam than you were yesterday.
Test Your Mettle
Now that you know what you need to know, the natural next step is to jump into some guided instruction. But let’s slow down here first and take inventory of your strengths and weaknesses. Think of it as your first assessment, figuring out what your exam vulnerabilities are.
To establish your baseline, simulate the exam using the official CEH exam preparation. On the live exam, you’ll get 4 hours to answer 125 multiple choice questions. With roughly only 2 minutes per question, you better hit the ground running and see if you can even complete the exam once through. Don’t second-guess yourself; just try to answer honestly for now. You’ll have plenty of time to go back through, try other answers, and explore the explanations and references later.
Patch Over the Gaps
How did you do? What were your strengths? What were your weaknesses? More interestingly, why did you do so well in some topics and not others? Do you come from a computer networking background, and avoid programming like the plague? Are you a developer, but your knowledge of networking devices is a bit rusty? Have you seen it all working an IT helpdesk, but some of these methodologies seem foreign to you?
The key is not to beat yourself up over what you got wrong. Instead, consider how to relate what you know to what you don’t. For example, if you know OSI (Open Systems Interconnection) Model really well, then maybe you should start organizing those hacking tools into their buckets too. Group them by OSI levels, functionality, and/or hacking stage. If you are a primarily an administrator and not a developer, think of how malicious code would show up to the end-user, and forget about all of the complicated behind-the-scenes explanations. How cross-site scripting (XSS) exactly works is confusing. But if you think of an innocent website as being implanted with an alien ready to burst out with malicious code at unsuspecting visitors, then you have the basic idea!
And the best way to lay new neural tracks? Look up examples. If you want to know how distributed denial of service (DDoS) attacks work, research the 2016 Dyn cyberattack. If you want to remember how phishing typically works, study the 2016 DNC email leak. It’s much easier to recall information related to a story than by just memorizing abstract details out of context.
How should you ensure your study will yield a passing score on the exam? Follow our Certified Ethical Hacker series for the next steps you can take to pass the certification exam and become an ethical hacker!
Posted by: Josh Hester