INTRODUCTION
Welcome, dear reader! I sincerely hope you’ve found your way here to this introduction happy, healthy, and brimming with confidence—or, at the very least, curiosity. I can see you there, standing in your bookstore flipping through the book or sitting in your living room clicking through virtual pages at some online retailer. And you’re wondering whether you’ll buy it—whether this is the book you need for your study guide. You probably have perused the outline, checked the chapter titles—heck, you may have even read that great author bio they forced me to write. And now you’ve found your way to this, the Introduction. Sure, this intro is supposed to be designed to explain the ins and outs of the book—to lay out its beauty and crafty witticisms in such a way that you just can’t resist buying it. But I’m also going to take a moment and explain the realities of the situation and let you know what you’re really getting yourself into.
This isn’t a walk in the park. Certified Ethical Hacker (CEH) didn’t gain the reputation and value it has by being easy to attain. It’s a challenging examination that tests more than just simple memorization. Its worth has elevated it as one of the top certifications a technician can attain, and it remains part of DoD 8570’s call for certification on DoD networks. In short, this certification actually means something to employers because they know the effort it takes to attain it. If you’re not willing to put in the effort, maybe you should pick up another line of study.
If you’re new to the career field or you’re curious and want to expand your knowledge, you may be standing there, with the glow of innocent expectation on your face, reading this intro and wondering whether this is the book for you. To help you decide, let’s take a virtual walk over to our entrance sign and have a look. Come on, you’ve seen one before—it’s just like the one in front of the roller coaster reading, “You must be this tall to enter the ride.” However, this one is just a little different. Instead of your height, I’m interested in your knowledge, and I have a question or two for you. Do you know the OSI reference model? What port does SMTP use by default? How about telnet? What transport protocol (TCP or UDP) do they use and why? Can you possibly run something else over those ports? What’s an RFC?
Why am I asking these questions? Well, my new virtual friend, I’m trying to save you some agony. Just as you wouldn’t be allowed on a roller coaster that could potentially fling you off into certain agony and/or death, I’m not going to stand by and let you waltz into something you’re not ready for. If any of the questions I asked seem otherworldly to you, you need to spend some time studying the mechanics and inner workings of networking before attempting this certification. As brilliantly written as this little tome is, it is not—nor is any other book—a magic bullet, and if you’re looking for something you can read one night and become Super-Hacker by daybreak, you’re never going to find it.
Don’t get me wrong—go ahead and buy this book. You’ll want it later, and I could use the sales numbers. All I’m saying is you need to learn the basics before stepping up to this plate. I didn’t bother to drill down into the basics in this book because it would have been 20,000 pages long and scared you off right there at the rack without you even picking it up. Instead, I want you to go learn the “101” stuff first so you can be successful with this book. It won’t take long, and it’s not rocket science. I was educated in the public school system of Alabama and didn’t know what cable TV or VCR meant until I was nearly a teenager, and I figured it out—how tough can it be for you? There is plenty in here for the beginner, though, trust me. I wrote it in the same manner I learned it: simple, easy, and ideally fun. This stuff isn’t necessarily hard; you just need the basics out of the way first. I think you’ll find, then, this book perfect for your goals.
For those of you who have already put your time in and know the basics, I think you’ll find this book pleasantly surprising. You’re obviously aware by now that technology isn’t magic, nor is it necessarily difficult or hard to comprehend—it’s just learning how something works so you can use it to your advantage. I tried to attack ethical hacking in this manner, making things as light as possible and laughing a little along the way. But please be forewarned: you cannot, should not, and will not pass this exam by just reading this book. Any book that promises that is lying to you. Without hands-on efforts, a lot of practice, and a whole lot of additional study, you simply will not succeed. Combine this book with some hands-on practice, and I don’t think you’ll have any trouble at all with the exam. Read it as a one-stop-shop to certification, though, and you’ll be leaving the exam room wondering what happened to you.
There is, of course, one primary goal and focus of this book—to help you achieve the title of Certified Ethical Hacker by passing the version 10 exam. I believe this book provides you with everything you’ll need to pass the test. However, I’d like to think it has more to it than that. I hope I also succeeded in another goal that’s just as important: helping you to actually become an employed ethical hacker. No, there is no way someone can simply pick up a book and magically become a seasoned IT security professional just by reading it, but I sincerely hope I’ve provided enough real-world insight that you can safely rely on keeping this book around on your journey out there in the real world.
How to Use This Book
Speaking of this book, it covers everything you’ll need to know for EC-Council’s Certified Ethical Hacker examination as it stands right now. CEH topics expand seemingly by the day and I’m certain you will see the latest hot topic referenced somewhere in your exam. Hence, we’ve taken great pains throughout the entirety of this writing to remind you over and over again to do your own research and keep up with current news.
However, based on information derived from the official courseware, discussions with pen testers and security professionals actually working, and research of topics by your humble author, we’re pretty confident we have everything locked down. Each chapter covers specific objectives and details for the exam, as defined by EC-Council (ECC). We’ve done our best to arrange them in a manner that makes sense, and I hope you see it the same way.
Each chapter has several components designed to effectively communicate the information you’ll need for the exam:
• Exam Tips are exactly what they sound like. These are included to point out an area you need to concentrate on for the exam. No, they are not explicit test answers. Yes, they will help you focus your study.
• Sidebars are included in each chapter and are designed to point out information, tips, and stories that will be helpful in your day-to-day responsibilities. Not to mention, they’re just downright fun sometimes. Please note, though, that although these entries provide real-world accounts of interesting pieces of information, they are sometimes used to reinforce testable material. Don’t just discount them as simply “neat”—some of the circumstances and tools described in these sidebars may prove the difference in correctly answering a question or two on the exam.
• Specially called-out Notes are part of each chapter, too. These are interesting tidbits of information that are relevant to the discussion and point out extra information. Just as with the sidebars, don’t discount them.
The Examination
Before I get to anything else, let me be crystal clear: this book will help you pass your test. I’ve spent a lot of reading and research time to ensure everything EC-Council has asked you to know before taking the exam is covered in the book, and I think it’s covered pretty darn well. However, I again feel the need to caution you: do not use this book as your sole source of study. This advice goes for any book for any certification. You simply cannot expect to pick up a single book and pass a certification exam. You need practice. You need hands-on experience, and you need to practice some more. And anyone—any publisher, author, or friendly book sales clerk partway through a long shift at the local store—who says otherwise is lying through their teeth.
Yes, I’m fully confident this book is a great place to start and a good way to guide your study. Just don’t go into this exam with weird overconfidence because “I read the book so I’m good.” The exam changes often, as it should, and new material pops up out of thin air as the days go by. Avail yourself of everything you can get your hands on, and for goodness’ sake build a home lab and start performing some (a lot of) hands-on practice with the tools. There is simply no substitute for experience, and I promise you, come test time, you’ll be glad you put your time in.
Speaking of the test (officially titled CEH 312-50 as of this writing), it was designed to provide skills-and-job-roles-based learning, standard-based training modules, and better industry acceptance using state-of-the-art labs (in the official courseware and online). The exam consists of 125 multiple-choice questions and lasts four hours. A passing score is, well, different for each exam. See, EC-Council now implements a “cut score” for each of their questions; the questions go through beta testing, and each is assigned a cut score to mark the level of difficulty. Should your test include multiple hard questions, your passing “cut score” may be as low as 60 percent. If you get the easier questions, you may have to score upward of 78 percent (https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/). Delivery is provided by Pearson VUE and ECC.
These tidbits should help you:
• Be sure to pay close attention to the Exam Tips in the chapters. They are there for a reason. And retake the exams—both the end-of-chapter exams and the electronic exams—until you’re sick of them. They will help, trust me.
• You are allowed to mark, and skip, questions for later review. Go through the entire exam, answering the ones you know beyond a shadow of a doubt. On the ones you’re not sure about, choose an answer anyway and mark the question for further review (you don’t want to fail the exam because you ran out of time and had a bunch of questions that didn’t even have an answer chosen). At the end of each section, go back and look at the ones you’ve marked. Change your answer only if you are absolutely, 100 percent sure about it.
• You will, with absolute certainty, see a couple of question types that will blow your mind. One or two will come totally out of left field. I’ve taken the CEH exam six times—from version 5 to the current version 10 (which this book is written for)—and every single time I’ve seen questions that seemed so far out of the loop I wasn’t sure I was taking the right exam. When you see them, don’t panic. Use deductive reasoning and make your best guess. Almost every single question on this exam can be whittled down to at least 50/50 odds on a guess. The other type of question you’ll see that makes you question reality are those using horribly bad grammar in regard to the English language. Just remember this is an international organization, and sometimes things don’t translate easily.
• On code questions on the exam (where code snippets are shown for you to answer questions on), pay attention to port numbers. Even if you’re unsure about what generated the log or code, you can usually spot the port numbers pretty quickly. This will definitely help you on a question or two. Additionally, don’t neglect the plain text on the right side of the code snippet. It can often show you what the answer is.
One more quick note, future ethical hacker: EC-Council now offers a hands-on examination where you can prove your actual skills. It’s called CEH Practical, and it’s offered remotely as a proctored test of your ability. From EC-Council’s site: “The CEH (Practical) is a 6 hours practical exam built to exacting specifications by subject matter experts in the EH field. Professionals that possess the CEH credential will be able to sit for an exam that will test their limits in unearthing vulnerabilities across major operating systems, databases, and networks. To those who meet and exceed the skills level set, they will earn the new industry required certification—the CEH (Practical) certification. CEH (Practical) is available fully proctored, online, with remote facilities globally. The combined benefit of a practical exam that is fully proctored anywhere in the world will provide organizations with a skills-validated and trusted credential when employing cybersecurity professionals. With its global availability, organizations can now quickly train, test and deploy a cyber-ready workforce effectively.”
Objectives
In addition to test tips and how to get certified, one of the questions I get asked most often is, “Hey, Matt, what’s on the test?” After noting the myriad reasons why I cannot and should not provide exact test questions and answers (ethics and nondisclosure agreements and such), I usually respond with, “Everything in this book. And a little more.” Now, thanks to Amy Stonebraker Gray (McGraw-Hill Education’s acquisitions editor saddled with the unending joy of working with me on this project) and her ceaseless but carefully calculated and brilliantly executed plan to beat me into submission concerning her every whim and idea on the book, I can just point everyone to this little section as an answer.
Now I know some of you are reading this and saying, “Wait a minute… This is supposed to be an All-in-One study guide. What do you mean with the “And a little more” addition there? I thought you covered everything in this book? And why did Amy have to beat you so much to get it in here?” Let me explain.
First, I’m a quick learner, and the reviews and responses from the first versions of this book lead me to an irrefutable truth: no static book ever written can cover everything EC-Council decides to throw into their exam queue. A couple months after publication, EC-Council might decide to insert questions regarding some inane attack from the past, or about something that just happened (that is, Heartbleed-style vulnerability announcements). It’s just the nature of certification exams: Some of it is just going to be new, no matter what training source you use. And, yes, that includes their own official course material as well.
Second, and to the more interesting question of insight into editor–author relationships at McGraw-Hill Education, Amy had to beat on me quite a bit because we disagreed on including objective maps in this book. Amy rightly noted that an objective map helps candidates focus their study as well as helps instructors create lesson plans and classroom schedules. My argument centered on three things. First is the unavoidable fact that EC-Council’s objectives can be unclearly worded, and oftentimes you can’t find what you’re supposed to know about them or to what level that knowledge would be tested in their official courseware. Second, the objectives themselves can only be found in EC-Council’s official courseware now (you can find a test breakdown and such on their website, but not the objectives anymore) and copy/pasting from that is a no-no. Third, EC-Council was supposed to be going away from versions altogether and adopting the continuing professional education model that most other certification providers use. Which means, dear reader, EC-Council may just up and change their objectives any time they feel like it—without releasing another “version.”
So, a conundrum—which Amy solved for us because she’s just awesome that way. We present to you, dear reader, with a courseware map for this book, comparing where you would find EC-Council’s coverage in our little offering here. Additionally, EC-Council defines seven domains for their current CEH certification (https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v3.0.pdf). As noted earlier, the specific objectives (or rather, sub-objectives) covered within each domain change rapidly, but the coverage on the exam broken down by percentages may help you in your study. Please check the link before your exam to see if there have been any changes.
So there you have it, ladies and gentlemen. Hopefully this helps in preparing your study/classroom and calms any fears that we may have left something out.
The Certification
So, you’ve studied, you’ve prepped, and you think you’re ready to become CEH certified. Usually most folks looking for this certification believe their next step is simply to go take a test, and for years (as is the case for most other certifications) that was the truth. However, times change, and certification providers are always looking for a way to add more worth to their title. EC-Council is no different, and it has changed things just a bit for candidates.
When you apply for the certification, there are a couple of things EC-Council asks for to protect the integrity of the program. First is that prior to attending this course, you will be asked to sign an agreement stating that you will not use your newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent. Second is some form of verification you’re qualified to be in this fraternity—that is, that you’ve been working the job long enough to know what’s going on, or that you’ve completed appropriate training (in the eyes of EC-Council anyway) to make up for that.
There are two ways for a candidate to attain CEH certification: with training or using only self-study. The training option is pretty straightforward: you must attend an approved CEH training class before attempting the exam. And they really, really, really want you to attend their training class. Per the site (https://iclass.eccouncil.org/), training options include the following:
• Live, online, instructor-led These classes are offered by many affiliates EC-Council has certified to provide the training. They offer the official courseware in one of two methods: a standard classroom setting or via an “online-live” training class you can view from anywhere. Both offerings have an ECC-certified instructor leading the way and as of this writing costs $2,895 per seat.
• Client site EC-Council can also arrange for a class at your location, provided you’re willing to pay for it, of course. Costs for that depend on your organization.
As for doing it on your own, a couple methods are available:
• iClass In this option, you pay for the official courseware and prerecorded offerings, along with the labs used for the class. This allows you to work through the stuff on your own, without an instructor. Cost as of this writing is $1,899.
• Self-study If you want to study on your own and don’t care about the class at all (that is, you’ve been doing this for a while and don’t see the value of going to a class to have someone teach you what you already know), you can simply buy the courseware for $870 and study on your own.
Once you attend training, you can register for and attempt the exam with no additional cost or steps required. As a matter of fact, the cost for the exam is usually part of the course pricing. If you attempt self-study, however, there are some additional requirements, detailed here, straight from EC-Council:
In order to be considered for the EC-Council certification exam without attending official training, a candidate must:
• Have at least two years of information security–related experience.
• Remit a nonrefundable eligibility application fee of $100.
• Submit a completed Exam Eligibility Application Form. (Applicant will need to go to https://cert.eccouncil.org/exam-eligibility-form.html to fill in an online request for the Eligibility Application Form. USA/Canada applicants can contact [email protected], and international applicants can contact [email protected]. EC-Council will contact applicant’s boss/supervisor/department head, who has agreed to act as the applicant’s verifier in the application form, for authentication purposes. If the application is approved, the applicant will be required to purchase a voucher from EC-Council directly. EC-Council will then send the candidate the eligibility code and the voucher code, which the candidate can use to register and schedule the test at any authorized Pearson VUE testing center globally. Please note that Pearson VUE Registration will not entertain any requests without the eligibility code. If the application is not approved, the application fee of $100 will not be refunded.)
And there you have it, dear reader. Sure, there are a couple of additional hoops to jump through for CEH using self-study, but it’s the best option, cost-wise. From the perspective of someone who has hired many employees in the security world, I honestly believe it may be the better option all around: anyone can attend a class, but those who self-study need to have a sponsor to verify they have the appropriate experience. It’s well worth the extra step, in my humble opinion.
Finally, thank you for picking up this book. I’ve been blown away by the response to previous versions, and humbled beyond words by all of it. I sincerely hope your exam goes well, and I wish you the absolute best in your upcoming career. Here’s hoping I see you out there, somewhere and sometime!
God bless.