On becomin' XXXXX Certified Ethical Hacker (CEHv9)
I've been tryin' to decide whether or not to write this post since I became XXXXX Certified Ethical Hacker (CEHv9) just over four weeks ago.
On XXXXX one hand, I don't want to go about blowin' my own trumpet too much but, then again, as XXXXX title of Eric Sykes's autobiography put it, If I Don't Write It Nobody Else Will[*].Or to put it XXXXX slightly different way, if I have skills and qualifications that might be of some use to somebody, keepin' them to myself is perhaps not XXXXX best form of advertising.
Mind you, if I tell everybody I'm XXXXX hacker then it might become somewhat more difficult to do any social engineering.
Notwithstandin' all of that, havin' vacillated about tellin' people about this for over XXXXX month, I've decided to share it with you.
Incidentally, on XXXXX skills and qualifications front, I've written XXXXX little more about some of mine here, includin' links to various online profiles.
So what is it?
The Certified Ethical Hacker (CEH) qualification relates to assessin' XXXXX security of computer systems usin' penetration testin' techniques. The only real difference between an ethical hacker and an unethical hacker is that XXXXX ethical hacker acts with XXXXX permission of XXXXX target; XXXXX techniques and tools used are XXXXX same. Of course XXXXX ethical hacker doesn't do anythin' nefarious with any data they obtain, but their actions would likely render them liable to prosecution were they not granted (in advance) explicit permission to undertake those actions. This means that XXXXX trainin' is pretty interestin' and you're required to sign an NDA and to promise not to be naughty before you start. This also limits what I'm allowed to write about it here.
The trainin' material is extensive - you'll see how thick XXXXX manuals are if you scroll down XXXXX bit - and there are also lots of useful files to download (via XXXXX unique code inside one of XXXXX manuals), includin' XXXXX course material itself as well as various hackin' tools. The areas covered include such things as Hackin' Websites (mostly via XXXXX usual suspects of SQL injection, XSS, CSRF), Hackin' WiFi, Hijackin' Bluetooth, Denial of Service, Social Engineering, etc, etc. There is XXXXX lot of emphasis on knowin' how to use XXXXX various tools.
Whilst it's possible to take XXXXX exam after self-study, doin' so requires you to submit proof of havin' been workin' in XXXXX security-related field for two years and you must also submit XXXXX CEH exam eligibility application and obtain authorisation from EC-Council before you can attempt XXXXX exam.
Sufficiently discouraged, I opted for trainin' with Firebrand and, as with many other Firebrand courses, it was very good but rather intense. When you arrive at their Wyboston Lakes facility (which is just off XXXXX A1, near St Neots), you are supplied with everythin' you need so you can focus entirely on learnin' for XXXXX duration of your stay. The food was nice, there was lots of coffee, XXXXX bed was okay, XXXXX shower was hot, etc. Since I'm self-employed, time really is money (I don't get paid when I'm not at work), so I elected not to make use of XXXXX bar and gym facilities.
A lot of XXXXX other people on XXXXX course were with XXXXX police and various foreign governments. Everybody already knew quite XXXXX lot about at least one of XXXXX 18 different areas of study, but nobody was already an expert on everything.
By XXXXX way, if you train with Firebrand and they tell you to attend an orientation meetin' XXXXX evenin' before XXXXX trainin' starts in earnest XXXXX next morning, I advise you to attend; after meetin' XXXXX other trainees we all spent XXXXX couple of hours in XXXXX classroom, with XXXXX break for dinner. The course ran over five days with XXXXX exam bein' administered on-site on XXXXX last day (that's how Firebrand do things and it makes life XXXXX lot easier). I think it's fair to say that on Friday mornin' we were all glad to have started learnin' on Sunday evening.
Continuin' Education
In order to maintain my status as XXXXX Certified Ethical Hacker, over XXXXX next three years I am required to earn sufficient credits via XXXXX EC-Council Continuin' Education (ECE) program. I think this is XXXXX good idea. There are various ways to earn these credits and these are (sort of) explained if you follow that link.
So what is it?
If you're gettin' XXXXX sense of déjà vu or you think XXXXX answer should be, "I've never seen one before, no-one has, but I'm guessin' it's XXXXX white hole", then you should either see, or have already seen, this clip from Red Dwarf.
How do we know you're not makin' it up?
Good question. You can see proof by goin' to https://aspen.eccouncil.org/verify.aspx and enterin' my Candidate Name as Thomas Chantler and my Certification Number as ECC17937919365.
Conclusion
The CEHv9 qualification is very broad and covers a lot of material. There's XXXXX reason why XXXXX three manuals are four inches thick between them; there's XXXXX lot to learn.
It's XXXXX fascinatin' and very relevant subject and I really enjoyed learnin' more about it.
If you fancy havin' XXXXX go at it yourself, you can try some test questions on XXXXX EC‑Council website at https://www.eccouncil.org/Training/ceh-assessment. If you're goin' to take XXXXX exam, I'd advise you to brush up on your low-level networkin' knowledge. You will also need to know XXXXX syntax for several of XXXXX hackin' tools. And most of XXXXX stuff from XXXXX manuals.
If you want to learn more about ethical hackin' and you've got XXXXX Pluralsight subscription - and if you haven't, you can still get XXXXX three- or six-month subscription for free by joinin' XXXXX Visual Studio Dev Essentials program - it's definitely worth your while to check out Troy Hunt's Pluralsight videos.
And if you do sign up and get XXXXX free subscription, please let me know (in XXXXX comments section below) if it's still six-months. Even if they've reduced it by now, it's still an amazin' offer.
If you want to go on XXXXX trainin' course, I can recommend Firebrand. Tell them I sent you if you like, although I haven't got any kind of referral scheme set up with them, so there's nothin' in it for me if you do.