Welcome, dear reader! I sincerely hope you’ve found your way here to this introduction happy, healthy, and brimming with confidence—or, at the very least, curiosity. I can see you there, standing in your bookstore flipping through the book or sitting in your living room clicking through virtual pages at some online retailer. And you’re wondering whether you’ll buy it—whether this is the book you need for your study guide. You probably have perused the outline, checked the chapter titles—heck, you may have even read that great author bio they forced me to write. And now you’ve found your way to this, the Introduction. Sure, this intro is supposed to be designed to explain the ins and outs of the book—to lay out its beauty and crafty witticisms in such a way that you just can’t resist buying it. But I’m also going to take a moment and explain the realities of the situation and let you know what you’re really getting yourself into.
This isn’t a walk in the park. Certified Ethical Hacker (CEH) didn’t gain the reputation and value it has by being easy to attain. It’s a challenging examination that tests more than just simple memorization. Its worth has elevated it as one of the top certifications a technician can attain, and it remains part of DoD 8570’s call for certification on DoD networks. In short, this certification actually means something to employers because they know the effort it takes to attain it. If you’re not willing to put in the effort, maybe you should pick up another line of study.
If you’re new to the career field or you’re curious and want to expand your knowledge, you may be standing there, with the glow of innocent expectation on your face, reading this intro and wondering whether this is the book for you. To help you decide, let’s take a virtual walk over to our entrance sign and have a look. Come on, you’ve seen one before—it’s just like the one in front of the roller coaster reading, “You must be this tall to enter the ride.” However, this one is just a little different. Instead of your height, I’m interested in your knowledge, and I have a question or two for you. Do you know the OSI reference model? What port does SMTP use by default? How about telnet? What transport protocol (TCP or UDP) do they use and why? Can you possibly run something else over those ports? What’s an RFC?
Why am I asking these questions? Well, my new virtual friend, I’m trying to save you some agony. Just as you wouldn’t be allowed on a roller coaster that could potentially fling you off into certain agony and/or death, I’m not going to stand by and let you waltz into something you’re not ready for. If any of the questions I asked seem otherworldly to you, you need to spend some time studying the mechanics and inner workings of networking before attempting this certification. As brilliantly written as this little tome is, it is not—nor is any other book—a magic bullet, and if you’re looking for something you can read one night and become Super-Hacker by daybreak, you’re never going to find it.
Don’t get me wrong—go ahead and buy this book. You’ll want it later, and I could use the sales numbers. All I’m saying is you need to learn the basics before stepping up to this plate. I didn’t bother to drill down into the basics in this book because it would have been 20,000 pages long and scared you off right there at the rack without you even picking it up. Instead, I want you to go learn the “101” stuff first so you can be successful with this book. It won’t take long, and it’s not rocket science. I was educated in the public school systems of Alabama and didn’t know what cable TV or VCR meant until I was nearly a teenager, and I figured it out—how tough can it be for you? There is plenty in here for the beginner, though, trust me. I wrote it in the same manner I learned it: simple, easy, and ideally fun. This stuff isn’t necessarily hard; you just need the basics out of the way first. I think you’ll find, then, this book perfect for your goals.
For those of you who have already put your time in and know the basics, I think you’ll find this book pleasantly surprising. You’re obviously aware by now that technology isn’t magic, nor is it necessarily difficult or hard to comprehend—it’s just learning how something works so you can use it to your advantage. I tried to attack ethical hacking in this manner, making things as light as possible and laughing a little along the way. But please be forewarned: you cannot, should not, and will not pass this exam simply by reading this book. Any book that promises that is lying to you. Without hands-on efforts, a lot of practice, and a whole lot of additional study, you simply will not succeed. Combine this book with some hands-on practice, and I don’t think you’ll have any trouble at all with the exam. Read it as a one-stop-shop to certification, though, and you’ll be leaving the exam room wondering what happened to you.
There is, of course, one primary goal and focus of this book—to help you achieve the title of Certified Ethical Hacker by passing the version 9 exam. I believe this book provides you with everything you’ll need to pass the test. However, I’d like to think it has more to it than that. I hope I also succeeded in another goal that’s just as important: helping you to actually become an employed ethical hacker. No, there is no way someone can simply pick up a book and magically become a seasoned IT security professional just by reading it, but I sincerely hope I’ve provided enough real-world insight that you can safely rely on keeping this book around on your journey out there in the real world.
Speaking of this book, it covers everything you’ll need to know for EC-Council’s Certified Ethical Hacker examination. Each chapter covers specific objectives and details for the exam, as defined by EC-Council. I’ve done my best to arrange them in a manner that makes sense to me, and I hope you see it the same way.
Each chapter has several components designed to effectively communicate the information you’ll need for the exam:
• The certification objectives covered in each chapter are listed first, right off the bat. These identify the major topics within the chapter and help you to map out your study.
• Sidebars are included in each chapter and are designed to point out information, tips, and stories that will be helpful in your day-to-day responsibilities. Not to mention, they’re just downright fun sometimes. Please note, though, that although these entries provide real-world accounts of interesting pieces of information, they are sometimes used to reinforce testable material. Don’t just discount them as simply “neat”—some of the circumstances and tools described in these sidebars may prove the difference in correctly answering a question or two on the exam.
• Exam Tips are exactly what they sound like. These are included to point out an area you need to concentrate on for the exam. No, they are not explicit test answers. Yes, they will help you focus your study.
• Specially called-out Notes are part of each chapter, too. These are interesting tidbits of information that are relevant to the discussion and point out extra information. Just as with the sidebars, don’t discount them.
Before I get to anything else, let me be crystal clear: this book will help you pass your test. I’ve taken great pains to ensure everything EC-Council has asked you to know before taking the exam is covered in the book, and I think it’s covered pretty darn well. Again, I have one cautionary note I’d like to place here, and that is do not use this book as your sole source of study. This advice goes for any book for any certification. You simply cannot expect to pick up a single book and pass a certification exam. You need practice. You need hands-on experience, and you need to practice some more. And anyone—any publisher, author, or friendly book sales clerk partway through a long shift at the local store—who says otherwise is lying through their teeth.
Yes, I’m fully confident this book is a great place to start and a good way to guide your study. Just don’t go into this exam with weird overconfidence because “I read the book so I’m good.” The exam changes often, as it should, and new material pops up out of thin air as the days go by. Avail yourself of everything you can get your hands on, and for goodness’ sake build a home lab and start performing some (a lot of) hands-on practice with the tools. There is simply no substitute for experience, and I promise you, come test time, you’ll be glad you put your time in.
Speaking of the test (officially titled CEH 312-50, version 9 as of this writing), it was designed to provide skills-and-job-roles-based learning, standard-based training modules, and better industry acceptance using state-of-the-art labs (in the official courseware and online). The exam consists of 125 multiple-choice questions and lasts 4 hours. A passing score is 70 percent (in other words, you must get at least 88 questions correct). Delivery is provided by VUE and ECC.
These tidbits should help you:
• Be sure to pay close attention to the Exam Tips in the chapters. They are there for a reason. And retake the exams—both the end-of-chapter exams and the electronic exams—until you’re sick of them. They will help, trust me.
• You are allowed to mark, and skip, questions for later review. Go through the entire exam, answering the ones you know beyond a shadow of a doubt. On the ones you’re not sure about, choose an answer anyway and mark the question for further review (you don’t want to fail the exam because you ran out of time and had a bunch of questions that didn’t even have an answer chosen). At the end of each section, go back and look at the ones you’ve marked. Change your answer only if you are absolutely, 100 percent sure about it.
• You will, with absolute certainty, see a couple of question types that will blow your mind. One or two will come totally out of left field. I’ve taken the CEH exam six times—from version 5 to the current version 9 (which this book is written for)—and every single time I’ve seen questions that seemed so far out of the loop I wasn’t sure I was taking the right exam. When you see them, don’t panic. Use deductive reasoning and make your best guess. Almost every single question on this exam can be whittled down to at least 50/50 odds on a guess. The other type of question you’ll see that makes you question reality will be one using horribly bad grammar in regard to the English language. Just remember this is an international organization and sometimes things don’t translate easily.
• On code questions on the exam (where code snippets are shown for you to answer questions on), pay attention to port numbers. Even if you’re unsure about what generated the log or code, you can usually spot the port numbers pretty quickly. This will definitely help you on a question or two. Additionally, don’t neglect the plain text on the right side of the code snippet. It can often show you what the answer is.
In addition to test tips and how to get certified, one of the questions I get asked most often is, “Hey Matt, what’s on the test?” After noting the myriad reasons why I cannot and should not provide exact test questions and answers (ethics and nondisclosure agreements and such), I usually respond with, “Everything in this book. And a little more.” Now, thanks to Amy Stonebraker, McGraw-Hill Education’s acquisitions editor saddled with the unending joy of working with me on this project, and her ceaseless but carefully calculated and brilliantly executed plan to beat me into submission to her every whim and idea on the book, I can just point everyone to this little section as an answer.
Now I know some of you are reading this and saying, “Wait a minute…. This is supposed to be an All-in-One study guide. What do you mean with the “And a little more” addition there? I thought you covered everything in this book? And why did Amy have to beat you so much to get it in here?” Let me explain.
First, I’m a quick learner, and the reviews and responses from the first two versions of this book lead me to an irrefutable truth: No static book ever written can cover everything EC-Council decides to throw into their exam queue. A couple months after publication, EC-Council might decide to insert questions regarding some inane attack from the past, or for something that just happened (that is, Heartbleed-style vulnerability announcements). It’s just the nature of certification exams: some of it is just going to be new, no matter what training source you use. And, yes, that includes their own official course material as well.
Second, and to the more interesting question of insight into editor–author relationships at McGraw-Hill Education, Amy had to beat on me quite a bit because we disagreed on including objective maps in this book. Amy rightly noted that an objective map helps candidates focus their study as well as helps instructors create lesson plans and classroom schedules. My argument centered on three things. First is the unavoidable fact that EC-Council’s objectives can be unclearly worded, and oftentimes you can’t find what you’re supposed to know about them or to what level that knowledge would be tested in their official courseware. Second, the objectives themselves can only be found in EC-Council’s official courseware now (you can find a test breakdown and such on their website, but not the objectives anymore) and copy/pasting from that is a no-no. Third, EC-Council is going away from versions altogether and is adopting the continuing professional education model that most other certification providers use. Which means, dear reader, EC-Council may just up and change their objectives any time they feel like it—without releasing another “version.”
So, a conundrum—which Amy solved for us because she’s just awesome that way. We present to you, dear reader, with a domain map for this book. EC-Council defines 18 domains for their current (and future) CEH certification. We’ve mapped these domains to the chapters for your use:
So there you have it, ladies and gentlemen. Hopefully this helps in preparing your study/classroom and calms any fears that we may have left something out.
So, you’ve studied, you’ve prepped, and you think you’re ready to become CEH certified. Usually most folks looking for this certification believe their next step is simply to go take a test, and for years (as is the case for most other certifications) that was the truth. However, times change, and certification providers are always looking for a way to add more worth to their title. EC-Council is no different, and it has changed things just a bit for candidates.
When you apply for the certification, there are a couple of things ECC asks for to protect the integrity of the program. First is a signed agreement whereby you promise not to use the knowledge provided for naughty purposes: prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent. Second is some form of verification you’re qualified to be in this fraternity—that is, that you’ve been working the job long enough to know what’s going on, or that you’ve completed appropriate training (in the eyes of EC-Council anyway) to make up for that.
There are two ways for a candidate to attain CEH certification: with training or using only self-study. The training option is pretty straightforward: you must attend an approved CEH training class before attempting the exam. And they really, really, really want you to attend their training class. Per the site (http://iclass.eccouncil.org/?p=719), training options include the following:
• Live, Online Instructor-Led These are offered by many training affiliates EC-Council has certified to provide the training. They offer the official courseware in one of two methods: a standard classroom setting or via an “online-live” training class you can view from anywhere. Both offerings have an ECC-certified instructor leading the way and as of this writing costs $2,895 per seat.
• Client-Site EC-Council can also arrange for a class at your location, provided you’re willing to pay for it, of course. Costs for that depend on your organization.
As for doing it on your own, a couple methods are available:
• i-Learn In this option, you pay for the official courseware and prerecorded offerings, along with the labs used for the class. This allows you to work through the stuff on your own, without an instructor. Cost as of this writing is $1,899.
• Self-Study If you want to study on your own and don’t care about the class at all (that is, you’ve been doing this for a while and don’t see the value of going to a class to have someone teach you what you already know), you can simply buy the courseware for $870 and study on your own.
Once you attend training, you can register for and attempt the exam with no additional cost or steps required. As a matter of fact, the cost for the exam is usually part of the course pricing. If you attempt self-study, however, there are some additional requirements, detailed here, straight from EC-Council.
In order to be considered for the EC-Council certification exam without attending official training, candidate must:
• Have at least two years of information security–related experience.
• Remit a nonrefundable eligibility application fee of USD100.
• Submit a completed Exam Eligibility Application Form. (Applicant will need to go to https://cert.eccouncil.org/exam-eligibility-form.html to fill in an online request for the Eligibility Application Form. USA/Canada applicants can contact applicationservices@eccouncil.org, and international applicants can contact cehapp@eccouncil.org. EC-Council will contact applicant’s boss/supervisor/department head, who has agreed to act as the applicant’s verifier in the application form, for authentication purposes. If the application is approved, the applicant will be required to purchase a voucher from EC-Council directly. EC-Council will then send the candidate the eligibility code and the voucher code, which the candidate can use to register and schedule the test at any authorized VUE Testing Center globally. Please note that VUE Registration will not entertain any requests without the eligibility code. If the application is not approved, the application fee of USD100 will not be refunded.)
• Purchase an official exam voucher directly from EC-Council through http://store.eccouncil.org/.
And there you have it, dear reader. Sure, there are a couple of additional hoops to jump through for CEH using self-study, but it’s the best option, cost-wise. From the perspective of someone who has hired many employees in the security world, I honestly believe it may be the better option all around: anyone can attend a class, but those who self-study need to have a sponsor to verify they have the appropriate experience. It’s well worth the extra step, in my humble opinion.
Finally, thank you for picking up this book. I sincerely hope your exam goes well, and I wish you the absolute best in your upcoming career. Here’s hoping I see you out there, somewhere and sometime!