How I passed the ceh, was it worth?

Juan Fernando Arteaga
4 min readApr 14, 2023

First it all. Read on the EC-COUNCIL what is the target audience to present this test. This is for people who has little knowledge in cybersecurity and want to now a bit of ethical hacking and pentesting, and they are just starting his career, probably people who don’t have good understanding how UNIX system works or has not been related with programing or people how handle teams and don’t have a cybersecurity background and want to know something about hacking. For me, according to the objectives and the summarize that EC-COUNCIL propose this is the target audience . If you have a good idea about both of the topics i shall recommend you go for the eJPT, this could be more challenging and you would learn more about pentest.

Now why a present the ceh and why i paid for it.

If you read my last post a few weeks ago, I presented the CHFI (which also has a review). Just to summarize, I didn’t know much about other certifications about digital forensics, but I had the budget, and someone recommend it. About two weeks before starting the CHFI course, the institution called me and offered me a promotional code or special commercial deal, to be honest, I don’t remember exactly. The case was that I just had to pay another $200 to take both of them, so I decided to do it. This is the main reason why I only paid for the course with a discount. Also, hacking is not my favorite cybersecurity field, but I really want to learn a little about it. So, I had in mind to later take the eJTP because if you do a fast search on the internet, you can find a lot of information about this certification, and a lot of people say the same thing, “This is not a real certification for pentesting or hacking.” I’ll explain a bit later. On the other hand, they suggest the eJTP, and all of them are right. If you really want to learn about hacking, it is definitely worth it. Also, the price of eJPT is a quarter of the CEH.

What about the course

Unlike the CHFI course, I found the topics and content boring because all of it is theoretical. There are few classes — at least two — where you can do a real lab and deploy machines to get hands-on hacking experience, create shellcodes, learn about SQL injection, and everything else. I understand that digital forensics could be more theoretical because everyone should get the theoretical basics to understand the high risk when dealing with cases in real life. There are rules and frameworks that you should know before working on a case. But when you are learning about hacking, you want to break things, you want to destroy, you want to pwnd the target, and this course doesn’t give you the time to perform this. (Disclaimer: if you take your time, you can do the labs on your own, but you are paying for this.) You don’t want to sit and hear and read about what is a shellcode, what is a path traversal, XSS, and much more.

Like the CHFI course, they gave me a big book to study with over 3000 pages, which I found to be excessive. However, what I found useful were the real-world examples that the instructor provided. They presented real cases where they explained how they conducted a pentest and how they were able to break the security of various companies.

Contrary to the CHFI, I looked on the internet for a summary of someone who had taken the test before. I read it twice and then took the test. I didn’t spend a lot of time preparing for this certification. To my surprise, the test was easier than the CHFI and I passed with a higher score. In total, I spent only three weeks studying, but I only spent a couple of minutes each day.}

What it think about this cert?

I only recommend this certification for those who doesn’t want to become a “hacker” or penetration tester. It is overpriced and there are better courses out there. But if you take a look at the EC-COUNCIL website, the objective of the course and certification is to provide basic knowledge or an idea about what hacking is in general and methods to break into systems. According to this, on a scale from 0 to 10, I give this certification a 6. I’m still thinking this certification is overpriced, but for those who have more than one year of experience in cybersecurity, this certification is a 3 or 4 over 10.

--

--

Juan Fernando Arteaga
0 Followers

cybersecurity enthusiastic, with different likes such as fields infrastructure, malware analysis and cyber threat intelligence