I got my CEH Practical, but is it worth it?
Short answer: For $550, no.
Long answer: For just $99, maybe. Still not a straight yes.
As 2021 started, I had 2 certification goals, the Security+ and the CEH Practical. The Security+ was just to get me started, it’s a theoretical exam, and the majority of its content I’ve already covered in university. It was a nice refresher nevertheless, and I learned some stuff from it, such as the Cryptography topic.
For the CEH Practical, I wanted a beginner certification which is also a practical. I have learned now that I could have opted for the eJPT, but we’re here now. As we got to mid-year, I had decided I wasn’t going to sit for the CEH, but instead, take about 6 months or so studying for the CRTP. But then the “scholarship” from EC council got announced and I got tempted. I applied for the scholarship, obviously obtained one, and scheduled my exam.
Preparation
From the reviews I had read, this one is my favorite, the CEH exam is dubbed to be a walk in the park. Although EC Council claims that the challenges in the exam mirror real-world environments, they could not be any further from the truth. For my exam prep, I did not plan to purchase the labs, I just read some content online and purchased my HTB VIP voucher. My plan was to just do the challenges on there and call it a day.
TBH, I only started going through the actual CEH content about a week before the exam. I also tried starting a Git repo with a cheat sheet for the exam before realizing I was way off base.
The exam
My exam was scheduled for 2 p.m, and I was ready to get right in and out within one and a half hours. But they clearly had other plans for me. I clicked start for my exam, and I had to wait for the proctor, whom I ended up waiting for, for 50minutes. This gave me so much anxiety because I did not know what was wrong and I just kept refreshing the page and restarting the video call.
Then I got into the exam, pretty pissed at this point. The exam setup is the same you’d find in the EC Council labs. You’re provided with 2 machines, and you’ll have challenges in each you’d have to complete. Here’s the catch, the machines were as slow as a snail, and tested my patience to the brim. At one point I almost just walked out of the exam without finishing because it was not worth it.
The challenges are more like a CTF, nothing you will find in the real world. They do not require a lot of thought, just knowing which tools to use will get you by. Sample questions are:
- Which machine has FTP running?
- What’s the password of this user on machine X?
- What is the password hidden in the jpeg file?
Almost all of them are in this format, and if you do not think too much you will be able to ace the exam. I completed 17 questions and called it quits, I could no longer keep going and I was about 3 hours 30 minutes into the exam. I got out super frustrated, even though I had passed.
Conclusion
Will this exam develop any of your penetration testing skills? Probably not.
Should you pay $550 for it? Please don’t.
It does show that you have a passion for learning about hacking and this is just a start. If you are a frequent player on HTB or THM you are probably advanced than the exam and will pass without blinking. I’d recommend looking at other certification options because at this point, the CEH practical does not validate any skills. What’s more excrutiating is the testing environment(ugh, kill me).
That’s my take. You’re better off without this cert.
’Til next time
