CEH Practical Exam Review 2023

First of all, greetings to everyone! I’m Tunahan Tekeoğlu, and since I noticed a lot of information pollution on the internet while preparing for the CEH Practical Exam which took about 3 hours and some, and received many messages on LinkedIn, I decided to give it a shot and take a look at this CEH Practical from my perspective.

First of all, let me start by giving a brief overview of the difficulty level of the exam for those who are new to this or considering taking it

If you are currently working on the Red Team or Blue Team and are proficient in most of the tools required for the job, the exam may not be very difficult for you. However, it is still important to have previously understood and applied the knowledge you already have in different scenarios.”

!However, for someone who is new to this field, the exam is definitely not easy. If you want to make a quick entry into the industry by obtaining this certification, it would be beneficial for you to prepare yourself beforehand by going through a preparation process!

What is EC-Council’s CEH Practical?

Certified Ethical Hacker (Practical) is a six-hour, challenging exam that requires you to demonstrate the application of ethical hacking techniques and solve a security audit challenge within a limited time frame, similar to real-world scenarios. The exam is designed by an experienced team containing 20 real-life scenarios with questions that verify the fundamental skills required in ethical hacking areas stated in the C|EH program. It is not a simulation exam, but rather a real-world example of a corporate network mimicked using live virtual machines, networks, and applications designed to test ethical hacking skills.

CEH Practical Exam Information:

• Exam Name: Certified Ethical Hacker (Practical)
• Number of Challenges: 20
• Passing score: 70% (14 out of 20 challenges)
• Exam Infrastructure: iLabs (browser-based)
• Test duration: 6 Hours With 15 minutes Break

CEH Practical Exam Details

• The exam is fully proctored live by a proctor using GoToMeeting (Web Conferencing and Online Meeting Software) and webcam, microphone, and screen sharing. The entire duration of the exam is recorded.
• The exam is conducted in iLab, which is a browser-based environment.
• The user is provided with 2 virtual machines for pentesting: Parrot OS and Windows (Unfortunately, Kali is not available).
• The exam is an open-book exam, meaning you can take notes, watch instructional videos, and read blogs. However, it is strictly prohibited to read notes you have taken previously, communicate with others, or make phone calls. (But since you are reading this during the exam, it’s not a problem :D)
• Internet access will not be possible on your machine, so you will need to use your own browser to access resources.
• In case of an internet connection disruption or any issue, make sure to note down your answers somewhere.

What To Expect İn The Exam?

• The exam requires performing vulnerability analysis to identify security flaws in the target organization’s network, communication infrastructure, latest systems, etc.
• Hacking into systems, steganography.
• Scanning networks to identify live and vulnerable machines on a network.
• Obtaining the operating system banner, performing service and user enumeration.
• Different types of encryption attacks.
• SQL injection attacks.
• Packet sniffing.

Without further ado (as the previous notes were too long and tiresome), let’s get to the most enjoyable part of the job, which I know you have all been waiting for :P.

How to pass the exam?

• DON’T PANIC!
• You must read and understand each of the 20 questions well, as the answer to some questions may be hidden within. If you don’t understand, give yourself time to breathe and reread. Trust me, it will be very helpful.
• You must be familiar with the terminal interfaces of Linux and Windows.
• It is very important that you have previously used the tools you will use in the exam. If you practice beforehand, the exam will be very comfortable for you!

Here are some tools you can use;

1. Nmap
2. Hydra
3. Sqlmap
4. Wpscan
5. Hashcat
6. John
7. Metasploit
8. Wireshark
9. Responder
10. Did some challenges on HTB-Stegno challenges (:

• I repeat, “use all of these tools before entering the exam.” If you encounter a tool for the first time during the exam, learning it at that moment can stress you out.
• Everything you need is available in the exam environment. If you can’t find something, don’t panic, stay calm and look again. It must be there. Don’t waste time looking for extra things, everything you need is there.
• If you want to get lost in your nmap queries in the Linux terminal, it would be very helpful for you to use a scanning tool that you can use in Windows. You can use Zenmap or Advanced IP Scanner.
• Before taking the exam, don’t forget to solve a few Android machines on HTB.
• On your learning phase don’t skip the modules of cryptography and steganography. You may regret if you miss those modules. At least learn how to use the tools.

Verify My Badge:

Verify Badge | ASPEN

Some Resources :

1. https://www.stationx.net/nmap-cheat-sheet/
2. https://www.poftut.com/how-to-scan-wordpress-sites-with-wpscan-tutorial-for-security-vulnerabilities/
3. https://www.hackingarticles.in/database-penetration-testing-using-sqlmap-part-1/
4. https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/
5. https://linuxconfig.org/password-cracking-with-john-the-ripper-on-linux
6. https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/
7. https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/
8. The following GitHub repository is really great, almost everything you need is there;

GitHub - CyberSecurityUP/Guide-CEH-Practical-Master

CHATGPT İS FREE.

Whatever comes up during the exam, just ask ‘Hey GPT, how can I do this?’ and it will take care of it for you :)

Almost all friends who wrote a review have proudly added their own certifications at the end of their reviews :) I won’t do that, but if this post helped you get your certification, I would love to see it. You can send it to me via LinkedIn. Remember, I BELIEVE IN YOU.

If you find this blog worth reading then do hit that 👏🏻