Skip to content
CEH-Featured-Image

How I passed CEHv10 Post Exam Write-up

In this post I’d like to share my exam experience and to point out some of the best resources to help you prepare for and pass the Certified Ethical Hacker certification offered by EC-Council.

Table of Contents

About EC-Council’s CEHv10 exam

The CEH exam is a 4-hour exam with 125 multiple choice questions. This knowledge-based exam will test your skills in Information Security Threats and Attack Vectors, Attack Detection, Attack Prevention, Procedures, Methodologies and more.

Who is a Certified Ethical Hacker?

A Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems.

A CEH understands attack strategies, the use of creative attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential.

Course Outline

  • Module 01: Introduction to Ethical Hacking
  • Module 02: Footprinting and Reconnaissance
  • Module 03: Scanning Networks
  • Module 04: Enumeration
  • Module 05: Vulnerability Analysis
  • Module 06: System Hacking
  • Module 07: Malware Threats
  • Module 08: Sniffing
  • Module 09: Social Engineering
  • Module 10: Denial-of-Service
  • Module 11: Session Hijacking
  • Module 12: Evading IDS, Firewalls, and Honeypots
  • Module 13: Hacking Web Servers
  • Module 14: Hacking Web Applications
  • Module 15: SQL Injection
  • Module 16: Hacking Wireless Networks
  • Module 17: Hacking Mobile Platforms
  • Module 18: IoT Hacking
  • Module 19: Cloud Computing Module
  • Module 20: Cryptography

Preparation

Networks

As many have mentioned, the ECC material for the most part is useless. The course book is so massive and broad, and the videos are too split up for me to focus on, so I decided to mostly rely on outside material:

  • The Matt Walker All-in-One book is essential. Matt Walker makes difficult to understand concepts seem super easy to understand. It has some interesting stories too that kept my attention. I would read this book even if I was not planning on giving the exam.
  • Boson hands down the most crucial study material I used. If you are on the fence, or if you are paying for the cert personally, get it.
    I did all the exams in study mode and read each explanation as the info given was the best summarized material I could find.
    In short, stop holding out and get this if you are serious about passing the exam.

After understanding concepts, I’ve gone through official courseware suspecting miss outs in AIO, if any.
Not surprisingly, there are few things AIO didn’t cover. Believe me, there are one or two questions cropped in the exam.

Taking the exam

A day before, I didn’t prepare much, I worked on some Bug Bounty hunting automation scripts and I relaxed listening to music.

On the final day, it took around 30 minutes to complete test formalities and to start the exam. The proctor was very nice and everything went smooth, without any software/connection issues.

1 hour in the exam I have gone through all the 125 questions and I have marked 15 of them for reviewing them later.

After 10 more minutes I was ready to end the exam and to receive my grade:

Certified Ethical Hacker Exam Trascript

Total Time: 1:10 hr

Total Points Scored: 105/125

Time preparing: 4 weeks

Ending notes

Biggest issue with the CEH: The wording of the questions. They are not worded very clearly, and some of the questions have 4 answers none of which make any sense. But you have to pick the “least worst” one. The CyberQuotient exams and quizzes are helpful for getting the question wording down, which is a big part of the battle.

Overall it was a difficult exam that I am glad it’s behind me. Study and prepare, don’t go into this with less than a good understanding of the material. If you give it a good honest effort you should be fine. Do NOT underestimate it!

Stay safe & Stay healthy. Good luck on your exam!

TLDR: Skip the EC-Council class, look over the AIO content, get the Boson question set and take each test 2-4 times (or until you have the content down cold), and use the CyberQuotient content if you have it. For reference, I redid (3 times) the Boson tests until I was regularly getting 92-93% and ended up with 91 and 94% on the two practice CyberQuotient tests (by the 3rd round).

You might be interested in reading these too:
Protect MacOS Against Keyloggers & Ransomware
While MacOS computers have been spared from some of the most famous malware attacks, there is no shortage of malicious programs written for them. Keep your computer safe from some of the most common types
,
Fuzz Parameters, Directories & More with Ffuf
The art of fuzzing is a vital skill for any penetration tester or hacker to possess. The faster you fuzz, and the more efficiently you are at doing it, the closer you are to achieving
Set Up Pi-Hole®: Block ads for devices inside your network
If you are looking for a little toy project to pass some time during these days then this project may be for you. In this tutorial, we will install Pi-hole on a Raspberry Pi to
Top 10 Things to Do after Kali Linux Installation
Kali Linux, by default, probably doesn't have everything you need to get you through day-to-day penetration testing with ease. With a few tips, tricks, and applications, we can quickly get started using Kali like a
,
Use Surge.sh: Free hosting for XSS payloads
Surge.sh flies under the radar of many, but it’s pretty common among static-site developers. I find it to be the best place for hosting my XSS payloads. It’s free, easy, they provide SSL, and you
,
Top 5 Most Common Mobile App Security Flaws
Whether you’re a pentester looking to gain some experience in mobile hacking or a developer aiming to build secure apps, familiarizing yourself with some of the common security mistakes developers make will serve you well.