Cracking CEH – The Comprehensive Guide in a Nutshell

September 8, 2016 | Views: 11371

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

EC- Council’s Certified Ethical Hacker, currently version 9, is one of the most in demand certificate out there. People mostly have a varying viewpoint on how good is CEH and if anyone should do it at all.  But in any case it does not change the fact that the certification is valued around the world and is also one of the most popular ones.

I graduated in July 2016 – Bachelor of Technology, in Computer Science and after a lot of thinking I came to conclusion that I needed it for career advancement so I went for it.

Training was 5 days long and after taking another 15 days to prepare I passed my exam on 26th August 2016 and here is a comprehensive guide to anyone who is preparing for it or even thinking about it.

NOTE – before we get started, I want to emphasize on the fact that a certification does not guarantee that you know more than a person without one. What it definitely does is, make you stand out of the crowd because even to prove your worth to the interviewer, you need to make it to the seat across the interviewer.

Who should go for it?

I found there are mostly two types of people who go for CEH.

  • People currently doing job – want to come into the cyber security domain / become a trainer / looking for a better pay grade.   
  • Students who want to stand out of the crowd and have a better credibility when it comes to job interviews.


CEH is not an advanced certification or a highly practical one and no one will ask you to break into a system in a given time.

What will be required of you is that you are conceptually sound. And for this reason you should have some background in information security. By that I mean, you should be familiar with the basics.

In my case, I had computer networks, information security & cyber laws and digital forensics as information security related subjects in college and I really dug deep into them which gave me an edge.

Before enrolling it is highly advisable that you gather as much theoretical knowledge as possible.

There are multiple CEH books available but I strongly suggest that you read the certification study guide by Sean-Philip Oriyano, the book is as simple as it can possibly be and if, after doing your part, this guide doesn’t makes sense to you, you need to stop right there. This book is right from the very basics and you really need to invest time in this before going for CEH. Not to mention that it is immensely helpful from exam perspective.

Another option is to check out the Network+ and Security+ courses from Comptia. They are very extensive and most probably will give you the foundation you need.

Additionally lot of good resources can be found on Cybrary itself, a big shoutout to the Cybrary team for that.



I had knowledge of all the concepts of CEH before enrolling and I just wanted to do more and more practical and to hell with theory. And this is where I was wrong.

The name and cost of the certification may give you a wrong idea. The main thing is THEORY.

You need to keep in mind that CEH is only a starting point, a basic certification and opens up doors for multiple domains, technical and a bit less technical.

And for this reason theory is of utmost importance. You will be asked questions on tools, ethics, management and even a bit on morals (I know right?).

In the training you are expected to learn about multiple concepts but not necessarily go deep into them. One can say it’s horizontal learning instead of vertical.

The courseware will have 3 books – a lab guide and 2 course books which are nothing but a collection of screenshots, better to download the E-book from ASPEN portal and read from that. The lab guide though I found it pretty useful if you are serious about practical and want to do on your own. Keep in mind that in the training, for one topic, it’s not possible for instructor to use all tools for demo, you will learn to use a popular one and rest you can do on your own via lab guide.

Training is of 40 hours, so it’s quite fast paced, precisely why I wrote the PRE-REQUISITE section.

So in a nutshell, in 40 hours you will learn theoretical concepts and will be given demo of some of the most popular tools used for each topic.



Starting from the exam guide itself, you need to know everything that’s in there.

Coming to the courseware, well like I said before, the two books aren’t much use but the lab guide is certainly very good for practice purpose and make sure you know about as much tools as possible given in the lab guide.

Once you enroll yourself, an account will need to be created on the ASPEN portal and from there you can download the softcopy of the books which surprisingly have more content than the hard copies.

This will cover up all the theoretical content there is in the syllabus.


This isn’t your regular academic exam and hence you will have questions that are not covered in syllabus, therefore gain as much knowledge of the information security domain as possible.

For example, in my exam, I had questions from subnetting and Access control lists which is CCNA territory. Lucky for me, I got myself CCNA certified last year and was able to nail those questions. Then there were a few on digital forensics and biometrics which I had read in my college time so that wasn’t a problem either.

So again, the point being this isn’t a test of your syllabus, information security is a wide domain and you need to know as much as you can.

The easiest way to do so, apart from reading what’s happening in the world, is to practice as much as you can.

I used skillset, for practice questions, and they were quite helpful. No need to go for paid plan, the free one is more than good enough.



You get 4 hours for 125 questions which include questions based on tools, scenarios, deduction, commands etc. all multiple choice with no negative marking.

If you were thorough with the courseware and exam guide you should be able to answer anywhere between 85-90 % questions. Rest depends in your background knowledge – stuff that isn’t in the syllabus.

For example, in the course you are introduced to metasploit. It is just an introduction, but in my exam I received a question which I was able to answer because I had previous experience with metasploit. A newbie stands no chance here.

Lastly, CEH is not tough but can be a bit tricky. You need good understanding of the information security domain and this is why it is better to take your time and know what you are getting into.



So I sincerely hope by now, you have a pretty good idea of CEH. Before going for it, I had a plethora of doubts but hardly anyone to answer them, therefore I genuinely welcome any doubts that you might have.

twitter – @kartikpanwar_07

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Just wondwr wy, this article is not showing up in the android app the cybrary android app? Is there something wrong with the app? Or should I sync the android apl or something else?
    Tjabk yo?

  2. Nice article bro.

    May I ask you some guidelines for my career?

    I finished my Post graduation in Computer science and Information Security.I would like to build up my career in IT Security field. As a fresher, should I go take any certification to kick start?
    If yes should I choose **CEH** or **RHCE(**I like system administration too). Also does CEH helps as per its hype?

  3. Well written! Very accurate explanation on differentiating between the two types of CEH applicants.

  4. In terms of certs should one do the CISSP or CEH first?

    • I am sorry mate, can’t help you with CISSP, I don’t have much idea about it. But from what I hear, it is apparently a big deal and fetches bigger salary than most certs out there. But one can’t just simply go for CISSP there are certain pre-requisites you should look into them first.

  5. I just passed my CEH exam today. I enjoyed the class/labs and here is what I used to prepare myself for the exam. All in all it took me about a month worth of dedicated hardcore studying.

    I used the following:
    CEH v9 by Oriyano
    CEH v8 All in One by Matt Walker
    EC-Council official ilearn training course. (Didn’t meet the required infosec experience so had to purchase the class. I had some reservations about dropping that much cash but must say I fully enjoyed it and it was well worth the investment.)
    Skillset practice exams
    Cybrary Penetration testing and Ethical Hacking by Leo Dregier

    I’d say your dead on with your write up. Seemed like quite a few of the questions weren’t even in the official course material. Then again, maybe I missed it since my brain was hurting from the overload of information within a month.

    Take care,

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



We recommend always using caution when following any link

Are you sure you want to continue?