Alpine Security is an award-winning Accredited Training Center (ATC) for EC-Council. Our instructors have real-world experience in cybersecurity penetration testing, auditing, remediation, and cyber-defense. While we offer material from multiple authorities, one of our most sought-after certifications is the Certified Ethical Hacker (C|EH). The certification is an introduction to OFFENSIVE cybersecurity tools and techniques. As stated in the course, “the best defense is a good offense”. Knowing your offensive tools and techniques helps you learn how to defend your network from attack. C|EH is a good mirror class for the Certified Network Defender (C|ND) class that we also provide. However, let’s be honest: everyone loves the term “hacker” -- that draws in attendees for the CEH class.
EC-Council has recently announced major revisions to several of their training certification programs. The changes are meant to keep up with current technology, as well as be a leader in the Cybersecurity Certifications realm. The changes are meant to ensure that their certifications remain towards the forefront of certifications sought after by cybersecurity professionals. Of those changes, major ones were made to the C|EH certification. During the presentation of the release of C|EH v10, the President of EC-Council, (Jay Bavisi), made it clear that he wants students to obtain real application-based skills and be able to demonstrate those abilities. Will taking the C|EH make you a hacker overnight? Sadly, no. It’s not meant to do that. Only through follow-on training and experience will one be able to achieve a level of competency required to become a “white-hat” hacker. It does give you a solid foundation to launch your career, however.
What are the changes to the class and Certification? Let me start with a background:
The C|EH is the basis for the “offensive” line of training. Tools and techniques are shown to the students. Upon successful completion of a C|EH course and examination, you are given your certificate acknowledging your passing the certification. In moving forward, there was often a “fog” of what to do next. In the revamp of the C|EH (along with the other certifications), EC-Council has made a clear path towards mastery of penetration testing. In moving forward from the CEH, one can move on to the EC-Council Certified Security Analyst (ECSA) certification (which has also been revamped), and then onto the Licensed Penetration Tester (LPT). Those are topics for another time (if you are interested in learning more about the higher level LPT examination, I would highly recommend reading a comparison between the LPT and the OSCP, written by Daniel “Doc” Sewell, in our blog section).
C|EH v10 takes v9 to the next level. The C|EH v10 has included several new modules to further assist students in becoming more “offensive” oriented, rather than “defensive” and reactionary. The first change is the inclusion of a vulnerability analysis (VA) module. Instead of being included in another module, vulnerability analysis becomes its own module. This includes methodology, various tools and techniques, and ways to ensure your organization maintains a robust VA environment. The Center for Information Security (CIS) just released their v7 security controls, and Vulnerability Management was moved up into the #3 spot. By having an entire module on VA, this aligns with the importance stressed in ensuring a thorough vulnerability analysis/remediation environment.
Next, EC-Council added an entire module on Malware Analysis. While not an in-depth exploration of the topic, a methodology of how to go about doing malware analysis, and what tools to use, is now included in the C|EH curriculum. By doing some reverse engineering on these problems, students get more hands-on experience in some coding techniques.
Of the additional modules, Internet of Things (IoT) is the last module that was added. This includes some IoT topic discussion, various IoT platform attacks, and tools for attack.
EC-Council also did a revamp on the presentation of the modules, including hand-on virtual labs as part of the module training. With so much information to be presented to students in a boot-camp style format, it helps to have some of the labs done in the module itself, rather than after class in the evening.
Other changes are subtle and may not be known to students. These include having their exams be ANSI certified. Since v8, all C|EH exams meet ANSI certification requirements; v10 is no exception. Also, the course content of the C|EHv10 maps to NICE v2.0 requirements.
One other thing to mention about C|EHv10: it continues to be DoD 8570 compliant.
The biggest take-away of the changes includes an additional exam as part of the C|EH environment. Starting with v10, there is the core exam that shows a student understands the C|EH material. However, a separate exam, called the C|EHv10 Practical, is now offered as a separate exam. This exam is an “above and beyond” mastery skill exam of the C|EH. This exam is a six-hour exam which is comprised of virtual labs and questions, (all via a proctor), to ensure that the candidate has a higher understanding of the topics and techniques taught during the C|EH. By taking this exam in conjunction with the regular C|EH examination, you can show that you understand the concepts, and have working mastery, of the content of the course. This is done with the ECSAv10 as well (there is the ECSA, and the ECSA Practical).
C|EHv10 becomes available on April 1, 2018. Alpine Security trainers are equipped to provide the new training curriculum at that time. We are very excited with these overhauls and look forward to providing quality training to our students!
Frequently Asked Questions
Where does the the C|EHv10 fit in with the EC-Council Penetration Testing Track?
EC-Council divides the Penetration Testing Track into 3 sections:
The Core section starts with the C|ND. The C|ND is a good progression from the CompTIA Security+. After C|ND is the C|EH, then the C|EH Practical.
The Advanced section starts with the ECSA, then progresses to the ECSA Practical.
The Expert section starts with the L|PT, then progresses to the L|PT Master.
Alpine Security provides training for all these certifications.
Do I have to take the Practical?
No, you do not have to take the Practical. If you do not take the Practical, you will have to identify yourself as C|EH. If you pass the Practical, you can identify yourself as C|EH (Practical).
Alpine Security provides penetration testing services in addition to training, so we value people (employees, candidates, etc.) that can actually do penetration testing. Knowledge and application differ. We prefer "doers" (can use the keyboard to perform penetration tests), rather than "talkers" (can only talk about pen testing, but fear the keyboard). Because of this, we value the C|EH Practical and consider it a means to separate doers from talkers, tigers from paper tigers, etc.
How long is the C|EHv10 Practical?
The C|EHv10 Practical is a 6 hour Proctored Exam with 20 Practical Challenges. You have to score a 70% to pass.