Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Certified Ethical What ???

Well yesterday I took (and passed) my EC-Council Certified Ethical Hacker exam. What can I say about this exam that’s not already be said. Well lets start at the beginning shall we.

Learning Material

On day 1 of the course you get 4 books (yes that’s not a typo) totalling about 2400 pages. The book is badly written (considering it’s version 5 of the course). For each section of the book they list in rough detail (sometimes wrong) about a large range of tools. This is just too much information, especially considering most of the tools they cover are either useless, or just not good enough to compete with the likes of NMAP or Nessus. They could condense these books down to 1 or maybe 2 by dropping the extensive tools descriptions and concentrating on whats important and then just giving a list of others. Also the books and CD’s are quite obviously produced and packed in a terrible environment (they have an office here in India so I expect that’s where) of the 8 CD’s given with the book 1 worked, as the others were scratched out of the case… same with the books for the other 2 students as well.

Course Presentation

Poor…. that’s about the only thing I can say. There are hundreds of slides for each module, which forces the tutor to skip, or just roughly comment on each at such a pace that nothing is learnt. The detail is poor, and again they need to concentrate on reducing the content to what is required and not listing everything. Too much information means you will get nothing from the course unless you say “hold on, lets read this and go through it” meaning you’ll run out of time before the end of the books. From module 22 onwards the course is Self-Study (this is shown in the slides) leaving you 4 chapters to learn yourself with no assistance from the instructor, or the book in some cases (chapters 23-26 are only slides with no text to explain) It would be ok if these were just chapters not required, but these for me were the more interesting topics.

Trainer (Koenig-solutions, India)

Well, he was pretty useless to be honest. Students had to correct him constantly, and when we came across the sections on SQL injection and Linux he wanted to skip them as he didn’t know either topic at all. This may just be a Koenig-solutions problem, but then again it may not. How can he qualify as an instructor when he doesn’t know the subject. Poor authorised tutor management.


I had a few questions for EC-Council regarding their new ECE (EC-Council Education Points) system. So I emailed them. A nice man named Haja emailed me back and told me nothing. So I emailed again, and got the same exact reply. I also emailed another email address to try and get the books in PDF format. Haja replied and told me that I can buy them online at there store. Seems like Haja (the technical director) is the only person working there. Also seems that EC-Council just like money no matter what.


Take from this what you will, but I’m betting that another 5 years people will be saying EC Who ? 

Additional: ECSA

Today I started my ECSA (I already had this booked so had no chance to cancel) so far… my views are the same as the CEH. Poorly designed course, and courseware. The book even says to do the practise in the lab book (which doesn’t exist) The EC-Council really need a proof reader and somebody to redo all this courseware into something useable.

One response to “Certified Ethical What ???

  1. Pingback: A little knowledge. Is it a dangerous thing ? « Ramblings of the anal security guy

%d bloggers like this: