I’ve just passed the CEH exam today and would like to share some possibly useful info.
What is CEH? Is it difficult?
CEH is the Certified Ethical Hacker exam by EC-Council. It’s a rather theoretical exam than practical, at least compared to pentest+ and OSCP. The exam covers a wide range of topics but each topic is not so difficult.
You need to answer 125 questions within 4 hours, but since each question is fairly simple, you actually need only 2 hours or so. The passing threshold varies but it’s generally from 70% to 80%.
How I studied
I read the official textbook by EC-Council, ‘Ethical Hacking and Countermeasures versions 11’. It’s a 2000 page long book and kinda intimidating, but the actual content is in the first half. I skimmed through the book and then took two unofficial mock tests.
The expected study time highly depends on your knowledge and background. I only studied for about 35 hours for the exam, but I’ve got a cyber security degree and hands-on experience in hacking.
Do I recommend CEH?
To be 100% honest, no. It’s too expensive for what it offers in my opinion. I only took it because my university gave me a voucher. If you don’t have required work experience or a voucher, you gotta pay more than $2000 for the mandatory official training programs. And even after you pass the exam, you need to pay annual fees for keeping the cert valid.
However, it’s true that some companies value CEH. So it utilmately boils down to what your (potential) employers think. Also the name of the cert is fancy. I mean CERTIFIED ETHICAL HACKER. Good enough to impress your family innit?