Hey, I'm going to become a hacker. I'm going from a newb to hacker and I'm documenting that process in this series. This is actually video number one.
You need to learn, learn, learn hacking. But how am I going to do it? Well, I'm going to start with the most popular IT certification for hacking, the CEH, or the Certified Ethical Hacker. Ethical hacker?
What is that? We'll cover that here in a moment. Within this video series, I'm going to document my entire process. The first one being, will this CEH certification actually make me a hacker?
We'll see. Will it get me a job? I don't know. We'll walk through that.
And I'll show you everything, like how I approach the study process. What am I gonna be using? How long will it take me? How will I lab?
What will I do when I feel stupid, burnt out and I can't do it anymore? Well, I'll show you that too. And a huge shout out to ITProTV who's sponsoring this part of my journey.
journey. I'm actually using their CEH version 10 training is my primary learning source. So if you want to check them out and see what else they have, which is pretty much everything in the it training world, I got a link below and a code network, Chuck, you'll get 30% off everything forever. So check it out.
And throughout this process, I'll teach you what I'm learning, but just the fun stuff, not the boring stuff. Let's be honest. Every it certification has boring stuff. So I'll do my best to bring out the practical hacking knowledge that I'm gaining from the CEH study.
And just kind of consider this as, you know, you know, cliff notes for hacking should be fun, but hold up a second. Why am I becoming a hacker? Shoot?
What is a hacker and what's this whole ethical hacking thing? And this video we'll talk about that as well as everything else to do with the CEH, what it costs, how I'm approaching it. Um, is it for you? What kind of jobs can you get with this?
We'll talk about all that, but first. hacking. What is it? I don't have to explain hacking to most of you.
You know what it is. You've probably been a victim of hacking. You've had your identity stolen.
Your company has had malware. Your computer's had malware. You hear about things in the news, data breaches, all kinds of stuff.
Hackers are everywhere and you know what they are, but they're not just this. They're not just bad guys who are trying to break down the government or trying to kidnap you through the dark web. Like they're not just that.
There are bad actors. There are bad hackers out there, but there are good ones too. The bad hackers are called black hat hackers. The good hackers are called white hat hackers and are typically referred to as ethical hackers.
Now, as far as what they do, they have the same skill sets. They have the skill set through a variety of technical skills to break into your network, to break into your computer, to steal your data, to plant viruses, and they can have different skill sets. They're not all the same. You can have someone very strong in networking, someone very strong in systems, or maybe a developer, a programmer, but what's the same?
Same as they use those skills to break into your stuff, but you might be wondering, well, if they have the same skillset, then what's the difference. The difference is permission. White hat hackers or ethical hackers have it black hat does not have it. Same skillset, same goals. Just one is allowed to, and one isn't, but why in the world would a company let a hacker hack into their network?
That doesn't make any sense. Well, let me kick a scenario to here real quick. Let's say I start a company, a coffee company, the best coffee company in the world. I've got web apps. I've got servers.
I've got a network. I've got all kinds of stuff. And I put it.
in the best security in the world. I've got firewalls on firewalls, all Cisco, that new secure X thing they're talking about everything. No one can break in.
Do I actually know that? I mean, I can sit around and wait for a hacker to try to get in and then see that happen and go, yes, they couldn't get in. Or maybe they do get in and I never know about it.
You see, I'll never know how truly secure my network is or how secure my web application is or whatever I'm using. I'll never know unless I have someone test it. And that's where an ethical hacker comes in. It's a hacker that I'll hire and say, Hey, Mr. Hacker, can you come and try to break my network, please?
I think it's pretty good. I don't think you can do it, but I want you to try and let me know if you can and they'll do it. They'll go in, they'll try to break in. And if they do break in, they're not going to steal your data.
They're not going to sell on the dark web. They're not going to take all your money. What they'll do is I'll type up a nice pretty report and say, here, you might want to fix this. You might want to fix these holes I was able to get through these vulnerabilities that I was able to exploit and you'll pay them for that service.
They're often called penetration testers or pen testers, and you'll pay for a pen test. It's a very common thing in it. More. Moral of the story, be a white hat hacker. Do not be a black hat hacker.
You get to have as much fun as the black hat hackers without going to jail. It's perfect. Win, win, win.
Now there is a middle ground, another kind of hacker. It's called a gray hat hacker. As you might expect, this is kind of a gray area.
I mean, not really when you think about it, but essentially they're like a black hat hacker in that they will hack without permission. They'll break into your company without your explicit permission, but they don't have malicious intent. And that's the main difference.
And maybe like you, when you're learning how to hack, hack. You just want to test out your hacking skills. So you go and try and hack a company without permission. You don't have malicious intent, but it's still illegal.
So don't do that. There are also great hat hacks. Hackers who will hack into a company, they won't steal data, but they'll let the company know, hey, I found some vulnerabilities.
Money, please pay me. So while they don't have malicious intent, it's not exactly legal and you shouldn't exactly do that. Now, there's one type of hacker that regardless how you feel about ethics, is looked down upon.
You should never be this type of hacker script kiddies. These are basically not hackers. They are a form of hackers officially, but they're not hackers. What they'll do is they'll use legit hacking tools without understanding how they work. So you might download Kali Linux.
as a noob without knowing anything. I'm guilty of that. So I've been a script kitty.
You'll download the tool and use it without knowing what it's doing. You don't understand networking. You don't understand systems. You don't understand the security vulnerabilities you're exploiting.
You're just clicking a button. Don't be that guy. Don't be that girl. Don't be a script kitty. Understand what you're doing.
Understand the technology. That's the fun part. That's the fun part is learning how it works.
Oh, so fun. So don't, don't be that. Join me in my journey and becoming a hacker and actually understanding what you're doing. So come on, let's go.
Now there are. other types of hackers with different motivations. You have like hacktivist. These are people who like black hat hackers, hack without permission, but they have different intentions.
Like they may want to overthrow governments or overthrow companies that have bad morals in their opinion. You might be familiar with one of those groups, Anonymous. They're kind of like vigilantes, like Batman.
Like they're heroes. They're doing good things, but they're not legal. Like if they got caught, they would go to jail, but we often root for them. Then you also have terrorist who legit use their skills like any- any other terrorist would, you might have state sponsored hackers, meaning they might work for a government and they are using their skills to overthrow other governments or infiltrate other governments to spy on other governments. So it's all about your motivation.
Why are you doing it? And I can only condone one, one particular type of hacking. That's white hat hacking, ethical hacking.
It's what I'm becoming. It's what you should become avoid the rest. All right, now let's talk about the CEH the certified ethical hacker certification. It's put on by the EC council. That's who runs this thing.
And, um, it's This seems to be an intense certification. I love their tagline to beat a hacker. You must think like a hacker corny, but I like it.
And one of the reasons that the CEH is so popular is that it's a DOD 85, 70 and the new one, 81, 24 compliant. What does that mean? It means if you want to work for the government and cybersecurity or be a contractor in cybersecurity for the government, you have to meet that DOD 85, 70 standard. And the CEH is one of the certifications that will allow you to meet that standard.
So you get the certification. You're good. But beyond that, I've got I got a huge beef with the CEH and that's the barrier to entry. Not just anyone can walk in off the street and take this exam before they'll even take your money and allow you to take the exam.
You have to have at least two years of it security experience and you have to verify that like you have to actually apply for it. You have to prove that you've worked in it security for two years and you have to submit an application that costs a hundred bucks nonrefundable and doesn't go towards any other cost. Just a hundred bucks.
You don't get it back. And if you're not qualified, then that was it. It's crazy. Now there is another option.
Option two, you can pay for their course, which at the time of this video is around $850, which I know ain't cheap. And as long as you verify that you've gone through the courseware, whether it's in person, online, self-paced, they'll allow you then to pay for the exam. But boy.
That exam is expensive. My second beef with this exam. While other certifications maybe will go for around $350, $400. I mean, IT certification exams aren't cheap, but this one makes it a bit laughable. If you want to go through Pearson VUE.
it costs $1,199. That's $1,199 for the exam. No training material. Now you can schedule it through them, through the EC council, and it's actually only $950. Only $950.
But wow, that's expensive. So I really hope I pass the first time. I hope you pass the first time or your company's paying for it. Either way, it's crazy, right?
But even with that price tag, it's still one of the most popular hacking certifications out there, which is why I felt I needed to go down this path and at least explore this particular certification. See if it actually does make me a hacker. Does it give me the skills I need to maybe apply for a job and I'll actually get it?
Or will I actually have the hacking skills to do hacking? Like let's find that. that out.
Now, I didn't make this very clear, but it's an or situation or have IT experience or pay for their course and then pay for the exam, Pearson VUE or through the EC Council. Now, real quick, there are two CEH certifications, which makes things a little bit confusing, but there is another one called the CEH Practical. And actually, here's a great chart. Apparently, you're supposed to take the C and D first, the Certified Network Defender. I'm going to skip that.
I know networking. What we've been talking about so far is the CEH, the base, and it's actually referred to as the CEH. C E H Hansi.
And the main difference between the practical is that this is more, more theory, more of why are we hacking? How are we hacking? How does it work? And there's practical stuff involved.
Like when you take the exam, there will be scenarios, practical scenarios, but in the practical exam itself is as you would expect much more practical. You basically get 20 scenarios where it's, it's real hacking. They give you a situation where you have to hack and demonstrate your skills. The prerequisite for this exam is that you have the C H anti. If you don't have that, then you are not taking that exam.
Now, No, that's all I'm going to say about that one. I might go for it. I might not.
I don't know. We'll, we'll cross that bridge when we get there, but let's get back to the CEH, which is now at version 10. Now, real quick, let's answer the question. Are you ready for the CEH?
Meaning do you have enough experience? Because they want you to have two years of IT security experience before even attempting it. That assumes that you have some knowledge before you attempt it, but what do you really need to know?
Well, ITProTV covers that pretty well. And who is CEHB10 targeted towards? CEH is targeted toward the person who's been in the business a little while.
They've probably worked as an administrator in some way, shape, or form, either in systems or networks or both. Maybe done a little bit of DevOps kind of thing, but you do need to have a foundational knowledge of networks and systems, ranging from Microsoft through Linux, Apple, mobile platforms as well. You don't want to come in this cold turkey.
People have done it, but they don't really recommend that because of how much knowledge they assume that you'll have going into this exam. But I'll sum it up here. You'll want networking.
You'll want basic security knowledge, basic sysadmin knowledge. This includes both Linux and Windows, and then even scripting and programming. Now, do you have to be an expert in all these things before you can even attempt the CEH? No.
Now, I would say if you got the A+, Network+, maybe CCNA. You've dabbled in Python, you've messed with Linux, you're probably going to be okay. But just know, if you come in cold, without any previous IT experience, you might have a rough time. You might have situations where you're studying and you have to go, okay, time to put this down. I need to go study some networking real quick because I don't know what they're talking about.
So I wouldn't consider this an entry-level certification, more intermediate, assuming that you have some previous IT experience. All right, now for the fun stuff. How am I going to study for this? What am I using? What's my approach?
Let's cover that. Let's start with the tools first. If you've watched my channel before, you know I always say you need a great video series, a great book, and a great lab to tackle anything in IT.
Trust me, it works. For video, I'm using ITProTV and their CEH version 10 training. I've got it open right here.
So far, I've been fantastic. And they cover everything you need to know for the CEH. And by the way, they cover all other courses as well. So check them out.
Link below. For the book, I'm using, well, it's a CEH book. And it's got a long title. So I'm just going to put CEH book here.
But I'll show you real quick. And I got a link below for this. The CEH Certified Ethical Hacker All-in-One Exam Guide 4th Edition.
I'm using this. You can buy it on Amazon. I've got a link below.
Or you can do what I do, and I use O'Reilly, which is a subscription service that gives you access to every IT book under the sun, which is fantastic. I've got affiliate links below. Affiliate, what does that mean?
It means that it doesn't cost you anything extra, but if you use my link, it does give me a small little kickback and help support this channel. Anyways, now for the lab, the most important part of any IT certification. What am I using? I will also be using... ITProTV.
They do have fantastic labs. Let me show you real quick. Here at my dashboard, I can jump on over to virtual labs and they have labs for everything as you can see. But then here we have CEH, which is what I want to see.
And Ethical Hacker version 10 labs. And look at all these beautiful labs. So let's say for example, I wanted to jump in and do the footprinting and reconnaissance lab.
I'll launch my lab module. I'll give you a feel for what it kind of looks like. And just within a few seconds, I've got this entire lab I can play with like that. I've got a Windows domain controller. I've got a Windows 7 machine, another Windows server joined to that domain controller, another Windows 7 machine.
And then I even have a Linux machine, which I believe is running Kali Linux. And anytime you want, you just launch these labs and you have access to all these machines and you can play around. Sure, you can build your own lab. That's great.
I encourage you to do that. But I love situations where they remove all barriers to you learning. It's easy to let a simple issue as building a lab get in the way of learning. If you can just launch something. and be off to the races, straight to learning, do that.
And I'll launch the Kali Linux server real quick to show you what it looks like. It's the Plab KServer01, let's do that. Power on.
And bam, just like that, I've got Kali Linux, no sweat. And they give you a lab to walk through, which is really cool. And then for bonus, if you have access to something like a practice exam, that's always good to have to test where you are and how well you're doing with the study material.
I will be using one, and as you might expect, it's going to be through, any guesses? IT Pro TV. Because they do have Kaplan practice exams built in.
I'll show you real quick. If I were to jump into my course here, launch practice test. Bam, that easy.
In fact, while we're here, let's do a quick exam test. Let's see what you got. Which preliminary activity differentiates a penetration test performed by a white hat hacker and a gray hat hacker? Put your answer below. So you know what I'm using.
Now, what's my plan? How do I plan to tackle this sucker? I plan to complete this within 12 weeks.
At the most, 15 weeks. And I'll be making a video showing only the fun stuff every week. Real quick, let's look at the exam objectives to show you what's coming up. If I go to course outline on the CEH, which aligns to the exam, we got 20 modules basically, and I plan to try and tackle two modules each week, which normally would amount to, you know, 10 weeks. But I fully understand that some modules might be huge, like system hacking could be massive.
Evading IDS firewalls and honeypots could be huge. Hacking web applications. So I'm giving myself enough time, but I'm super excited for pretty much all of these. especially cloud computing stuff and hacking wireless is always fun. Let me know below what you're most excited to see.
I'm curious. All right. So these are my tools.
This is my plan. And I'll document the entire process. Everything from how I take my notes to the flashcards I use, which will be Anki spaced repetition.
And I'll be using my good old Pomodoro method for my study sessions. Now, the last thing I want to cover real quick is jobs. What about jobs?
Are there security jobs, pen testing jobs, looking for people that have the CEH certification? Let's go take a look. Let's hop on indeed.com real quick.
I'll search in Dallas, Texas, and I'll just search for CEH to see what comes up. And bam, we've got 51 jobs, all looking for people that have the CEH certification. Got some forensic stuff for the government, information security specialist, associate cybersecurity DevSecOps engineer.
That one sounds really cool. Let's look at that one real quick. Very DevOps heavy. DevSecOps is such a cool name, right? Because you know it's going to be automation.
And it seems to be cloud focused as well. It'll be the technical liaison between the enterprise security architect and the engineering teams. What are the requirements?
They want a bachelor's degree, but, you know, everyone does. I wouldn't focus too much on that. Zero to two years experience in security or just IT in general. Not too shabby.
And then they want you to have AWS and or Azure experience, especially implementing security controls. Man, what a cool, what a cool job. Oh, my gosh.
And, of course, they want you to have any one of these certifications down here. Some of these I'm going to be going for, like the OSCP. And then here's CH and then look, G pin CISSP. And that's cool.
I mean, these are jobs that, you know, aren't necessarily pen testing jobs, not really a job that'll hire you to hack somebody. This is a job where you have hacking knowledge and you're helping the company stay secure. You're implementing policies that have to do with the cloud and automation and dev ops.
How fun is that? Oh my gosh. So, Hey, do you want to join me?
Do you want to either just watch me become a hacker or maybe you want to come along and try to become a hacker as well? I think that last job thing we just saw demonstrates that, you know, Learning hacking doesn't mean you're going to become a hacker. Maybe just means that you help companies stay secure.
It might just be a, an asset to whatever job role you're in, whether you're a network engineer, a systems admin or whatever. That's really cool. So if you want to join me, hit that subscribe button, hit that like button, hit that notification bell.
And if you want to get started in it or accelerate your career, check out it pro TV below. Again, they're sponsoring my, my journey. They're sponsoring this video as well as this whole series. So huge shout out to them. You get 30% off with my link below or the code network, Chuck.
Ooh, that's all I got. Yeah, that's it. I'll catch you guys later.