It all started a few months after passing the CEH. I received an email from the EC-Council, once again congratulating me on my achievement. They informed me that due to my high score (91%) on the CEH Ansi exam, I was being gifted a voucher for the CEH (Practical) exam. As the discount was significant, and the Practical voucher was way cheaper than the “classic” exam, I’ve decided to take a risk and to try to pass the CEH Practical.
On October 6, 2021, I successfully passed the CEH Practical exam. And now, I am excited to share my review of the CEH Practical with you.
This article was updated on May 14, 2023. I recently passed the OSCP, and I’ve decided to compare both certificates. Keep reading to find the comparison between OSCP and CEH Practical.
Table of Contents
Everyone having enough dedication and being patient enough has a chance to achieve anything. However, it’s crucial to understand your potential and decide if you’re willing to put in the effort to gain the necessary experience. If you’re new to cybersecurity, it might be beneficial to establish a solid foundation in IT before attempting the CEH (Practical) exam.
In this article, I’ll be sharing my personal experience with the CEH Practical, providing you with resources to help you prepare for the exam. However, please note that my tips and references may or may not be sufficient for you to pass the CEH Practical. Since everyone has different skills, experiences, and IT backgrounds, there is no magic book or course that guarantees success.
To give you an idea of what technical knowledge I had before the exam, here are some facts about me until October 2021.
- I am graduate of Vilnius University where, during the IT studies, I gained pretty strong basics of many IT areas (programming, networking, cybersecurity, etc.)
- At the time I passed the CEH Practical, I was working as a penetration tester, and I had more than 2 years of experience working as a QA engineer, and as a penetration tester.
- I held CompTIA Security+, and CEH certificates.
- During the last 2+ years before the date, I spend a lot of my free time learning various cybersecurity topics.
- I participated in an international cyber exercise organized by the military
As I had different experiences in IT areas, I am familiar with a variety of different things. Even though the background helped me to prepare for the exam more easily, the great news is that even if you do have less experience than me, with enough effort, you will be able to pass the CEH Practical.
Why Do People Take the CEH Practical Exam?
It is true that there are different cyber security exams. Most of the exams cover similar cyber security areas and focuses on the standard examining approach. However, there are fewer practical exams, that require solving actual tasks. CEH Practical is one of those exams that test your abilities. Let’s discuss the reasons why people decide to take the exam:
- EC-Council is a well-known name. Although its reputation has recently deteriorated.
- The exam is often offered at a discounted price, either through discounts available after passing the CEH Ansi or through scholarships announced by EC-Council from time to time.
- Loosely speaking, it can be considered as a simplified version of OSCP, making it a great practice before before attempting more challenging certifications.
The Actual Exam
After a brief introduction, let’s continue with the actual CEH Practical review.
As far as I know, the only way to take the CEH Practical is with a proctor. I couldn’t find an option to take the exam at a Pearson center or any other physical location like the CEH Ansi. But honestly, if there had been such an option, I would have chosen it, even if it meant paying more. Even though the thought of taking the exam from my home, having the camera on, was daunting at first, after I taking the exam I realized there is nothing to worry about.
Everything starting from scheduling the exam on the ProctorU platform. After I found and booked time for my exam, I had a chance to test my hardware by visiting a test page of the Exam Specialists platform. My hardware passed every test (microphone, camera, OS, bandwidth), except the Port test. I am not sure what it is about, but I can guess that it checks if you have LAN cable connected. As I used the WiFi, I did not received the “Check” for the test. However, it wasn’t mentioned that there was any problem with it (I didn’t get an “X” either).
After the exam day came, I connected to the same website I used for scheduling the exam and started the exam. I had to download the required software and I had to launch it on my computer. I used Windows for the exam, even though I am usually a Linux user (but I have dual boot on my personal laptop). Shortly after making the necessary steps proctor connected and explained other steps for starting the exam. After the initial greeting, we decided to talk on the chat, and not by voice. This was easier for me personally to understand the rules.
One of the initial requests from the proctor was to rotate my camera and show them my room. Since there was nothing suspicious in my room (I had cleared it out the day before the exam), we moved on to the identity verification step. I had to show my ID to the camera.
Once that was completed, the exam officially began. I gained access to the environment and started working on the tasks. Unfortunately, this is where I have to stop sharing my story, as revealing any information about the actual exam would go against the rules.
How hard was the exam?
I would say that it was not very hard. It is true that it takes some effort to finish it, as there are 20 tasks and it takes time to solve all of them. But these tasks are not hard – if you have the knowledge and skills, you will manage to finish them.
It took me 4 hours to finish all of them. And I passed with a score of 18/20.
How You Can Get Ready for the CEH Practical Exam?
There are a few tips I can give you that will help you to pass the CEH Practical:
- Get familiar with the exam and exam taking procedures – start by reading the official page. Understand what type of exam is this, and what to expect from it.
- Do thorough online research – from CEH Practical success stories to failure stories. One of my top pieces of advice would be to spend a significant amount of time on the CEH subreddit. Search for the CEH Practical topics, filter by the ones having highest rating, and note every single advice you will find. You will have a lot of information that will give you clues of how should you prepare. But have critical thinking mode on, and don’t trust everything you read there.
- If you can afford it – consider buying iLabs – this is something I came across many times while I was making my research about the exam. Having access to iLabs and completing all the exercises on the platform will prepare you for the actual exam. Even if you only read the official Ethical Hacking and Countermeasures Lab Manual that comes with iLabs, it will provide you with a solid foundation of knowledge for the exam.
- Practice on vulnerable apps – theoretical knowledge would not help in this exam. You should try everything you learn. For this purpose I recommend you creating Parrot OS on Virtualbox, spinning some vulnerable app, and trying different tools of the Parrot OS.
- TryHackMe is a valuable resource – it has plenty of free rooms that will teach you how to use Nmap, Metasploit, Wireshark, John the Ripper, Hydra, Wpscan, steganography tools, and all the other tools that are needed for a penetration tester and someone willing to pass the CEH Practical exam. You can easily find the specific rooms on the TryHackMe platform. And then there are rooms that requires to combine the knowledge of various tools: Pickle Rick, Brooklyn Nine Nine, Anthem, Agent Sudo CTF, Kenobi, Avengers, etc. These are my favourites, I even wrote walkthroughs explaining them (Pickle Rick, Kenobi, Vulnversity, Brooklyn Nine Nine). But again, these are just examples, there are many many more. There is no recipe that if you solved X and X rooms, you will gain all the knowledge. Feel free to explore different rooms.
While it’s important to gain the knowledge and skills necessary for the exam, don’t forget to take care of the technical stuff too.
- Check your hardware. For the proctored session, you will have to install the software that will allow the proctor to monitor your machine. Make sure you will be able to run this software, also make sure you have a webcam and microphone as they will have to remain turned on during the whole exam. You can find more rules on taking the exam remotely on the official page.
- Make sure there is nothing in your room that is banned according to the exam taking rules. You can’t use external screens, there should be no additional devices, no secrets iPads on the walls. And again, refer to the official website for the complete list of rules. You will be asked to rotate your camera and show your room, so make sure you got the room ready so that you won’t have to get stressed if proctor asks to remove this or that from the room.
- If you will be taking the exam from home – warn your family that you will be taking an exam during specific time. There is nothing worse than getting the exam suspend after someone walks in the room.
CEH Practical vs OSCP
Before making the final decision if you should take CEH Practical or OSCP, you should understand the key differences between them.
|Experience requirements||Test length||Validity||Price|
|CEH Practical||None||6 hours||3 years||550 USD (but if you are lucky to get the discount it is 100 USD)|
|OSCP||None||24 hours hands-on exam + 24 hours to submit the report||Does not expire||Starting at 1599 USD (90 days lab access)|
Even though both of the exams are hands-on and requires practical skills to pass, OSCP is way harder than the CEH Practical. Offensive security is known for its rigorous exams, and even though CEH Practical is not that easy and requires knowledge and skills, OSCP is in another category. Another EC-Council exam, LPT (Master), might be an alternative to OSCP. I am not familiar with this exam, but there is a review of someone having both certificates, LPT and OSCP.
On platforms like Reddit and various forums, you may frequently come across statements referring to the CEH Practical as a relatively easier alternative to the OSCP.
And indeed, this holds true. However, I want to emphasize the term “easier.” Compared to the OSCP, the CEH Practical is a walk in the park. As long as you carefully read through the official CEH Practical PDF, you should be well-prepared. There shouldn’t be any surprises awaiting you during the exam.
However, when it comes to the OSCP, things are not as straightforward. Even though the solution may be simple, the path to it is often winding. This is because OffSec, through their lab materials, trains you to “try harder.” If you have learned a concept during their course, you shouldn’t anticipate it to be straightforward in the exam. While you might encounter the same vulnerability, the technical exploitation approach may vary. That’s why it’s essential to grasp the general concept but not expect the same exploit to work in every situation.
You will pass the Practical exam if you will put enough effort into learning tools and methodologies covered in the official material. But with the OSCP it is harder than that. It requires thinking out of the box. You must know how to use tools, understand the hacking concepts, and where to focus as otherwise you will waste a lot of time on rabbit holes. And the fact that the time frame for solving the OSCP tasks is 4 times bigger than the Practical’s, speaks for itself.
However, the OSCP costs more, unless you are lucky to get the voucher.
Are CEH Exams Prestigious?
Is the CEH Practical worth it?
It is true that EC-Council once in a while gets criticism from the community. And there are reasons behind this criticism. Recently there were a few incidents – plagiarism by EC-Council, and sexism in their advertisements. And sadly there were similar cases in the past.
So, how about the worth of the EC-Council certificates?
Apparently, it seems that these exams are very disliked by the cyber security community. And often, discussions on social media about the certificates involve stigmatizing CEH.
I am personally annoyed by the public opinion about the CEH Ansi, and the EC-Council as an organization. It receives so much hate, that you might even want to hide the fact that you have the CEH certificate. There are even stories that having a certificate will lower your chances of getting a job.
No matter how CEH and CEH Practical exams are perceived, it still requires effort to pass them. It requires spending months preparing for the exam and spending a significant amount of money on it. And in the end, being looked down for holding it does not seem to be fair.
Also, CEH is approved by DoD, so it does hold value. But what is worth noticing, that CEH Practical is another exam and it is not on the DoD list.
Talking about the CEH Practical, one of the thing about this exam is that there are no CEH practical dumps (the term “exam dumps” refers to questions and answers of the actual exam. Using dumps is illegal and can get your certificate suspend).
It means that if you want to pass it, you should really know what you are doing. Memorizing the answers is not an option, as there is nothing to memorize – either you can solve the given task, or not. This gives the exam extra value as the main argument against CEH, that you can memorize terms and tools, and you will pass, is not valid for the Practical.
So, in conclusion:
- CEH Practical is a hands-on (not theoretical exam), so if you want to be a penetration tester it might be your first step.
- Practical is cheapier than the CEH Ansi – discounted it costs 100 USD.
- It is not a walk in the park, so you still have to put effort into preparing for it.
If you can afford to take CEH Practical – do it. You never know what doors it might open for you down the line. Now, if you ask me about the CEH Ansi, I’d say it’s not really worth it. You have to learn a bunch of tools and stuff that are outdated and not even used anymore.
The CEH Practical is actually an interesting exam that you’ll enjoy taking. And if your next step is OSCP, it’s a great way to practice.
I hope that sharing my experience with the CEH Practical will be useful to you.
Highly passionate about cyber security (penetration testing, bug bounty hunting, cybersecurity in general), and blogging. I am experienced in vulnerability assessments, penetration testing, various security audits, had worked with various clients, most of them were in finance sector.
CompTIA Security+, CEH, CEH Practical, CEH Master, and OSCP certified.