I find myself debating on going after the CEH after watching some further podcasts about it – apparently it’s only good if you need a specific DoD requirement met for employment – either that or you’re really just getting started on the red team side and don’t know where to go.
I recently discovered tryhackme.com and I’ve been doing down a rabbit hole there (you can see my progress via: https://tryhackme.com/p/Stubbs.Mcgee) and I didn’t know nearly as much as I thought I did – well about the red team side of things anyway. But, I’ve been going through the Complete Beginner path and I’ve gotten ~80% through as of right now with a 24 day streak.
So far, the highlights of path have been:
- a good intro to Metasploit Framework
- using hash cracking tools like John the Ripper
- an introduction to network exploitation
- an intro to web exploitation
- the basics of cryptography
- exploiting windows using MSF
I started out with the free rooms, but after the first few I hit a pay wall – but a 1 year subscription is only $90 – so I went ahead and signed up – and haven’t regretted it.
The environment is pretty awesome, with a paid subscription you get access to a VM attack box that runs in your browser window – if you don’t want to use it (or are using the free rooms) you can connect via OpenVPN to THM’s network and use your own OS (I would definitely recommend a Kali box).
Currently I’m going through a modules on Shells and Privilege Escalation – primarily in Linux. So far it looks like a revisit to a lot of things that were touched on in prior modules.
After the module on Shells and Privilege Escalation, there’s a module on Basic Computer Exploitation – the last module in the path and it looks like a practical test of previously developed skills.
After completing the path there’s apparently a certificate of completion which is cool.
There are other paths and a lot of other rooms that are available go through and it looks like this is some great prep work for the CEH/OSCP exams.
I’m debating on doing some write-ups for the exercises, but there are a bunch that are already available online so I’m working on a different spin, so we’ll see what happens.