The Skinny: I wanted to increase my “good guy hacking” skills and had heard good things about the Certified Ethical Hacker training from the infosec community so I decided to give it a whirl. I took the training through American National University for ~$1,500. I attended class virtually for a Monday-Saturday in December (it was 5 p.m. - 9 p.m. Monday through Friday, and then roughly 8 a.m. - 5 p.m. on Saturday).
The Good: The class format was virtual so I was able to take it from the comfort of home. The instructor, Leo Dregier, has years of experience in the infosec field and has taught the class dozens of times, so I knew I was in good hands. He started things off energetically from minute one and encouraged constant participation (either via microphone or through the chat box) throughout every session. Basically, the training felt about as personal as it could be without us all being in the same physical space.
Leo also had a very keen sense of pace as he presented the material. He would often stop at topics and poll the group to see if we were comfortable with a specific term or tool. If all the students gave the ok, Leo would spend less time on those areas so we could focus more time on the things we didn’t know to better strengthen our knowledge gaps and more efficiently prepare for the exam.
Leo also provided an overwhelmingly helpful amount of tools, tips, tricks, help sheets, links, virtual machines, flashcards, etc. This was a combination of official CEH materials as well as great nuggets he found through experience, the Internet, and other resources. By the time our training was over I felt extremely comfortable with the material and had everything I needed to start studying to pass the exam.
The Bad: The only real bad thing I can say about the training is (at no fault of the instructor) the CEH curriculum itself. It just feels a bit dated. While there is plenty of good in-depth information on understanding network layers, key reconnaissance tools and talking about hacking, when it comes to actually hacking something, the material is a bit thin. I really hoped to walk away from this training doing a bit more hands-on hacking using common methods (pivoting, privilege escalation, etc.), or at least focusing on those methods a bit more so I could fully understand how they work. One of the only real active hacking exercises involved using tools like Armitage to hack an unpatched XP box. While I realize that is a viable target to easily own in a network, I was hoping to bang on a more modern OS.
The Bottom Line: The price of the training seemed competitive, and I thought my instructor, Leo Dregier, did a great job of keeping things high-energy and interesting. As far as the material itself, it’s adequate to strengthen your understanding of networking and the various types of threats and attacks that wreak havoc in the real world. But if you are hoping to get your hands dirty and do a lot of active hacking and defending, you might be disappointed.