How to become a Certified Ethical Hacker (CEH)

The Certified Ethical Hacker is one of the most popular information security certifications. It verifies knowledge of tools and techniques used by malicious hackers, and it has become a foundation for careers in pentesting, vulnerability testing and other technical areas. Join Infosec instructor and cybersecurity professional Keatron Evans as he discusses, topics covered by the CEH, how the CEH can progress your infosec career, ethical hacking questions from viewers and more.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

  • Transcript
    • Chris Sienko: Welcome to another episode of Cyber Speak with InfoSec, the weekly podcast where industry and thought leaders share their knowledge and experiences in order to help us all stay one step ahead of the bad guys. Today’s episode is a webinar released on February 28th of 2019. Our instructor is InfoSec instructor and cyber security professional, Keatron Evans. The title is How to Become a Certified Ethical Hacker.

      Certified Ethical Hacker, or CEH, is one of the most popular information security certifications. It verifies knowledge of tools and techniques used by malicious hackers, and it has become a foundation for careers in pen-testing, vulnerability testing, and other technical areas. During the course of this webinar, Keatron will answer some of the most pressing questions about the CEH including what topics are covered on the CEH and how can the CEH progress your InfoSec career, as well as answering ethical hacking questions from viewers.

      Note that in the original webinar, there is a 15-minute demonstration of a man-in-the-middle attack by Keatron. Because the visuals are important to comprehension, we’ve removed it from the audio podcast. If you’d like to see the demonstration as a stand-alone video, please click the link in the description of this episode. Now, settle in and enjoy this 45-minute episode, How to Become a Certified Ethical Hacker by Keatron Evans with moderator Camille Dupuis.

      Camille DuPuis: Keatron, you want to tell us a little bit about how you got started in ethical hacking and what that looks like?

      Keatron Evans: Yeah, absolutely. Thank you so much, Camille. For me, it started as a just curiosity thing. I didn’t have I guess a planned trajectory to ever be doing security. Literally, I was in a class in high school called diversified technology in Akron, Mississippi, so shout outs to Mississippi there. It was a class, there was one computer. Out of us, I think 15 or so students that were in that class, everybody else wanted to do robotics and all these other things. I was the only one that really … Well, me and a partner that I partnered with was the only two people that showed any real interest in the computer technology. At that point, it was just Dos. That’s all there was, no Windows or nothing like that. That was kind of my start into it.

      After that, once I got into college, I was interested in this thing that was starting called the Internet or the Web, as we used to call it back then. I got connected to some bulletin boards, started asking questions about how to navigate systems. Got into some systems I wasn’t supposed to be into accidentally. That amazed me, once I saw the network that I had stumbled into. It amazed me that I was able to get there. Of course, as a kid, the natural curiosity was, “Well, hm, I wonder how many other places I could get to.” That was what started my trajectory.

      Now, it wasn’t until well after college I actually in 2000 or 2001, the founder of InfoSec and I met up and became friends. We started working on some stuff together, and that’s really when I realized this could actually be a career, something I’d done as a hobby for years. I’d just actually switched gears right then and turned it into a career, just started to be a little more focused with it. My background was mostly networking. I built small networks, big networks, routing, switching, learned about Microsoft, got my MCSC, learned about [inaudible 00:03:39]. Just a traditional IT arc, but I turned it into security really early.

      Camille: Very cool. Definitely great person to have with us joining today and kind an expert in the field really. You actually teach Certified Ethical Hacking as a course. You want to tell us a little bit about why someone else could earn this and what they could do with the Certified Ethical Hacking certification?

      Keatron: Yeah, sure. One thing that I’ve always found to be really interesting, I took my first Ethical Hacking course from Jack actually. One of the things that I took away from that is at the time, there was really not many people doing anything related to ethical hacking. The people that were in that class were real heavy-hitters. They were really, really deeply involved in it, and I learned so much from just the people that were in the class because we’d hang around after class. People would show different hacks and attacks that they were working on.

      Just the networking, I got involved in being an expert witness from that class. I’d never even heard of that. I didn’t know what that was. I got involved in that because there was one guy that was an expert witness on child exploitation stuff, so he pulled me into that. Just from that one interaction, that one class, it literally had so much to do with how my career shaped from that point on because, for one, I got a taste of other things that weren’t ethical hacking but were direct spinoffs of ethical hacking, or at least that knowledge base. I think it’s a great place to start your career in cyber security because of the fact that it touches on so many different things that are related to so many different job roles.

      Camille: Keatron, can you tell us a little bit about if someone did take this course what would they learn in it?

      Keatron: They would learn basic things about how systems are discovered, right, because that’s a big part of it. You could have a system that’s connected to the internet and it’s not secure, but as an attacker you still have to find that system. If I’m looking for Camille’s web server, how do I find that web server amongst the billions and billions of other web servers that are out there on the internet. One thing you learn and one of the first things you’ll learn is how to do reconnaissance. How do we find a target stuff that’s out there? Even when we do things to mask it and hide it, we spend about a day just learning how to discover and find targets, devices out there on the internet. That would be like a first-day type thing.

      You’ll also learn how to, once you find those devices, how do we enumerate them? In other words, how do we scan them in a way and finding information, find vulnerabilities without the victim knowing that we’re scanning them? In other words, we learn reconnaissance, but then we also learn stealthy reconnaissance so we can do it in a way that’s not going to trigger alarms, not going to send off IDCs. We get into all kinds of evasion stuff and things like that. Then we finally get to eventually, now that we’ve find out what this device is, let’s say Camille’s running a Microsoft IS web server version 8.5, we then go and research and find vulnerabilities specifically related to that web server. Then we try to exploit it with known exploits out there, or in some classes we’ll craft and author exploits if there’s budget in the engagement for that.

      After we’ve learned how to exploit systems, we spend a considerable amount of time learning how to give yourself what we call persistent access, which is a big thing for APPs. They want persistent access. They want to be in, but they want to stay in. If you look at all of threat hunting documentation out there, you’ve got average dwell times of 18 months to two years of how long the threat actors just hang around inside the environment before they’re discovered. We get into some techniques for that where it’s nearly impossible for them to get you all the way out. Then we end it kind of with getting into web application stuff and track covering, how do you cover up the evidence that you were ever there in the first place.

      Camille: Sure. That always surprises me just to hear that statistic on just how long sometimes these people lurk in these systems waiting to make that attack. That’s always scary and interesting. Moving on, if you think about this in the career point of view, what can you do with it and talk about the career path a little bit, where you start out and where the ultimate goal is for a lot of individuals with this certification.

      Keatron: Yeah. Basically, I’ve done so many of these charts where I’ve written articles and published things on career trajectories, how to get from this point to that point. To be honest with you, if you look at the screen that we have now, Certified Ethical Hacker is a good place to start for any of these roles. Going all the way across from the entry at the top there, if you look at Cyber Security Technician, that could mean a lot of different things. Definitely having CEH or Ethical Hacker-level knowledge will enhance your ability there and what you’re actually doing there. From a pen-tester standpoint, this is the entry level into pen testing. If you were to be hired as a senior pen tester, an organization would expect you to know how to do all the CEH themed objectives. All the stuff that I just named, reconnaissance, vulnerability [inaudible 00:09:35], exploitation, track covering, you would be expected to be able to perform those things as an entry-level or as a senior-level pen-tester.

      Entry level would be learning how to do those things, and that’s where CEH sits in the middle and sets you up perfectly for that. Even the advanced things, our classes are pretty dynamic in that we can shape them around the groups that we have. For example, if I’m teaching an ethical hacker class and everyone in the class has 10 years experience pen testing, that’s going to be delivered very differently than if it’s a class of 10 people that had never heard of pen testing before they got there that week. We’re very flexible and dynamic in how we deliver it. We do get into exploit writing and stuff like that. I’ve done that in just the CEH class because the audience demanded it. They were at a level that they could get that, so were able to shift gears and give them more advanced things to do. That leads you to the more advanced types of roles there.

      Even for people like CISOs, security managers, we encourage them to jump into this class a well because, again, you’re a more effective manager of security people, specifically technical security people, if you have some understanding of what it is they’re doing. I think that’s one of the challenges for a lot of CISOs is they just have to push stuff downstream and assume that the people they have in those positions know what the heck is going on. I think it’s a great idea every once in a while for the CISOs to just step back, jump in a class like this. CEH is kind of a good view of the technical and the policy stuff because we touch on some of that as well. Just sit in there for five days, suck up what you can so that you have an idea of what your technical people are doing.

      Camille: As we move on here, I know everyone’s excited to see Keatron’s hack demo, and we’ll get to that in just a moment. Wanted to remind everyone that we will be saving some time for questions. Feel free to start submitting those, and we’ll be reviewing those. If you were going to do Certified Ethical Hacker as a bootcamp, real quick, just Keatron can you run through a typical day of what you’d be doing?

      Keatron: Yeah. Generally, what we do is we start each day off with a recap of the previous day. Let’s just say it’s Tuesday. We’ll do a quick recap of all the things we covered on Monday. I will also do a walk-through of Monday’s CTF, the afternoon capture-the-flag exercise. I don’t give the answers that night. What I do is I give them the night to think about it, try to figure it out on your own. Then the very next morning, one of the first things I do is I say, all right, here’s my solution. I walk through how I would solve that CTF. That’s usually how the days star. Start off on a high point of doing some demonstrations and stuff like that.

      Then we get into whatever the topic happens to be for that part of the morning. Generally, my schedule is I’ll lecture for about 45 minutes, sometimes an hour on a topic. Follow that with a little bit of demonstration to drive home what we just discussed. Then I’ll turn it around and hand it to the students and say, all right now, take a look at lab six. Lab six is basically what I just demonstrated, so now I’m going to give you an hour, 45 minutes, or however long we assign for that lab, to see if you can reproduce what I just showed you. That’s pretty much the best learning method for content like this. Watching me do it is great, but if you can’t sit down to the keyboard and do it yourselves, you didn’t really learn it. We drive that point home with this class specifically.

      Camille: Speaking of the hands-on work, you have offered to show us something from the realm of ethical hacking. What I’m going to do is I’m going to launch a poll know so the audience can vote on what they’d like to see you perform in today’s presentation. As I open this poll, Keatron, do you want to just real briefly touch on what each of these options would be showing today?

      Keatron: Sure. The identifying targets via DNS would just be me going out to the internet, using DNS recon and some other stuff to find targets based on us picking a specific organization or whatever the case may be. It’ll just show you we would find the targets out there on the internet. Two is basically where I do a walk-through scenario of why you should never use public wifi. I show how using a very slick man-in-the-middle attack, you can be compromised just by going to Starbucks or going to a hotel wifi or any wifi that you don’t control completely, you could very easily get compromised. A lot of executes actually get compromised that way. That one’s a little more involved, but that’s what I demonstrate in that particular attack. Then the vulnerability [inaudible 00:14:52] exploitation, we scan a bot, find vulnerabilities in it, and then we exploit those vulnerabilities based on what we find in the scan to take control of that machine. That’s pretty much what they break down to.

      Camille: We are at by just about a vote, it looks like man-in-the-middle attack is what you’re going to be showing us today, so taking a look at that public wifi usage.

      Keatron: This is literally one of the classic labs that I walk students through in I think day three, yeah, day three of the ethical hacking course. This is a lab that I walk them through, teach them how to do this, make them do it a few times so that they’re sure they’ve got the steps down. Then we dive into the technology and why it works and that type of thing. That’s why you don’t ever use public wifi. You always use wifi or use internet that you control. If you’re traveling or something like that, you just want to use your phone, tether your phone to your laptop or something of that nature because using public wifi, this could very easily happen to you. Again, VPNs don’t help you. VPNs only give you confidentiality. VPNs don’t stop you from getting exploited if you hit a malicious site that’s got browser zero-days in it.

      The solution here is simple. Don’t use public wifi if you have an option, and if you’re an important enough employee to be using VPNs that frequently, then you should be able to get approval for them to pay for broadband or something for you on your mobile device. You can even get it inside your mobile device as well, but that’s how you would mitigate that. There’s other things that would keep this from happening on your corporate network. Remember, attackers won’t stop attacking you when you go to get off your corporate network. You go to these public places. That’s where you’re more vulnerable.

      Camille: Well, thank you, Keatron, and if I get blamed for any hacking here, I’m turning it on you. That was just a really great way to see how it’s not simple but in essence, if there’s bad guys out there that want to do something to you, it’s not too hard to find. Thank you for that demo. I know everyone is enjoying that, and we’re getting some good questions about that that we’ll get to now. Moving on to questions here, we’ve got a few good ones coming through, and feel free to submit more. We’ll get to just about as many as we can today but to combine a few questions here, what kind of experience should someone have before entering the course, and can someone without any cyber security or hacking experience understand the materials?

      Keatron: Yeah. I don’t think you have to have cyber security experience to be successful in this course because we start at a very ground-level position, but it is helpful if you’ve got some technical experience, right? I don’t mean you have to have written programs. You don’t need to be a developer. You don’t need to be a coder. Those things help, but it’s definitely not necessary. Let me give you a baseline. If you can set up wifi, if you can set up your own wifi router, you can set it up, plug it in, follow the instructions, you understand what an IP address is.

      If I told you to ping Google.com, you could do that without me having to tell you specifically click start, click run, type CMD, if you could figure out how to ping Google.com. If I told you to reset your Windows’ password, if you could figure out how to reset your password, that’s the baseline level. That’s the lowest level that we think is appropriate for coming into this class, but if you can do those things, you have some technical hands-on skills, you fit in nicely. You have a lot to learn, but it would be a fun learning experience.

      Camille: Sure.

      Keatron: Cyber security experience I don’t think is required, I just think you need some hands-on, you’ve built a network, even if it’s your small home network, then you know what an IP address is. You know how to get this stuff connected and running.

      Camille: Sure, sounds good. Hopefully that, I think that answers a couple of the questions we had come through so thank you on that. Question from Nick said, “Would you say it’s ever too late to get into the cyber security realm?” He said he’s feeling maybe a little bit late to the game. What is a good way to just jump into cyber security?

      Keatron: I think obviously taking … I would even say maybe for some people, even do this before Security Plus or just do this because you jump right into the hands-on. A lot of the other lower-level certs are more about just memorizing terms and things like that so that you can know what these terms mean, but if you’re a trial-by-fire person, I learn by sitting down and doing it, this is a place that you should gravitate yourself towards and just jump into and start playing around because I don’t think it’s ever too late. The thing is how much tenacity you put into it and how much effort you put into learning, I think that’s really the only determining factor as to how well you do in this industry and how fast you get there.

      You do need to make sure you go at a decent pace because one of the things that’s a little bit disappointing to me is I’ve seen people that I taught ethical hacking a year ago, like they knew nothing, they came in a year ago, learned ethical hacking. Now, they’ve given themselves titles like threat hunter and stuff like that. You can see them posting things like, “CEH. It’s too basic. Go do another higher, more technical, harder certification.” To be honest with you, those same people a year ago, they knew nothing. It’s disappointing to see them try and take away the opportunity or the path for other people to get their foundation solid, trying to push them into something that might be a little bit more advanced.

      You know, the one that we get a lot is the Offensive Security, the OSCP, like, “Oh, do that instead.” Well, I don’t say don’t do Offensive Security. I say you still need to do this first because this is more entry-level. It gives you hands-on. It’s more of a training, whereas OSCP is you proving that you can do these things, but you still need to be trained on it. Otherwise, what will happen is you will get 10 years along in your career, you’ll have all these titles, all these certs, and you are supposed to know how to do all these things but you’ll have these huge gaps in your knowledge base. You won’t be comfortable or confident in what you’re doing. You won’t be as valuable, and you just won’t last in the job role if you can’t actually perform.

      Camille: Right, and I think that’s a good answer especially knowing just the amount of cyber security on field. We need everyone that’s willing to take on these cyber security roles. I agree that we’ve heard of people here at InfoSec that totally change their career path, like someone was a nurse for 15 years and then they’re like, “I want to do cyber security.” If you’re willing to put in that time to just learn it and know you’re going to have to study and that kind of thing, but I do think, too, that people can change that career path at any time.

      Keatron: Oh, absolutely.

      Camille: Another question is does certified ethical hacking, does the certification work or would your skills apply to all operating systems? This person says they use Mac OS and Linux quite frequently in their business.

      Keatron: If you look at the exploits that set was loading here. It was loading OSX exploits. It was loading Linux exploits. It’s just that the victim happened to be running Windows, right? It’s loading exploits for every possible OS and browser combination that you can imagine. I don’t think it’s less applicable to those operating systems. I just think that in the industry, there’s not as much, there’s not as many exploits and not as much effort put into exploiting those systems as they’re not as heavily deployed. For example, if you look at the average enterprise, you will find that most enterprise desktops are still running some form of Windows. From an attacker standpoint, I think a lot of the exploit development, a lot of the research has been into exploiting those operating systems because they’re going to get the most bang for their buck.

      You don’t want to put a year into writing an exploit for some weird Mac application that only two people in the world use, right? You want to spend that year writing an exploit that’s going to be able to exploit literally everyone that’s running Windows. That’s what you see happening. Now, there is an uptick in exploit development for Mac, which is really still Linux underneath them for units, but it’s still not nearly as much as you see out there for Windows.

      Camille: Now, a few questions here specifically looking about the exam. Is the exam a practical exam, a multiple-choice exam, what does that look like, do you know?

      Keatron: It’s a multiple-choice exam. There is a CEH practical version of the exam as well, so you do the written part first. If you choose to go to the next level, they have a CEH practical, which is hands on. You literally log into a cloud environment and you have to scan these machines and attack these machines and do that type of thing. The CEH exam, version 10 as it stands, is just a multiple choice test. Really, what’s happening is I think employers are starting to realize a lot of time the value in the cert is how did they get the cert. If they can through an InfoSec class that was taught by an instructor that drove hands-on and drove actually skill-building that’s a lot different than if they got the cert just by studying a bunch of brain dumps.

      I think the real value there is the way that we do it, it doesn’t really matter if you get it from me or if it’s Eli teaching or whoever. I’ve driven the whole creation of our CEH universe, and I’ve been very strict in how we vet the instructors for it and things like that. You’re going to get a good experience no matter who’s teaching it, and that’s one of the things we drive is you got to make sure they get hands-on and actually do it so that when they get the cert, they earned it and actually know how to do stuff when they come out. Employers will see that. The cert will get you the job. The skills will keep you the job. We try to arm you to get the interviews, but we also want you to keep the job once you get it because you can actually do things.

      Camille: Right, I like that point just because anyone can … Well not anyone, but people can memorize questions for an exam or really study that kind of thing, but once you pass it and get a job in certified ethical hacking and if you haven’t don’t it, memorizing or knowing these quiz answers isn’t necessarily going to cut it when there’s hackers or something in your system.

      Keatron: We have ways, when I interview people to join my team for pen testing, we cut through that. We look at the CEHs and the OSCPs from these people, and the way that I weed them out really quickly is the first thing you do when you see me is I give you a hands-on test. I don’t ask you any questions. I don’t ask you any questions about how TCP works and all that. I just literally say, “Here’s a box [inaudible 00:27:10] on it. Here’s a network. Here’s another box. It’s got connectivity to the internet for you to search. You got one hour to get past this firewall and get at these three machines here,” because if you can’t do that then for me, the interview is pretty much over.

      If I’m hiring you to be a senior pen tester, then you need to be able to senior pen test. I don’t care about how much paper you got. I do care about that stuff because I want those things, but I actually want you to be able to do it and not only say you can do it, prove it. If you come interview with me, you’re going to sit down in a room and you’re going to have to prove that you can do these phases that we talked about, in a system, in an environment that you haven’t seen before. When I do that, usually I would say only 2% of my candidates that have put in applications, about 2% of them actually make it past that point.

      Camille: Wow. That’s definitely important I’m sure for [crosstalk 00:28:07]-

      Keatron: I try to teach that in the classes I teach. I try to prepare them as if they’re coming to interview for me next week. I want you to have these skills so that most job interviews that you’re going after that you should be able to impress if you can do these things.

      Camille: I’m sure that’s important for yourself as an employer and others as well. I think that’s a good answer to the question is the exam is just multiple choice. There’s no practical portion of the exam, but you’re not going to be able to do much with that certification if you can’t actually do the skills in summary.

      Keatron: Yep, exactly.

      Camille: Perfect. Question from Jason, “Are there any courses or certifications that you say maybe complement the CEH? If so, what would those be?” Something maybe that would help them advance their career with that or that kind of thing.

      Keatron: Absolutely. Complementary, and to me that means either on the same level or maybe a little bit higher, I would say any good web application certifications that we do, like the web pen test, the mobile pen test, those are good complements because you dig deep into web. You dig deep into mobile devices. Also, the forensics would be a good one because part of being a good hacker is being able to cover your tracks. To cover your tracks well, you need to know what forensics people look for and how to make that difficult. Beefing up your forensics knowledge I think is necessary to be a good hacker or a good pen tester. Also, incident response is a great one because that’s how you start to open the door to other avenues such as threat hunting and stuff like that.

      Camille: Following up with that, does the ethical hacking course cover mobile Android or IOS security? Is that something separate?

      Keatron: We do cover it a little bit. We don’t go a ton into it because we do have a mobile pen testing course. You deal with IOS and Android exclusively in that course, and it’s really just taking [inaudible 00:30:12] or taking the devices and figuring out how to exploit them, primarily through the apps that are on there. With IOS, that’s basically what you’ve got. If you can get into any one of those apps, then we look at moving horizontally and elevating from that point and kind of the same with Android. We touch on it, but if you want the in-depth, more hands-on with that, you should take the courses specifically for that.

      Camille: Sure. Get in-depth into all of those areas then. What tools are needed maybe for the course or for performing certified ethical hacking?

      Keatron: To take the course, unless you don’t need any, we provide you all the tools. Essentially, we give you a virtual environment that you work in where you will have all the tools pre-set up and pre-installed. I also do a thing at the end of the courses that I teach where I will walk students through how to build their own practice environment in Microsoft Azure or AWS or Google Cloud so that they can either continue to use ours for however long they need or they can build their own environment.

      Camille: Looking at some more of the questions here, someone said that they have their bachelor’s degree in business and IT management. They have four years of experience in IT security, so they’re planning to do the CISSP`, which is another popular course. Do you think that the Certified Ethical Hacker would be a lot more valuable in combination with the CISSP? Or, is it … Does the value change necessarily in combination I guess is part of the question?

      Keatron: Yeah, that’s a good question. I do think that having the CISSP with the CEH makes the CISSP more valuable because it means that you have a deeper understanding. CISSP is more management level, right? It’s a high-level view of what an exploit is, what malware is. CEH is, “I’ve actually done an exploit.” You can talk about it at a little more depth. You’re a little more confident talking about what these things are if you’ve actually put your hands on it and done it. I definitely think the CEH increases the value, but I also think the CISSP, having that in combination with CEH increases the value of the CEH as well because, again, it means that you have a much richer understanding of the high-level policy upper management view of security as well.

      Camille: Looks like we’ve got time for just a couple more questions here as we wrap up. Let’s talk about how can you prevent this from happening in your network? Let’s say you are the certified ethical hacker, and you’re watching for these people. What are the main things that someone would want to watch for maybe?

      Keatron: If you’re talking about the specific attack that I just did, is that what the question’s around?

      Camille: It didn’t necessarily specify.

      Keatron: Yeah so if it’s the specific attack that we just did, one thing is on your internal network, you should be doing things like port security. You should have something called dynamic arc inspection via DHCP snooping enabled at the router level because it will look for these gratuitous arc replies and try to block them. It would prevent you from even setting up the environment to be able to do the attack. That’s in your internal environment, right? If you are on a Starbucks wifi, you don’t have access to that equipment to try to set up or configure those things. Most of the consumer-grade equipment that you see in places like Starbucks or at hotels, that equipment doesn’t even have the capabilities to do these security things, which is why I just say don’t use it, right?

      In your enterprise, yeah, DHCP snooping with dynamic arc inspection, try to move the IPV6 as soon as you can because it takes out some of the arc attacks to where you have to do other things. It just makes it harder. Also, you want to consider making sure that in your environment, you keep your employees off of your guest wifi because I’ve run into this several times already in pen tests just within the last year where corporations have public or guest wifi that’s physically connected to their corporate network. I literally almost had a [kanipshin 00:34:48] fit because I had to really drive home the point, you can’t … These have to be physically separated. You can’t have it this way.

      You have your guest wifi completely open so anyone can get on it, and it’s physically connected to your corporate network. Usually, what I get is pushback from the infrastructure guys saying, “Well, you know, we’ve got [BLANS 00:35:10] and all this,” I have to literally go in and show a BLAN hopping demo to see why, show them why BLANS aren’t enough. You just have to physically separate it. That’s one thing is keep your guest wifi physically separate because the same way I did this in Starbucks, I could go onto your guest wifi and get all of your customers that are on your guest wifi, or worse, your employees that jump on your guest wifi at lunch so they can get around your corporate filters and look at stuff they shouldn’t be looking at at work. That’s one thing that you have to consider with all of that.

      Camille: Sure. All right, as we wrap up here, I know that we talked about mobile is separate but covered a little bit. A question asking about IOT, so internet of things, and smart things are on the trend now. What are some of the vulnerabilities there, and would this class help cover any of that?

      Keatron: Yeah, we have a whole section on IOT devices. We talk about some of the common vulnerabilities such as the fact that a lot of these things are just literally sitting out there in the wide open. There was a DNS attack last year that affected a big part of the east coast. It was primarily propagated by distributed denial of service via IOT devices, your Echos, your iHomes, your Google Homes and those types of things. Even refrigerators, Nest things, Ring appliances for Ring doorbells and stuff like that, all these things are wide open from a standpoint that you can reach them. Now, what’s happening, what’s really scary is it’s just now getting to the point that a lot of exploit developers are trying to write exploits for these things. What they’re finding is because they were so haphazardly built and put up that a lot of the security that we have on traditional applications and things just don’t exist there. The exploit writing path is a little less resistive.

      Camille: I know there’s some statistic we saw recently about the number of connected devices each home now … or the average home has now compared to a few years ago and what that can mean for security is just an outstanding thought of all the devices that are connected.

      Keatron: Yeah I mean I’ve got a iHome, a Google Home, and an Echo. I use them all three. I don’t use them per se, but I research like I’m trying to come up with ways to exploit them, finding vulnerabilities in them and things like that because that’s what I’ve do. I’ve got some interesting research that I’m probably going to release within the next year or so.

      Camille: Interesting. We’ll be looking forward to see what you come up with there. We’ll do one more question here, and then it looks like we’ll be kind of at the end of that hour mark. Could you tell us a little bit about … a lot of questions regarding how the class, how long the class is, how people can take that course?

      Keatron: Yeah, so that’s a good question because the CEH class [inaudible 00:38:24] has went through quite a few evolutions in the last 10 years. What used to happen is we didn’t have online. It was all in-person, so we would all be in this conference room at a hotel. Everyone would just stay at the hotel. That was kind of the mandatory, you had to get a room there because we would sit down there in that conference room until 10 o’clock at night sometimes just based on what people required. Then we started to migrate to where we did some online students while we had some in class. What was happening is the online students would feel a little left out if we were staying in the classroom doing these CTFs that they didn’t have access to because there was no physical access to the environment.

      What happened is we eventually got it to where all of our CTFs were then hosted online, so people online and in class would do the same thing. Now, we generally go up until about five o’clock is part of our normal day. We break for dinner. Some people go to dinner and don’t come back because, again, the CTF is self-contained and it’s online so you don’t have to come back to do it. People are more and more preferring to go back to their rooms or go home or stay at home and work on that CTF at their own place in their own time. Then we we convene the next morning, I walk through it. I’ve also had some students that have wanted to hang around, so we do that as well for the ones that want to do that.

      It’s just getting more and more to where there’s a lot fewer students that want to sit because it’s different if you’re coming, if you’re flying out here and staying at a hotel. Then, sure, you don’t mind staying there an extra few hours. If you’re at home, you still got to go pick up the kids and do all these things right around five o’clock, it makes more sense to just be able to leave and come back when you feel like it. The online delivery and the flex portal that we have has done a great job of allowing us to give students that flexibility.

      Camille: As we wrap up here, just want to thank you again for joining us today. A really great presentation, a lot of great questions. I want to thank the audience as well for participating and joining in in those questions. If you want to learn more about the ethical hacking course, the link is listed there for you as well as a phone number to call and see if we can get you enrolled in a class there. Thank you again, everyone, for joining, and special thanks to Keatron for the great presentation today.

      Keatron: Thank you guys.

      Chris: I hope you enjoyed today’s episode. Just as a reminder, many of our podcasts also contain video components which can be found at our YouTube page. Just go to YouTube and type in Cyber Speak with InfoSec to check out our collection of tutorials, interviews, and other webinars. As ever, search Cyber Speak with InfoSec in your favorite podcast app for more podcast episodes and to see the current promotional offers available for podcast listeners. To learn more about our InfoSec Pro Live Bootcamps, InfoSec skills, on-demand training library, and InfoSec IQ Security Awareness and Training Platform, go to infosecinstitute.com/podcast, or click the link in the description. Thanks once again to Keatron Evans and Camille Dupuis, and thank you all for listening. We’ll speak to you next week.

Free cybersecurity training resources!

Infosec recently developed 12 role-guided training plans — all backed by research into skills requested by employers and a panel of cybersecurity subject matter experts. Cyber Work listeners can get all 12 for free — plus free training courses and other resources.

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.