Product: 0789735318

I’ve been reading through this book for the CEH based on it’s high reviews here at amazon. I have not yet taken the CEH but am writing this review based on my current findings as a general security practitioner. I’ve read the majority of the book, and while some sections are alright, I find others disturbing…

Chapters 1-3 seemed fine, covering concepts i would expect to see on the exam. The tools mentioned were useful, relevant, and for the most part can still be used.

Chapter 4, essentially covering all of windows hacking, I found to be lacking. It discusses null sessions but that’s about it. It starts to feel dated at this point. Furthermore, many of the tools referenced cannot be found on the web. Doing a google search for them yields no relevant sites at all, or in one case one archive of a program was found but corrupted.

Chapter 5 is really a beginners intro to Linux followed by a summary of a few automated tools such as Nessus and RATS. I personally found the Linux intro to be too basic and feel that if someone doesn’t know how to use ls or cd on Linux then they shouldn’t be attempting to hack Linux. Now if this is just there for the exam, then that’s fine, but it just seems a bit off. I had never used RATS before and now i have, so I owe it to this book for having me try it out…

Chapters 6-7 actually pick back up a little bit. They offer some information that feels like you learn a little bit while reading rather than just glossing over everything. Granted, still not super detailed but it does feel like it’s back on track for a CEH exam as one would expect.

Chapter 8….this was the worst ive read. It discusses web app hacking, but it glosses over everything so much its pretty useless. While i knew some already, i just don’t see any content in this chapter, especially the section on SQL injection. It essentially tells you to submit a tick as input and if you get results then you have successfully done SQL injection. End of story. There is a little bit more to it than that, and they could have at least provided a basic example to grab some data using SQL injection. There wasn’t any example, even simplified. I also found one solution to an exercise particularly saddening. The question was essentially convert a base10 number to dotted decimal. The solution shows how to convert dotted decimal to binary back to dotted decimal…essentially getting the authors nowhere and completely forgetting that the original question is base10. Perhaps I’m getting picky, but I cant help it.

Still reading, but it feels like this book is gradually going downhill. It seems ok at first, but the more you read it the less you feel like you are learning…whether that is the CEH or the book, I don’t know…

With all that aside, the book is ok. The authors style is fine and easily readable. It does offer some challenges throughout the chapters that could provide some good real life exercises with this stuff. There are also the review questions at the end of each chapter with explanations of answers, even if some of the explanations are totally whack. Then there is a good 100 pages of appendixes / questions / quick facts that could be good to review everything you had read in the book if you are about to take the exam. It also comes with a cd containing a live linux distro I believe ( although you’re better off just downloading a current version of backtrack) and a full pdf version of the book, which is handy for people like me that like would prefer to not to have to haul around a bunch of books.

If it gets the job done and a pass at the CEH, then i would say its worth 3 stars…some is useful but content just feels to be lacking in details a bit too much for my lacking, yet it still comes in at 500 pages so it still takes time to read through it if you read each and every page like i tend to do.
Rating: 3
0789735318
Count: 5