Certified Ethical Hacker Practical Review

Certified Ethical Hacker Practical (CEH Practical) is highest exam in core category provided by EC-Council. It stands as the next step after you have completed the Certified Ethical Hacker (CEH) course and passed the Certified Ethical Hacker (CEH ANSI) certification exam. However, CEH Pratical is not the course itself but an exam instead as it is a hand-on test of what you have learned from CEH course. It is a six-hour exam that requires you to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, web app hacking, etc. to solve a security audit challenge. The exam includes 20 real-life scenarios with questions designed to validate essential skills required in the ethical hacking domains as outlined in the CEH program. Moreover, you will be obtain Certified Ethical Hacker Master (CEH Master) if you passed both CEH ANSI and CEH Practical.


I have got to know Certified Ethical Hacker (CEH) since it was at version 9. At that time, it was like the ultimate course and certification for information security, but then more and more people started to figure out that taking the course or passing CEHv9 certification exam itself did not reflect that they had enough hand-on skills to become a white hat hackers. EC-Council tried to address the issue by releasing version 10 of CEH in 2015. This time it has 2 types of exam, CEH ANSI and CEH Practical. However, CEH certification process was still the same as CEHv9 since you only need to pass CEH ANSI to earn CEH certification. It means that CEH Practical is optional for those who have already passed CEH ANSI exam. Most people do not take the CEH Practical after passing the CEH ANSI exam since CEH Practical can be quite costly, they are not confident in their hand-on skills or they find that CEH Practical does not add much value to their current CEH certification. EC-Council then changed their strategies by allowing those who has passed either CEH ANSI or CEH Practical to earn the CEH certification and remove the prerequisite from CEH Practical. Moreover, they also introduced CEH Master to encourage people to achieve both CEH ANSI and CEH Practical. After I have got to know PWK/OSCP from Offensive Security, I have never thought that I would attend to CEH course or exam. On May 29,2020, I got an email from EC-Council that they were giving away scholarship for CEH Practical, so I decided to apply for it since I would like to see the value that CEH Practical offers comparing to OSCP. I then got accepted into the program, paid the processing fee of $99 which is ridiculously unexpected in term of scholarship and activated the CEH Practical dashboard with the code provided in the email.

CEH Practical Exam

I then followed the Dashboard User Guide provided within CEH Practical dashboard in order to book for an exam on 18 June, 2020. Since I had prepared most of the things during my PWK/OSCP journey, so I thought I have nothing to prepare here besides go straight to the exam.

30 minutes before the exam, I opened up the ASPEN portal to view Exam page and wait for exam countdown to finish. When the time was up, I clicked on Start Exam, and it prompted me to install GoTo Meeting in order to interact with exam proctors. After GoTo Meeting is running, proctor showed me rules during the exam and performed verification process. Once everything is completed, proctor asked me to click on Launch Exam in ASPEN, and proctors then entered their credential to officially start the exam. After the proctor logged in, a browser window popped up saying that it is preparing the Virtual Environment that I will be using to take the test. It took around 2 minutes to complete, and I was presented with a tab in the browser which contain a Kali Linux, a Windows Server 2016, 5 more hosts within the network and 20 exam objectives to complete. The exam objectives are very straight-forward, and I spent around 3 hours to complete the exam which contain service and OS enumeration, banner grabbing, password cracking, steganography, packet capture, packet analysis, cryptography, SQL injection, web application enumeration and exploiting web application. Exam objectives are designed to be solved with tools provided in Kali Linux (65% of the exam objectives) and Microsoft Windows (35% of the exam objectives). During the exam, I was so annoyed with Virtual Environment which was very slow and laggy. As long as I knew I got more than enough points to pass exam, I notified the proctors that I would like to submit my answers and then proceeded with the submission. After submission, proctors asked me to checked the Exam Status in ASPEN portal. It turned out that I got 17 out 20. It is not a good score, but I could not force myself to use that slow and laggy Virtual Environment anymore.

Here are the exam details.

Certification Name: Certified Ethical Hacker (Practical)
Prerequisite: None
Exam Type: 20 Practical Challenges
Time Allowed: 6 Hours
Pass Mark: 70% (14/20)
Validity: 3 Years
Availability: Aspen – iLabs
Test Format: iLabs Cyber Range

Final Thought

I think I had a very bad experience with CEH Practical’s Virtual Environment during the exam as it was very slow and laggy. Moreover, CEH Practical is not a complete hacking course or exam like courses provided by Offensive Security or eLearnSecurity. It is more like CTF challenges that they design to assess to know if you know tools they cover within their CEH course. It does not make you connect the dots or exploit vulnerability in order to take over vulnerable systems. If we compare the level of intensity between CEH Practical and OSCP, we can see that CEH Practical is only like a scratch on the surface of what provided by OSCP/PWK.

For me, I have never attended CEH course before, but I used to attend in quite many CTF contests and familiar with quite many CTF challenges. As a result, I felt so familiar with the exam objectives. If you are familiar with CTF challenges such as cryptography, steganography, network, mics and web, I think you will have bigger chance of passing the CEH Practical exam even though you have not attended the CEH course.

If you surf the web to compare between OSCP and CEH, I think you would find quite lot of article about “Friends Don’t Let Friends CEH“. For this claim, I kinda agree and disagree. If we take into account of the full course and exam fee of CEH or CEH Practical ($550), my answer would be “Stay Away From It“. And I would recommend them to take a look at courses from Offensive Security or eLearnSecurity instead as those courses focus more on advanced hand-on skills like exploiting the vulnerability and taking over the vulnerable systems. But if you got their scholarship (processing fee of $99), my answer would be “Go For IT” as I bet you cannot find any cybersecurity or information security certification from reputable provider like EC-Council at this price. However, this scholarship only cover the exam voucher but not the study materials.

One best thing about Certified Ethical Hacker (CEH) from EC-Council is that it appears to be well-known to general hiring managers comparing to other penetration testing certifications such as Offensive Security Certified Professional (OSCP) from Offensive Security or Penetration Testing Professional (PTP) from eLearnSecurity.

Ridiculous Facts

Below are some facts about CEH Scholarship and CEH Practical exam that I found to be ridiculous.

  1. After you are selected for CEH Scholarship, you will need to pay a processing fee of $99. (Scholarship contradiction?)
  2. CEH Scholarship only covers the CEH Practical exam voucher but not the study materials. (How to prepare for it? Attend CEH course?)
  3. You are not allow to extend the monitor during exam. (But why?)
  4. You are not allow to talk to anyone during the exam. (Kinda acceptable in term of exam)
  5. You are allowed to have 2 breaks of 5 minutes during the exam. (Kinda acceptable in term of exam)
  6. Proctors will record your screen, your activity via webcam and also sound via mic, but exam result will be released immediately after the exam. (What is the point of recording then if no review?)
  7. Their Virtual Environment is very slow and laggy. (Very bad experience)
  8. Wordlists for password cracking are provided. (Exam objectives are already straight-forward, and this wordlists just make it effortless)

You may also like...

11 Responses

  1. IR says:

    Hi khroot,

    Thanks for the detailed review! It happens that I got the same scholarship and I want to do the test next month. I did OSCP last year but I am little rusty now. What do you suggest me to concentrate before attempting this test?

    • KHroot says:

      As I said, the exam objectives are very basic and straight forward. Things like credentials and wordlists are provided. The only thing that you need to do is just to know and use the right tools for the jobs. Moreover, make sure you are familiar with tools or challenges like service and OS enumeration, banner grabbing, password cracking, steganography, packet capture, packet analysis, cryptography, SQL injection, web application enumeration and exploiting web application. It’s a CTF-like exam not OSCP- like exam, so you don’t need to exploit things.

  2. IR says:

    Thanks for hints, KHroot!

    I think I am planning doing it next week based on this. Maybe the areas where I will get struggle is stenography and cryptography but I think that google could save the day for me. I am not good at CTF exercises but let’s see what happens 🙂

    Thanks again for the hints and your time!

  3. Jeremy says:

    Thanks for the great write up

  4. Muqeem says:

    Can we access our iLabs during the exam????

  5. angkorphantom says:

    Thank for your reviews, I passed it. The lab is freaking slow. Damn slow. After I earned enough score to pass, i decided to end that freaking slow lab.

  6. Hovaten says:

    Hi, can you share list of tools that you used in the exam

    • KHroot says:

      Hi, Hovaten
      I’m afraid I can’t share the list of tools in the exam as it will compromise the integrity of the exam. Please refer to the categories or type of attacks specified in the post above.

Leave a Reply