IP Address Illustration

My CEH Training Journey

Published: April 30, 2025

How I dove into ethical hacking, what I learned, and where I’m headed

🚀 Why I Chose CEH

The world is increasingly digital, and that means security is everything. I’ve always been curious about how systems get breached — not just to prevent it, but to understand it.

The Certified Ethical Hacker (CEH) certification stood out:

  1. Globally recognized
  2. Covers real-world tools and techniques
  3. Great entry point into cybersecurity & red teaming

So I signed up. Here’s what the ride looked like.

🧩 What the CEH Training Covers

The training is intense, practical, and eye-opening. Here are the core areas that stood out:

1. Footprinting & Reconnaissance

  1. Learning to gather intel like an attacker
  2. Tools: whois, nslookup, Maltego

2. Scanning Networks

  1. Identifying open ports, services, vulnerabilities
  2. Tools: nmap, Angry IP Scanner, Zenmap

3. System Hacking

  1. Password cracking, privilege escalation, backdoors
  2. The importance of patch management and endpoint protection

4. Malware & Trojans

  1. How malware hides and spreads
  2. Manual analysis vs sandboxings

5. Sniffing & Session Hijacking

  1. Analyzing traffic with Wireshark
  2. Understanding MITM attacks in public networks

6. Web App Attacks

  1. SQLi, XSS, CSRF — the web attack trifecta
  2. Real practice using vulnerable labs (DVWA, bWAPP)

7. Wireless & Mobile Hacking

  1. Cracking WPA2, rogue APs, mobile OS threats

8. Cloud Security

  1. Shared responsibility model
  2. S3 bucket misconfigs, cloud sniffing, IAM abuse

🛠️ What I Used to Practice

CEH theory is one thing — but hands-on practice is where it clicks. Here’s what helped:

  1. 🔐 TryHackme> & Hack the box for labs
  2. 🧪 DVWA, Metasploitable, Kali Linux VMs
  3. 💻 My own network + router as a test environment
  4. 🧰 Toolkit: Burp Suit, Wireshark, Hydra, Metasploit, Gobusters

🧠 What I Learned (Beyond the Tools)

1. Thinking like an attacker changes everything.

You stop assuming things are safe — and start questioning every endpoint.

2. Defense is better when you understand offense

From patching to firewalls, it's easier to secure what you truly understand.

3. The hacker mindset is persistent, patient, and always curious.

I found myself Googling obscure vulnerabilities for hours — and enjoying it.

🔥 Challenges Along the Way

  1. Some modules are theory-heavy — I had to push through
  2. Setting up practice labs safely took time
  3. Memorizing tools vs understanding why they work

But every bit of friction made me better.

✅ What's Next

  1. Taking the official CEH exam 💥
  2. Moving toward OSCP or PNPT (more hands-on certs)
  3. Building personal tools (like my rogue IP detector)
    4. Sharing write-ups of challenges and vulnerable machines I solve

🧠 Final Thoughts

If you're thinking about the CEH: go for it — but go all in.

Don’t just aim to pass the exam. Use the content as a launchpad to actually think like an attacker. Spin up labs, break things, ask “what if?” a lot.

This journey gave me direction, confidence, and a deeper respect for cybersecurity.