If you’re interested in building a career in cyber security, Certified Ethical Hacker (CEH) and the CEH (Practical) are a great choice. Read on to learn about how the deal we’re offering on the CEH (Practical) exam and how it differs from the regular CEH exam.
Get $200 off through the end of 2019!
October is National Cybersecurity Awareness Month, and we thought that would be the perfect time to announce that we’re offering $200 off the price of CEH (Practical) exam vouchers through the end of 2019! That means you could register for this exam for only $300 instead of the usual $500! The voucher is good for 1 year from the purchase date, so you don’t have to be completely ready to take the exam when you buy the voucher.
What is the CEH Practical?
The CEH Practical is the next step for those who have achieved the CEH credential. This rigorous exam is 6 hours long and includes 20 realistic scenarios with questions designed to validate critical skills in the ethical hacking domains that are outlined in the CEH program. Where the CEH exam is about validating knowledge, the CEH (Practical) is about showing that you can implement that knowledge in real-world scenarios.
This exam makes use of virtual machines, networks and applications to mimic a real corporate network. In the exam, you’ll be presented with scenarios and asked to put into practice the knowledge gained from CEH training.
CEH (Practical) credential holders have demonstrated their ability to:
Exploit their understanding of attack vectors
Scan networks to identify live and vulnerable machines in a network.
Perform OS banner grabbing, service, and user enumeration.
Perform system hacking, steganography, steganalysis attacks, and cover tracks.
Identify and use viruses, computer worms, and malware to exploit systems.
Perform packet sniffing.
Conduct a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc.
Perform SQL injection attacks.
Perform different types of cryptography attacks.
Perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems etc.
Why is it great for your career?
Employers want to know that you have the practical skills to help defend them against incoming cyber attacks, and there’s no better way to show it than attaining your CEH (Practical). For those who are newer to the industry, this can be especially beneficial. According to Payscale.com, the average Certified Ethical Hacker (CEH) Salary is $78,979, and some make as much as $126,000. Those who have more experience or credentials will usually fall on the higher end of this scale.
Get CEH Training at LeaderQuest
If you’re ready to upgrade your paycheck and open new career opportunities, come get CEH certification training at LeaderQuest! Forget about self-paced learning and YouTube videos. Our cyber security school is led by industry experts with real-world experience, so you get the knowledge you need to excel. You’ll be ready to pass the CEH certification exam on the first try, but if you have any problems you can sit the course again for free over the next year.
You can complete our CEH course in 5 weekdays with our daytime schedule or over 2 weeks on our evening schedule. With an included test voucher for the CEH exam cost included (not CEH Practical) and onsite testing center, you can complete your certification and get back to work as efficiently as possible. So, are you ready to increase your job security and salary in a growing and lucrative industry?
It’s that time of year again when people want to be scared by stories of ghosts, ghouls and monsters! These stories can give us chills, but what about the real horrors that wait for us out there on the internet?
Like ghosts from horror movies, hackers and cyber criminals are out there constantly seeking a way to enter our (digital) world. They want to access your Facebook, your Instagram, your Paypal, your Amazon, your banking websites: everything. They might even use your information to try and hack your friends and family.
Check out these 4 cyber security horror stories, below
Invasion of the Facebook Account Snatchers!
The Horror Story
You wake up on a weekday morning and see an email notification on your phone. It lets you know that your Facebook email has been changed to an old Hotmail address you haven’t used in years. The next email in your inbox informs you that your Facebook password has been changed.
You sit bolt upright in bed. This can’t be right! You try to log into Facebook, but your old password won’t work.
Okay, don’t panic. This can be fixed. You find that one of the notification emails has a link to secure the account if this change was unauthorized. Relieved, you click it, ready to get your account back. But the whole page is in Turkish, incomprehensible. You can’t make heads or tails of it, or find a way back into your account.
Pulling up your account by URL you find somebody else’s face on your profile, and somebody else’s name. Your account has been invaded, and somebody else has taken your place. They have access to all your messages, your friends, your photos and personal information about you stored in your account. Even other websites and apps that you use Facebook to access.
Somebody has stolen your digital life from you!
This really happened to Jeff Bercovici, Inc.’s San Francisco bureau chief.
So how did the hacker get access to his Facebook profile? Through an old Hotmail address that Jeff hadn’t used in years. Hotmail will release old addresses to be re-registered if they haven’t been in use for two or more years.
This old email account was still connected to Jeff’s Facebook profile, and the hacker was able to use it to get in. He then changed the password and the primary email and took total control of the account. If Jeff wasn’t a tech journalist with connections at Facebook, it might have taken him a lot longer to get his account back.
What can you do to prevent this?
You should check your security settings on your Facebook account.
Check for any connected email addresses and remove old ones.
Make sure you have two-factor authentication enabled.
Lock down privacy settings to prevent people from using your Facebook account to gather information about you.
The Silence of the Phones
The Horror Story
You’ve had a great weekend up in the mountains, enjoying the clean air and beautiful weather. You phone hasn’t rung once, and you honestly haven’t missed it.
You pull into the driveway, and suddenly your phone blows up with messages, emails and notifications. It seems your bank card’s PIN has been changed and multiple withdrawals have been taken out of your accounts.
How was this possible? You set up two-factor authentication for all of these services, nobody should be able to access them without a code sent only to your phone.
You immediately call your bank, only to find that you have no cell service. You only got these messages because your home wifi connected. You can’t make or receive calls at all! Somebody has stolen your phone number. And with it, your bank information, your social media accounts, your email.
You see messages pop up from some of your friends, wondering why you’ve been asking for so much money…
This is exactly what happened to Christine, who writes the Her Money Moves blog. She suspected that hackers somehow got to her money through her use of a mobile banking app, despite the fact that she never saved her password in the app.
It’s impossible to know how exactly they got access to her banking information, but they certainly took control of her phone number.
This kind of theft is becoming more and more common. With a few basic pieces of information, like the last four digits of your Social Security Number (perhaps from a website breach), somebody can impersonate you when calling your cell service provider. They might even go so far as to walk into a cell phone store and impersonate you, complete with a fake driver’s license.
Once they have your number attached to their phone, all of your two-factor authentication becomes meaningless.
What can you do to prevent this?
It might seem like there’s nothing you can do here, but there are a few important preventative measures you can take.
Call your cell phone company and set up a “verbal password” or PIN.
Make sure that this password is required for all account changes.
Make sure that web access to your account is highly secured and also uses two-factor authentication.
Once this is completed, try to hack yourself. Call you cell company from a friend’s phone and see if they’ll let you make changes without the pin.
210 Days Later
The Horror Story
You wake up one morning and find yourself locked out of your Instagram. Checking your feed, you can see that somebody has been deleting your photos, uploading other ones.
Somebody has stolen your Instagram account. You don’t want to care, but it’s an important part of your professional life. You had a verified account, surely it can’t be that hard to get it back.
But the company is run by ghosts. Nobody responds to your support requests. You try their website, but the “help center” is useless. Every article leads back to an article you’ve seen before, a form you’ve already tried. You wander this maze of “help” pages endlessly, submitting forms and getting no response.
And through all of this, nobody will talk to you. Not one single human has reached out to you about your issue. Days turn into weeks, and you try everything again. Weeks stretch into months. Still no response. You try every help form again, and again, and again.
Finally you realize that you are alone. Nobody is ever going to help you get your account back. The only replies you can expect are from robots: cold, uncaring, and unable to help you.
Rachel Tsoumbakos detailed the arduous process of trying to get her account back in this blog. She submitted form after form, tried every support address she could locate, and nobody would help her.
Her blog chronicles months on end of trying to get her account back, as well as the process that finally helped her get access. Eventually, in the depths of the “lack of help” center as she calls it, she found this link: https://help.instagram.com/368191326593075 (but you may need to access it from your phone, not a PC).
She was contacted by what seemed to be a person but was probably just a bot, asking for a picture of her holding a hand written sign including a code they’d sent her. It took a few tries, and she found that writing in thick black marker was what did the trick.
After 7 months of waiting, she was finally granted access to her account again.
What can you do to prevent this?
First, do everything you can do lock your account down. The best way to deal with this is to prevent yourself from getting hacked in the first place. See our instructions for Facebook above, which include:
Check for any connected email addresses and remove old ones.
Make sure you have two-factor authentication enabled.
Lock down privacy settings to prevent people from using your Instagram account to gather information about you.
If you’ve already been hacked, here are a few Instagram resources:
After countless hours spent grinding enemies, you have amassed a Runescape collection rivaled by none. Some would say it’s just a game, but for you this is your life. After two years devoted to the game you’ve earned friends, fame and lots of money!
So when you see an ad for an app that will finally let you play Runescape on your phone, you can’t believe how lucky you are! This is just what you’ve been looking for. You click through, and are directed to what you think is the legitimate Runescape website to fill in some information.
They ask for your username and password, so you enter those first. You’re so excited that you don’t even bother to make sure you connection to the site is secure. When the next screen asks for your in-game bank PIN, you find it a little odd, but you can’t wait to get going so you enter it anyway. You authenticate your account, ready to be able to play your favorite game any time.
The next morning, the reality of your mistake becomes clear. You log in to find your bank account and character have been completely cleaned out. All 19 million dust runes, 4.2 million Marrentill herbs, 347,000 cballs, over 7,000 bandos pages, 106,000 potato seeds, 20,000 dwarf seeds… everything is gone. And all because you fell for their scam.
You might think that after such a blow, quitting the game would be the only sensible answer. Instead, this experience helped reddit user zedin27 to enjoy the game all over again. Kudos to zedin27 for being an indefatigable optimist!
So how did it happen? This was a fairly complex phishing attack, using an ad as the entry point instead of an email or Facebook message. If zedin27 had been careful to check the page’s URL and make sure the site was secure, he would have noticed something amiss. As we covered in our blog on 7 Cyber Security Tips for Anyone Who Uses the Internet, pages designed to mimic real websites are easy to spot if you’re on the lookout.
What can you do to prevent this?
Phishing attacks are everywhere. Here are a few ways to protect yourself.
Be suspicious of links and attachments. Make sure the sender or website is who you really think it is.
When filling in forms, check for HTTPS in your browser. Usually you should see a lock icon if the site is secure. This is especially important for any financial sites or transactions.
Check the URL to make sure it’s really the site you think it is.
If something seems “phishy,” don’t follow any links provided. Open a new browser page and go directly to the site in question. This will prevent you from going to a faked version of a site you use often.
Cyber Security Doesn’t Have to be Spooky!
Are you interested in cyber criminals, what they do, and how they can be stopped?
A career in cyber security could be perfect for you! LeaderQuest offers accelerated training designed to help people with zero experience gain the skills and certifications they need to get hired in IT. Advanced cyber security positions will require more experience and training, but now is the perfect time to start.
If you’re interested in IT, click on the link below. We’ll contact you and walk you through a career assessment to see if IT is right for you!
Lavall Woodhouse separated from the United States military in 2004 after being stationed in Mannheim, Germany and Fort Bragg, North Carolina. Like most veterans, Lavall had just come off of deployment and had little idea about what to do with his life after serving our country.
“There wasn’t really a whole lot of support in the idea of transitioning from the military to the civilian world, it was kind of like you’re on your own,” Lavall said.
Watch Lavall tell his story about training at LeaderQuest Dallas in his own words below:
Homeless and Directionless
Unfortunately, many of our veterans are lost upon their return, lacking a compass to lead them to success in the country they have been navigating the world to protect. LeaderQuest is here for that exact reason, to be a compass for individuals and lead them to success through IT training.
Lavall was in desperate need of guidance and had found himself in unfortunate circumstances leading up to his time at LeaderQuest Dallas. “When I first came to LeaderQuest, I was trying to rebuild in a sense. I was homeless, and I didn’t have a job.”
This is all too common, veterans 18-30 are twice as likely as the general population to become homeless.
The Start of a Brighter Future
Lavall was directed towards LeaderQuest Dallas by his vocational rehabilitation counselor who presented him with different training opportunities. He decided to go with LeaderQuest’s short-term certification training program and in 2016 and began his journey towards a fulfilling career in IT.
“My first impression was positive. Everybody that I had met had a great attitude in the idea that they were glad to have me there, and those attitudes were a large part of my choice”.
Once he passed the certification exams, he then faced the next challenge of finding a job. Luckily, LeaderQuest was already one step ahead of him and ready to ease him into this next phase with one-on-one guidance from Erika Ofurum, LeaderQuest Dallas’ Employment Development Manager (EDM). “She sat down with us and started to learn about what we were into, what kind of backgrounds we had, and what kind of certifications we had. That’s when I started to get really confident,” Lavall went said. “She really rekindled that fire for me. That was exciting.”
Getting a Job with Amazon
Lavall’s excitement was intensified as more companies started to reach out to him. His hard work finally culminated in a job offer from Amazon to work for their web services team. About a year later, we asked him if he liked his new job. He told us, “I love it!”
“We all have this idea of wanting to be GREAT. That thought is within all of us, you just have to find it and then realize it.”
Cyber Security Training at LeaderQuest
There are times when we are alone and lost and there are times when we guide each other as human beings to find ourselves and our purpose. Lavall’s will had gotten him through the trenches of the military and his determination propelled his future into a fulfilling career.
Lavall served our country, fell down, and rose up to a bright new future. His situation is a perfect example of why we exist and what drives LeaderQuest employees to deliver the highest quality of service. LeaderQuest and Lavall will always be connected by his story and the continued story of how we plan to change thousands more lives through short-term training, certifications, and guidance.
We’ve all seen it. The rapidly flashing screens. The confusing jumble of nonsensical numbers and symbols. Or, the lame PS1-esque graphics that Hollywood seems to think makes a mega hacker. Movie hacking is corny, goofy, and a convenient plot device when you want something to seem futuristic.
Before we establish what hacking is, it’s important to establish what it isn’t. The answer is, well, basically anything you’ve ever seen on TV. It’s not Newman telling Samuel L. Jackson he didn’t say the magic word and infecting all the computers as in Jurassic Park.
It’s not a man in a black light gyroscope twirling around while his green body dissolves into a swirling nightmare vortex as he says, “I’m in,” as in Lawnmower Man.
And, perhaps most importantly of all, it’s not trying to stop a real-time hacker with the most effective method of all. JUMPING ON THE SAME KEYBOARD TO DOUBLE YOUR ANTI-HACKING SPEED. (As seen in 2 idiots, one keyboard from NCIS fame.)
This all bring us to another question which is, why do we see hacking portrayed again and again in these increasingly silly ways? Well . . .
Why Does Hacking Look So Stupid in Movies?
It can be easy to think that Hollywood writers and executives are doofuses who don’t know the first thing about a keyboard, let alone hacking, but that’s not always true and things are changing as the public understands tech more.
For example, the tech-savvy show Mr. Robot actually employs a team to ensure that all of the tech stuff rings true. As for other shows, well, take a look at this video of someone doing a live hacker challenge and see if you can spot where this might not translate into film.
Turns out real hacking looks a lot like staring at a text editor for a long time, testing vulnerabilities, finding a way into the system, and then building yourself a backdoor so you can get back in. Text editors are notoriously nonsexy and nonexciting. You see the problem.
However, one of the biggest reasons that tech looks so silly is, well, everyone is trolling you as shown in this article from Gizmodo.
If you see something too dumb to believe, it’s probably a joke. Or at least a setup; the punchline of which is when you lean over to your date and exasperatedly explain that there’s no way that could happen since no CTO worth his salt would ever let that kind of information be remotely accessible instead of just relegating it to an isolated intranet, and besides that’s not actually what VPNs do.
With all this in mind, let’s dive into the truth behind the Hollywood glitz.
What is Hacking Really?
The word hacking has kind of become a catch-all for cyber attacks and cyber terror in general. Technopedia defines hacking as, “an unauthorized intrusion into a computer or a network.” Hackers may use the system or security features to accomplish a goal that differs from the system’s original purpose.
It specifically includes the following techniques under the umbrella of hacking:
Vulnerability scanning (checking computers on networks for known weaknesses)
Packet sniffing (apps that capture data packets in order to view data and passwords in transit over networks)
Spoofing attack (websites which falsify data by mimicking legitimate sites, and they are therefore treated as trusted sites)
Rootkit (programs which work to subvert control of an OS from legitimate operators)
Keyloggers (tools designed to record every keystroke on the affected machine for later retrieval)
However, there are a number of different ways that people who identify as hackers try to exploit networks and systems for their own gain. A Distributed Denial of Service (DDoS) attacks makes an online service unavailable by overwhelming with traffic with the sole purpose of shutting down a website.
Little known fact, one-handed standing laptop hacking is the most effective method.
And not all hackers are created equal. While the word may conjure up images of a ski-masked man in a hoodie in a darkened room hunched over his laptop, ethical or “white hat,” hackers make up an important part of keeping networks safe.
Black Hat, Gray Hat, & White Hat/Ethical Hacking
Hackers are divided into three groups: White Hat, Grey Hat, and Black Hat. Named for the different colors of hats worn by characters in Westerns, Black, Gray, and White basically boils down to bad, questionable, and good, but the truth is a little more nuanced than that.
White Hack hackers are hired by companies to help identify security bugs in their systems. To catch a hacker you have to think like a hacker. They play an important part in security.
One of the strongest weapons in the fight against cyber criminals has been hackers themselves. Professionals with a deep understanding of how to penetrate the security of an online infrastructure are commonly deployed to find vulnerabilities that those on the other side of the moral hacking spectrum would seek to exploit.
Black Hat Hackers have a clear malicious intent. Whether it’s to extort money, crash a system, or just cause general chaos in a person’s life, they do what they do for personal gain in a way that harms others.
Many career paths that lead to white hat hacking are unconventional. Again, there is controversy in the industry about hiring black hat hackers turned white hat, but, even for those who start firmly on the ethical hacking path, it can be twisted.
In the case of Ben Miller, he got a degree in computer systems and networking . . . right before the dotcom bubble burst. Ouch. After a few rough years, he was hired as a networking administrator for a hospital and focused on strengthening systems while making sure they were HIPPA compliant.
His company offered a Certified Ethical Hacking course. He took it, loved it, and was hired one year later in ethical hacking by his instructor. Now Miller works trying to think like a hacker while stopping them dead in their tracks.
His recommendations for up and coming ethical hackers? Always be listening and reading, communicate with your client, getting certifications can help prove your abilities, and always document what you’re doing.
Want a Career as an Ethical Hacker?
If you’re interested in helping companies protect their data and stopping hackers dead in their tracks, certified ethical hacking might be for you! At LeaderQuest, we offer a 5-day Certified Ethical Hacker (CEH) course to help you get trained, certified, and hired. Through our career services team, and personal job coaching with your very own Employment Development Manager (EDM), you’ll also get help with your resume, interview tips, and access to employers in the industry.
With room for growth and a zero percent unemployment rate in cyber security, it’s clear that a certification like this will make you highly employable for a long time to come. To make training easy for you we offer classes during the day, at night, online, or on campus to fit any learning style or schedule. When it comes time to take the test, we not only cover the cost of one certification attempt per course but also have approved testing facilities on campus.
If you want to join a career fighting for the good guys, don’t wait. Though sadly, this job will not involve two people typing on one keyboard. (Sorry NCIS.) Become an ethical hacker today!
As an aspiring computer hacker, you’ve got some serious skills. You’re talented in ways that most people aren’t with computers, and your know-how in navigating the functionality of a computer’s or the internet’s backend is next to incredible.
Your professional stars are aligned in every way except for one: computer hackers get an incredibly bad rap.
Hackers infiltrate computer systems and make things go awry. They’re also the dudes that steal innocent people’s credit card numbers and make hundreds or thousands of dollars disappear out of peoples’ bank accounts in a matter of hours.
Fortunately, not all is lost.
There are lots of super cool, investigative, ethical jobs for computer hackers, provided they’ve got the experience and training to do things the right way.
Ethical Jobs for Computer Hackers
Large and enterprise-level companies almost always hire their own in-house hackers to take care of their internal security for them.
They desperately need ethical people with the same mindset and know-how of the hackers they’re trying to fight against to do penetration testing, come up with ways to reduce cyber vulnerabilities, update company security procedures to match new threats, and give training to non-tech-savvy employees so they don’t accidentally do something that will put the company’s data at risk.
In fact, with the rise of cyber attacks, companies are so hungry to get their hands on the best talent out there that they’ve even opened up their “hacking” to the public.
For example, Microsoft offers up to $150,000 for people to look for and point out loopholes in their security systems as a “thanks” for helping them make their security stronger and keep their information safer.
Be on the lookout for job titles like these:
Security Penetration Tester
Cyber Security Software Engineer
Cyber Special Agent
If you really want to dream big, the FBI loves to hire ethical hackers at the top of their game to work in the latest wave of international intelligence, crime fighting, and securing the digital versions of our national borders.
Why Ethical Computer Hacking is Such a Worthwhile Career Path
The fact is, you really don’t need proof from Microsoft and the FBI to realize that ethical computer hacking is a worthwhile career path to get into.
According to the Bureau of Labor Statistics, the Information Security Analyst job demand will grow by 37% until 2022, which is far above the national job growth for all types of careers, which is just 11%.
Further, the career path had a 2012 national average salary of $86,170—more than double the national average.
Ethical computer hacking is the perfect storm of job security, high salary, and work you can take pride in.
The IT Training & Certifications You Need to Be a Cyber Security Professional
When you’re getting started as a cyber security professional, you usually can’t just jump in immediately, though getting started and securing the proper qualifications (especially if you’ve already got a couple years of hacking experience) isn’t nearly as hard as it is for most other career paths.
The CEH certification (or Certified Ethical Hacker) is by far the most common IT certification for people who want to get started in their career as an ethical hacker and eventually keep moving up the cyber security ladder. Plenty of flexible training is available online and offline. You can even take the exam without taking a training course, provided you can prove you’ve got two years’ worth of experience in IT security.
The CISSP program is flexible for people that don’t have enough experience and can’t afford the time or money to become full-time students – it can be completed over the span of 10 evenings or 5 eight-hour days. It offers a fully practical job-related approach and is internationally recognized as career-worth IT training because it meets the ISO/IEC Standard 17024.
Turn Your Hacking Interests and Skills into a Lucrative IT Career!