How should one prepare for CEH (Certified Ethical Hacking) at home?

To directly answer your question:

When you sign up for a course they will provide materials - I got full transcripts of the course, plus access to some online resources, all included. The quality will depend on the organisation. If you have none, and have paid for the exam, it’s going to be tougher.

Look at the tools they use and practice with them again and again. NMAP is a good example, as is Wireshark. Learn that shit at home by setting up systems and scanning them as practice. NMAP actually lets you scan its servers, so do that immediately - go to their site and go deep on it. It’s a great tool.

There are some good tools online for practice tests (skillset.com for e.g.). Take the tests again and again. The pro version costs (99 per month I think) but the free version is OK as a basic guide.

I would become familiar with at least basic TCP/UDP networking, tools like NMAP and NSLOOKUP

Familiarise yourself with crypto/authentication (key exchanges, certificates etc.)

Learn some Linux - get Ubuntu or Mint and command line the shit out of it so you know how to grep, cat and ls and other navigation/search/interaction commands.

There are a million things you can research - do some Google searching! If you want to be a security pro you should at least be able to find some documents about CEH training :)

CEH vs technical hacking

I disagree with a few of the answers. I think CEH is useful and there is a big distinction to make here:

1. Being a professional pen-tester and learning business support & process
2. Being a cool hacker and learning how to break into shit

Qualifications like CEH will not teach you a lot of technical stuff. Some of the questions reinforce knowledge of tools like NMAP, but most of the CEH is process driven and this is really, really important. It is theory more than practice.

If you are a pro pen-tester you can’t just wander in to a company and start fucking with their systems - you need contracts, SLAs and agreements, you need to define scope, you need to audit their security documents, you need to draw up new security policies and then present them to CEOs for approval. Much more. So much more.

You have to learn this and be able to present it in meetings, to people who don’t care and are often a few 00s above your pay grade. Hacking skill has very little to do with this.

ITIL is a good comparison. It taught me nothing technical, but I did learn about liabilities, contracts and SLAs etc. and lots of employers still ask for it. It did teach me how to present IT to the rest of the business, how to arrange support models and SLAs, and basically everything about the process of IT without the technicals.

Employers look for this. They want people who know procedure and technicals.

Let me be clear - I hate the term ethical hacker. There is no such thing. However the CEH course (much like ITIL) will teach you about how your IT must function within a business, and lots of employers like that.