2025-12-21 21:51:15 Ash

CEH v13 - part 1

Let's gooo!

I have begun the Certified Ethical Hacker online course from EC Council, and I'm super excited! Somewhere my 14 year old self, is freaking out at a LAN party in the living room of my childhood home.

So far I've completed modules 1 to 5, which mainly is about footprinting, reconnessaince and vulnerability scanning.

As mentioned in a previous post, I've been working as a software developer, mainly with PHP, for almost two decades. While I'm familiar with basic networking, firewalls, DNS and so on, there have still been a lot to take in regarding services, ports and servers.

And then there is a ton of tools to get familiar with, like nmap and Metasploit just to mention a few. But fortunately the tutor and the labs help a lot, and just knowing which tools can be used for a task is a big step forward and helps a lot, even though I have a lot to learn still.

AI driven

Those who know me, also know that I'm quite sceptical about using AI for writing code and doing your work, might actually write a post about that too, but the course focuses a lot on how AI can help in regards to ethical hacking.

And while I can see some advantages in using AI for running a network scan with nmap and saving the result to a file, that nikto then can use to scan the servers/services for vulnerabilities, there is also some disadvantages.

Like giving the AI the exact same instructions three times in a row, doesn't nessecarily give you the same command to run, and therefore you might not get the result you were hoping for. And since this is a Certfied Ethical Hacker course, I'm also fully aware, that I can't rely on AI, since I need to learn theory and tools, to actually be able to get certified.

Thoughts so far

The next module I've started is a big one called System hacking, and boy that escalated quickly, can't wait to get into the labs to see if something like buffer overwrite makes sense.

But I'm optimistic, and thats not something you will here me say a lot.

I'm looking forward to the modules about web applications, SQL injection and especially social engineering.

I will keep you, or just myself, posted about the progress.

// Ash

Copyright 2026 - Ash @ Tomrummet