<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>CEHNotes on Virtue Of Vague</title><link>https://virtueofvague.com/tags/CEHNotes/</link><description>Recent content in CEHNotes on Virtue Of Vague</description><generator>Hugo -- gohugo.io</generator><language>en</language><managingEditor>prakashpayyanagoudar@gmail.com (Virtue of Vague)</managingEditor><webMaster>prakashpayyanagoudar@gmail.com (Virtue of Vague)</webMaster><copyright>© 2026 Virtue of Vague</copyright><lastBuildDate>Wed, 11 Mar 2026 12:25:00 +0530</lastBuildDate><atom:link href="https://virtueofvague.com/tags/CEHNotes/index.xml" rel="self" type="application/rss+xml"/><item><title>6 hours, 20 challenges, one SOC analyst</title><link>https://virtueofvague.com/posts/ceh-series-7/</link><pubDate>Wed, 11 Mar 2026 12:25:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-7/</guid><description> CEH Notes · post 7 of 8 series index → an honest debrief after the exam
The exam ended, and I just sat there.
Six hours. Twenty challenges. A closed room with Bangalore traffic still filtering through the window. My eyes were dry. My brain felt like it had been wrung out. But I wasn’t panicked. I wasn’t celebrating. I was just… empty, in a calm way.
I scored 16/20.
Not perfect. Not a failure. A score that felt, honestly, about right for someone who came in as a defender and learned to think like an attacker for six hours.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-7/featured.png"/></item><item><title>hiding in plain sight — stego and crypto</title><link>https://virtueofvague.com/posts/ceh-series-6/</link><pubDate>Mon, 02 Mar 2026 15:10:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-6/</guid><description> CEH Notes · post 6 of 8 series index → steghide, veracrypt, and the flags that don’t look like flags
If you’d asked me before the exam which module I was least excited about, I’d have said stego and crypto. Not because it’s useless. Because it felt… niche. Like a puzzle box inside a hacking exam.
Then the exam gave me an image. Just a normal JPEG. No obvious connection to anything. And I had to figure out what was inside.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-6/featured.png"/></item><item><title>web attacks: SQLi, XSS, and why they still work</title><link>https://virtueofvague.com/posts/ceh-series-5/</link><pubDate>Sat, 21 Feb 2026 09:40:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-5/</guid><description> CEH Notes · post 5 of 8 series index → sqlmap, burp, and the simple injection I nearly missed
If you’ve done any CTF or lab, you know web attacks are the bread and butter. CEH Practical is no different. Web applications show up repeatedly—login forms, search boxes, file uploads, admin panels. It’s the easiest place to lose time, and the easiest place to find a flag hiding in plain sight.
I learned that the hard way. Let me tell you about a login form that nearly wasted 20 minutes of my life.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-5/featured.png"/></item><item><title>what exploitation actually looks like</title><link>https://virtueofvague.com/posts/ceh-series-4/</link><pubDate>Thu, 12 Feb 2026 13:50:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-4/</guid><description> CEH Notes · post 4 of 8 series index → metasploit, shells, and the alarms you hope are set off
If recon is knocking on doors and scanning is testing the handle, exploitation is picking the lock. Or just walking through an open window someone forgot about.
In CEH Practical, exploitation is not about writing your own zero-days. It’s about recognising known vulnerabilities, selecting the right public exploit, and executing it cleanly under time pressure. For a SOC analyst, this is where theory meets the logs you’ve been staring at for years. You finally get to be the person generating those “CRITICAL” alerts, not just triaging them.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-4/featured.png"/></item><item><title>hashcat, hydra, and the art of credential attacks</title><link>https://virtueofvague.com/posts/ceh-series-3/</link><pubDate>Tue, 03 Feb 2026 10:20:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-3/</guid><description> CEH Notes · post 3 of 8 series index → brute force, hash cracking, and the login storms your SOC can’t ignore
Up to this point, we’ve been knocking on doors. Recon told us which doors exist. Scanning told us what’s behind them. Now we actually try the handle. Sometimes it’s locked. Sometimes someone left it open with a sticky note that says “password123.”
Credential attacks are where the exam—and real attacks—get loud. For a SOC analyst, this is often the first unambiguous “this is not normal” moment. For the attacker, it’s where you stop being a ghost.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-3/featured.png"/></item><item><title>scanning: the noise before the storm</title><link>https://virtueofvague.com/posts/ceh-series-2/</link><pubDate>Mon, 26 Jan 2026 16:45:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-2/</guid><description> CEH Notes · post 2 of 8 series index → enumeration, banners, and why your SOC is already blinking before the attack
After recon, you’ve got a list of open ports. 22, 80, 445, 3306, maybe 21. The exam screen sits there and your brain wants to start hacking immediately. But you can’t. Not yet. You have to know what you’re breaking into. Otherwise you’re just throwing exploits at the wall.
This is scanning—the phase between “what’s there” and “how do I get in.” For a SOC analyst, it’s also the phase where the noise starts.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-2/featured.png"/></item><item><title>recon looks different from both sides of the wire</title><link>https://virtueofvague.com/posts/ceh-series-1/</link><pubDate>Sat, 17 Jan 2026 11:05:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-1/</guid><description> CEH Notes · post 1 of 8 series index → nmap, OSINT, and the art of being loud without realising it
You sit down at the exam terminal. First task. You have an IP address and a domain name. The clock is ticking. Your brain is asking: what do I run first?
I froze there for a good two minutes. Not panicking — just caught between too many options. Nmap? Gobuster? theHarvester? Google dorking? Trial-and-error mode kicked in. And that’s exactly what I want to write about: why recon is both the easiest phase and the one that reveals your mindset. Especially if you’re a SOC analyst pretending to be an attacker.</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-1/featured.png"/></item><item><title>SOC eyes, attacker hands: why a defender signs up for CEH</title><link>https://virtueofvague.com/posts/ceh-series-0/</link><pubDate>Fri, 09 Jan 2026 14:30:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-series-0/</guid><description> CEH Notes · post 0 of 8 series index → or: what I was thinking in a closed room in Bangalore, 6 hours of hacking ahead of me
I’ve never sat a 6-hour exam before.
College exams were three hours, pen and paper, you walk out. But 6 hours on a terminal, proctored, with 20 practical challenges waiting? That’s not an exam. That’s a small battle.
The room was closed. Bangalore traffic bled through the window anyway—horns, autos, a dog somewhere. And I sat there, staring at the login screen, repeating one thing:</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-series-0/featured.png"/></item><item><title>two sides of the wire — notes from CEH Practical</title><link>https://virtueofvague.com/posts/ceh-notes/</link><pubDate>Mon, 05 Jan 2026 09:15:00 +0530</pubDate><author>prakashpayyanagoudar@gmail.com (Virtue of Vague)</author><guid>https://virtueofvague.com/posts/ceh-notes/</guid><description>a series for defenders learning to think like attackers.
eight posts. every one pairs an attacker technique with what it actually generates — or doesn’t — on the SOC side. written after sitting the CEH Practical exam: 6 hours, 20 challenges, one closed room in Bangalore.
EVERY TECHNIQUE, BOTH SIDES OF THE WIRE ATTACKER TERMINAL recon, scanning, credential attacks, exploitation, web attacks, stego and crypto SOC SIGNAL what it actually generates — or doesn't — in the logs, the SIEM, and the alerts a defender actually sees 6 hours, 20 challenges, one closed room — written to bring the signal back with me. # post 0 SOC eyes, attacker hands: why a defender signs up for CEH 1 recon looks different from both sides of the wire 2 scanning: the noise before the storm 3 hashcat, hydra, and the art of credential attacks 4 what exploitation actually looks like 5 web attacks: SQLi, XSS, and why they still work 6 hiding in plain sight — stego and crypto 7 6 hours, 20 challenges, one SOC analyst</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://virtueofvague.com/posts/ceh-notes/featured.png"/></item></channel></rss>