EH-Net

Curious to see if anyone out there has helped create or implement a security course or curriculum at a college or university. Wondering how certain things are handled w/ licensing, such as using Metasploit for a course when it is now owned by Rapid7. Assuming Metasploit framework still ok, but I'm not aware of how university would handle licensing obligations.

As far as teaching 'Metasploit' in universities is concerned, there is an article on Rapid7's blog

https://community.rapid7.com/community/metasploit/blog/2011/11/04/teaching-metasploit-in-higher-education

Now that is what I call a precise answer. Basically exactly what I'm looking for.. Big props to hurtl0cker!

@ l33t5h@rk - that's my pleasure to help u  :)

and I am just curious to know what exactly are u planning to do, I mean are you setting up some kind of lab to teach some students?
I have been trying for quite some time now to make my university setup a formal lab for security students but it's all gonna take lot's of time and talks with management. So a bunch of students gathered together and started building our own lab for practicing, it's still under progress
.
For now we are planning to use:
3 desktops running various OS's on Virtual box (XP, Vista, De-Ice, Metasploitable)
Some Alfa cards, Linksys router and AP for wireless penetration testing.
Webgoat, Ultimate LAMP for some Web App's stuff.

Following resources came handy for setting up our lab:
Professional Penetration Testing: Creating and Operating a Formal Hacking Lab by Thomas Wilhelm
http://www.metasploit.com/help/test-lab.jsp

You could start by email the guys over at OSCP, they teach it.  So you must be able to use it for education purposes.

Right, so I occasionally teach courses at local schools and am looking to assist in developing a new course (or courses) focusing on security, including one in penetration testing. This Patrick Engebretson book http://www.amazon.com/Basics-Hacking-Penetration-Testing-Syngress/dp/1597496553/ref=sr_1_1?ie=UTF8&qid=1323601871&sr=8-1 (http://www.amazon.com/Basics-Hacking-Penetration-Testing-Syngress/dp/1597496553/ref=sr_1_1?ie=UTF8&qid=1323601871&sr=8-1) is basically a perfect foundation for say Pen Testing 101 for example, and I know at DSU.edu he offers some courses so basically what I'd be looking to do is model the course after this outline as well as a handful of other topics. They have an MSDN license and higher ed gets a massive discount on sw so I'm assuming setting up the lab won't be an issue, and most would just be VMs anyway. I guess my q w/ Metasploit was since the R7 purchase how that would affect it's free use but the ms framework is still free so that is all I'd need anyway.

Its free, but are you going to be charging for the class?  If so you might want to check with them because you are making a prophet off of it so is could come back to bit you.

While we are in the arena, can anyone suggest a good university? I obviously would be looking for a CompSci/InfoSec degree, I never took the SAT/ACT and I would like to get some programming classes, but if I do, I need a good introduction, as well, im going to need to crawl slowly through that. Anyway, i'd also prefer an online program, as I can't move ATM.

Understood. I believe it's still just in the design phase and at universities (and really everywhere that isn't a small company) everything moves at a glacial pace so we'll see what happens.

As for suggestions on programs, I stumbled upon the Engrebretson book and did some research and the programs at Dakota State look pretty promising. Very much security focused as well as online. I'm sure there are also thousands of others but perhaps making connections with the guys writing the books would be a good way to start. Tuition seemed reasonable as well.

As for Info Sec degrees if I had the money I would attend:
http://isis.poly.edu/ (http://isis.poly.edu/)
http://www.poly.edu/admissions/financial/costs (http://www.poly.edu/admissions/financial/costs)

As you can see its about $1250 a Credit hour almost 4k for a class, but if the class are like this one below:

One of the instructors Dino Dai Zovi and his 45 minute class:
http://vimeo.com/5146345 (http://vimeo.com/5146345)

As well as about 48 or so other videos that he has post about his class.

If might be worth it, just looks like they go so in depth on their subject matter making other Graduate programs look well crap.

I also found this:
http://pentest.cryptocity.net/ (http://pentest.cryptocity.net/)

Which seems to have quite of bit of education materiel for free on subjects like:

Intro to Pentesting
Operational Review and Code Audits
Reverse engineering
Exploitation
Web Hacking
Network Pentests

@l33t5h@rk I'm not sure weda this has anything to with your question , but FYI http://www.securitytube.net/smfe , check it out