Thanks Ryan, great work. Looking forward to read about your exam experience.

Submitted this to digg:

http://digg.com/security/Course_Review_Penetration_Testing_with_BackTrack_Part_4

We should have the last part of this series very soon. It will cover not only final thoughts on the course, but then continues on with the exam process. You don't want to miss Ryan's stunning results.

Stay tuned...

Don

I was wondering how does this course of Offensive Security stack up against SANS.org and their courses? I mean PWB is much cheaper, but does it offer the same or more or just different? If you would pit the two against each other who would win?

Ok, let me ask the question slightly different;
What would be better for a beginner?

My opinion only, and note, I have not yet taken both, but this goes from what I've seen in demo's and samples of each, as well as from folks I've spoken with, who HAVE taken both.

(And I agree with what Dark_Knight JUST responded...)

Cost-wise, obviously OSCP it better.  (MUCH cheaper)  Thus, if you're not 'absolutely' certain you want to be a pentester, or want to see just how much you might get into and learn, it'd be a more affordable way to begin.  That way, if you feel over your head and decide against it, you're not out the SANS-type money.  But if you truly want to have opportunity to learn and understand more, SANS might be the better route, especially if you're willing to go to one of the bootcamps, as the ability to interact directly with an instructor, for info you may or may not understand, is very valuable, in and of itself.  BOTH will be technically challenging, and both will introduce you to concepts, methodologies, etc.  As previously noted by Dark_Knight, the legalities, etc, are also nice to gain from the SANS offerings.  

We really cannot tell you which is better for a 'beginner' as it depends on you.  If you're a GREAT self-learner, then a 60-day lab package and OSCP might be good for you, as it gives you a LOT of lab time, and hands-on practice with tools and ideas, while still affording you the ability to email the instructors and irc with other students, etc.  But if you learn better from more 'regular' interaction with instructors, in more of a class setting, then I'd definitely be leaning towards SANS to start with.  (Additionally, if you do opt for a bootcamp, you also have many other folks at the SAME point in the class as you, to openly discuss with and network with during the course.)

Ultimately, to answer your question, I don't think either would 'win', and that each is tailored for it's own learning style and methods.  Personally, if you can afford one or the other, in my opinion, I'd do both (the extra for OSCP isn't THAT much above the SANS, anyway...)  Then you'll get it all.

My 2 cents, anyway...

As it relates to the OSCP you definitely want to brush up on your Assembly fu. Get familiar with tools like Ollydbg. Also brush up on your on scripting fu(Perl,Python).

Sounds like you have a good head on your shoulders, and are understanding the points we've given you.  Even the general BASH knowledge will help you, greatly, with the ability to script connections using netcat, ssh and other tools, gather data, and to make quick work of things. 

In the NetWars cyber challenge, going on again, right now, one of the first lessons I taught another participant was how to BASH script some of his tasks, as, if you connected through their SSH tunnel, and were not quick enough at coming up with (or typing in) what you wanted to do next, some of the other players would snipe your connection, promptly, and you'd be fighting, just to stay connected, let alone to connect long enough to score points or even learn.  With the BASH scripts, if you had everything chained together properly, you could accomplish your network reconnaissance and some attacks quickly and painlessly, before they could catch you and snipe you.  This translates into real world pentesting, too, as if you are a capable scripter, you can pull many of these tasks off, quickly, clear logs and erase your tracks, and be out before many of your clients even knew you were in.  (So yes, BASH is a good one to know!)