Hello.

In my country there is no courses in PenTesting. We only have CEH and CIS.

If anyone knows about PenTest certification courses which will take place in August/September in any country in central Europe, I will be glad if he could publish more informations.

I forgot to mention that I'm interested for "live" course with tutor in the room. I'm looking for course which will take place in Austria/Germany/Italy.

If I took a course from offensive-security online, I would take "PWN". This one also looks good: http://www.ssr-i.com/courses/certified_penetration_testing_consultant.html

It looks like PWB-online from offensive security is the best option. I agree, courses in our area are overpriced. I would like to take one of available courses which could show me, how to made depth pentest on network with 20-30 hosts with fail/smtp server from start to end.

While I'm not in your area, so I can't speak for what might be available 'locally' there, I'd have to agree with awesec.

PWB is definitely what you want, I think, based on your 'requirements' / requests from your earlier posts.  It will challenge you, significantly, but will certainly get you used to scenarios where you're put in the middle of a 30-40 host network, and are challenged to enumerate hosts, identify vulnerabilities and security risks, exploit and document those risks, and report on it all at the end, as well as making recommendations for security risk remediations, based upon what you've found.  It's an excellent course.  As awesec said, it's NOT 'spoon fed' and will require a lot of lab time and research hours of your own, but you do have access to instructors and others on IRC, forums, etc, if you're hitting a stumbling block, and need to refocus, or get some advice, etc.

PWB also allows you the benefit of self-paced learning, so long as you keep the purchased amount of lab time in mind and don't run out of time, so it works out well, if you need to do your everyday job while learning.  This was nice, for me, as not only could I balance the two, but it wasn't handed to me, bootcamp-style, where you're only in the information for 3-5 days, take an exam, and are then turned loose on the world.  This method allows you to stay in the material for a longer time, and thus, 'stamps' it a bit more into your brain, and pushes you to retain the knowledge, not just to do a week-long, 'photographic memory' deal, pass a test, then forget what you've learned.  So I personally, found a lot of value in it.  But I'd say, if you really feel the need to be sitting directly with an instructor, and don't do well with even partial self-study, this method may or may not work well, for you.  I'd think about your learning style very carefully, and decide, based on your needs and abilities.

Second to PWB, at least in afforability, I'd look into the course by elearnSecurity.  While not the same, in terms of attacking a medium-sized subnet, with various hosts, it is a good learning reference, and from what I've seen so far (I'm currently a student,) it does a great job with the web server / services side of things, and compliments PWB nicely.  Additionally, I had to compliment Armando and his team at eLearn, on their presentation of 'buffer overflows.'  While it's a topic I'm, personally, already very familiar with, I must say, for those who aren't so familiar, Armando and his folks really put together a GREAT batch of lessons on it, and I applauded the way they put that portion of their material together, as a newcomer will likely follow it very easily.

Then, as awesec noted, you have SANS vLive and EC-Council iClass courses, so you DO have some excellent options, WITH instructors, even though said instructors aren't sitting directly in a room with you.  I can tell you, SANS 560 (and even some of the ones EH-net is giving away this month) is another one I'm planning on adding to my list, as time and budget permit.

HTH.

To my knowledge, you can use whatever you'd like.  They did (although I don't have a list handy) add some goodies and such to the PWB version, but I don't recall having to use anything that wasn't already included in the production release.