Intense School was bought out/assimilated/etc by InfoSecInstitute some time last year (I don't recall when) and I've taken courses from both of them.

So here goes the long and short of it.

Infosec Institute
Rock solid material for those who need to ESCALATE their knowledge. I highlighted the word escalate because a bootcamp from my perspective is supposed to validate/explain/go_over things you already know. If you expect to take a bootcamp with zero experience, expect to waste your money. You're better off reading, studying and learning on your own BEFORE taking a bootcamp. Think of a bootcamp as mopping up the mess.

With that said, InfoSec Institute and their trainers are tops in their field. Their current trainers are a who's who of hacking, reverse engineering and penetration testers. Typically when you sign up for say the advanced ethical hacking, you'll receive a box containing about 5 books. 3 of those books will be about 500 pages and will be used to explain ALTERNATIVE tools to the ones commonly used in which you should be familiar with. For example, nmap. Instead of going through a book on how to use nmap, there will be an explanation on how different systems react to nmap and show you alternatives TO nmap using say hping.

Again, if you aren't already familiar with many tools, protocols and systems, you're wasting your money because you WILL BE lost when it comes to things like assembly, buffer/heap/stack overflows. If you're not comfortable using gdb without looking at a man page, the course will be a waste of time and overkill for you. If you can't explain a three-way handshake, the purpose of using URG for certain systems, what URG is in a packet, why and when to use something like fragroute, you WILL BE lost. And your money ... WILL BE LOST.

Alongside the books is a login to a website which contains video based training that goes over EACH and EVERY one of the modules in EACH and EVERY one of those books. The videos were recorded during a bootcamp so while they are explanatory, if you have questions you will be hit because there is no one to ask... Figure it out on your own - again if you have ZERO experience it will be a waste of time and money.

The key to getting it right is to do the modules, use the examples and practice at your own pace. The downside is again - I recommend at LEAST a security+ of at LEAST 2-3 years in the industry with moderate knowledge of tools and A LOT of knowledge on protocols and systems.

Intense School
Would be a waste of time to explain my dealings with them as they are NOT who they once were. For this I will speak about my trainer who taught CISM bootcamp, Larry Greenblatt who has been running his own thing for a while at Internetwork Defense (http://www.internetworkdefense.com/).

Larry Greenblatt is perhaps THEE man when it comes to explaining, teaching and making one understand WHAT needs to be done in order to correctly position themselves to pass the CISSP, Security+ and/or CISM class. He is an excellent instructor who has taken the time to blend in "real life" analogies which make his classes fun and memorable.

He was one of the reasons I had intended on taking another class before Intense School (then known as Vigilar) ended up in a "WTF happened to them" state. Because business is business, I believe Vigilar went under, InfoSec bought the domain from them, etc., or something along those lines.

Anyhow, Larry DOES NOT *really* teach penetration testing but can if he wanted to. I'm supposed to work with him on doing the C|EH training where I would intervene from time to time on the technical side. I'm still trying to work out the logistics, timing, etc. so if you DID take a class through Internetwork Defense, depending on the dates, you'd end up with someone like or better than me discussing what's needed to pass the exam, what to focus on, etc.

Side notes for other members reading this
1) I started throwing together a framework for book. It involves "alternative penetration testing" I won't go too much into detail. Depending on how it comes along, I intend on finding someone @ Elsevier or another publisher to look into it. If I CAN'T get one of them to do anything with it, I will publish chapters online.

2) I may or may not (depending on my schedule) begin to teach classes from time to time it's just a matter of prioritization however, the kind of things I would go over WOULD NOT in theory be based on "take this class to pass this cert!" It would be more of a "take this class to be a ninja... Forget the cert because hopefully after I whip on you, any cert would come naturally." kind of class. My issue/concerns are: a) market for this (it is becoming saturated as is) b) recognizability (hard for me to compete with some of the bigger guns) c) value for the dollar. I KNOW what it is to give away money for something not worthy of it and the last thing I would ever want is say a student feeling as though their money wasn't worth it. Last thing I want is for someone to feel as if something was missing.

3) RWSP - OMFG Thee CCIE of pentesting coming soon to a theater near you (http://www.peaksec.com/training/real-world-security.html) I'm trying to get down to TechnoForensics this year so if anyone else is going, let me know, maybe we can "has some brews or two or a dozen"

Depends on what lab exam you get. I had to compromise two machines at the end of the CPT exam with one of them being locked down with Bastille. I had to create my own exploit, escalate from their as there were ZERO local exploits available against my target. With the OSCP exam, your taught a broad based curriculum: metasploit, web exploitation, intro into overflows... The OSCP was fun for me and not to take anything away from the class, content, etc., but most of the things on the OSCP was simple for me.

CPT and CEPT focus more on understanding EXPLOITATION of the host your on no matter what the circumstances. You HAVE to understand file systems, escalation and buffer/heap/stack overflows more. Remember, the exam was created/co-authored by Jack Koziol, author of "The Shellcoders Handbook" so there was a lot more I learned at the end of the day from the CPT/CEPT. CPT gets more in depth with reversing programs to overcome them whereas OSCP seemed to me to be: "We've left exploitable services running, come find them." CPT was a pain in the sense that I had to literally create my exploits from scratch.

Not to give away the gist of the CPT, there were two machines to compromise, with OSCP maybe over 10 I don't remember. The two machines on the CPT were more challenging because you weren't necessarily introduced to tools, you were introduced to how exploits affect a target... Now go make your own tool. Trust me when I say this, I have an arsenal of local and remote exploits. NOTHING worked against CPT targets. Whereas on the OSCP exam, it was simple for me to cd /penetration/msf3/milw0rm and find things already there. Doesn't take rocket science to search for exploits. It does take a little bit more to write your own, test it, dabble with variables (EIP, ECX, etc.) then retry until you get it right.

As for the equivalent to the CPT/CEPT, I would think the OCSE but I haven't aimed for that yet. At the end of the year, it may end up being the RWSP (Real World Security Professional). In the RWSP you're thrown into a team on both sides of the fence (offense and defense). I hope to take it in October, so we'll see. Nothing beats testing both the offense and defense, so theoretically, it would be the first of its kind - also because it is peer reviewed. You WON'T just skate through it reading, downloading programs... Think of a live CTF on both sides to pass 2/3rds of the exam followed by a written which is then peer reviewed in order to pass. Sounds like CCIE of pentesting/defense if you ask me.

Infosec Institute = Intense School ... They're one in the same now HOWEVER, many of the former trainers of Intense School are NOT teaching the courses for Infosec Institute. So think about that. I've already stated Infosec has some great trainers for their current courses, what they did with the stuff they acquired Intense, I have no idea.

Forget about "losing money" for a moment and look at it as an investment in your life. You WILL learn if you apply it, your tolerance and capacity to learn are something only you can answer. Unless you go to Infosec's classes IN PERSON, you won't be able to ask any questions. The online courses are pre-recorded and at BEST, you can keep rewinding the videos until you get it. A better approach to having questions answered is to join a particular forum which focuses on what you're learning. Or... IRC.

sil, please keep us informed as to what comes of this.  It would be great opportunity to read your book or take a class lead by you.

Sil, as mallaigh sais please keep us informed of any progress/outcome i regards to your book or training...

Don, maybe you could work your magic for a chance to win a seat in one of the courses?

Hey T_Bone,

Great minds think alike. I'm already putting the finishing touches on an agreement that will bring an InfoSec Institute Course to a lucky EH-Netter.

Don

Hey Sil,

As you mentioned below, people has been asking Larry to do CEH for a while.  2011 will be all about CEH for Larry Greenblatt.  He is team-up with Secure Ninja training company to deliver his EC-Council CEH course with his own Cyber Kung Fu twist since CEH is now part of the 8570 for CND.

His CEH class  named "Cyber Sparring" is unique and very different from any other CEH course out there and he welcome your input.  His next Cyber Sparring /CEH class will be on Jan 24 -28, 2011 at Alexandria, Va. You got his number if you want to audit the class.

Best,