Intense School was bought out/assimilated/etc by InfoSecInstitute some time last year (I don't recall when) and I've taken courses from both of them.
So here goes the long and short of it.Infosec Institute
Rock solid material for those who need to ESCALATE
their knowledge. I highlighted the word escalate because a bootcamp from my perspective is supposed to validate/explain/go_over things you already know. If you expect to take a bootcamp with zero experience, expect to waste your money. You're better off reading, studying and learning on your own BEFORE
taking a bootcamp. Think of a bootcamp as mopping up the mess.
With that said, InfoSec Institute and their trainers are tops in their field. Their current trainers are a who's who of hacking, reverse engineering and penetration testers. Typically when you sign up for say the advanced ethical hacking, you'll receive a box containing about 5 books. 3 of those books will be about 500 pages and will be used to explain ALTERNATIVE
tools to the ones commonly used in which you should be familiar with. For example, nmap. Instead of going through a book on how to use nmap, there will be an explanation on how different systems react to nmap and show you alternatives TO nmap using say hping.
Again, if you aren't already familiar with many tools, protocols and systems, you're wasting your money because you WILL BE lost when it comes to things like assembly, buffer/heap/stack overflows. If you're not comfortable using gdb without looking at a man page, the course will be a waste of time and overkill for you. If you can't explain a three-way handshake, the purpose of using URG for certain systems, what URG is in a packet, why and when to use something like fragroute, you WILL BE
lost. And your money ... WILL BE LOST.
Alongside the books is a login to a website which contains video based training that goes over EACH and EVERY one of the modules in EACH and EVERY one of those books. The videos were recorded during a bootcamp so while they are explanatory, if you have questions you will be hit because there is no one to ask... Figure it out on your own - again if you have ZERO experience it will be a waste of time and money.
The key to getting it right is to do the modules, use the examples and practice at your own pace. The downside is again - I recommend at LEAST a security+ of at LEAST 2-3 years in the industry with moderate knowledge of tools and A LOT of knowledge on protocols and systems.Intense School
Would be a waste of time to explain my dealings with them as they are NOT who they once were. For this I will speak about my trainer who taught CISM bootcamp, Larry Greenblatt who has been running his own thing for a while at Internetwork Defense (http://www.internetworkdefense.com/
Larry Greenblatt is perhaps THEE man when it comes to explaining, teaching and making one understand WHAT needs to be done in order to correctly position themselves to pass the CISSP, Security+ and/or CISM class. He is an excellent instructor who has taken the time to blend in "real life" analogies which make his classes fun and memorable.
He was one of the reasons I had intended on taking another class before Intense School (then known as Vigilar) ended up in a "WTF happened to them" state. Because business is business, I believe Vigilar went under, InfoSec bought the domain from them, etc., or something along those lines.
Anyhow, Larry DOES NOT *really* teach penetration testing but can if he wanted to. I'm supposed to work with him on doing the C|EH training where I would intervene from time to time on the technical side. I'm still trying to work out the logistics, timing, etc. so if you DID take a class through Internetwork Defense, depending on the dates, you'd end up with someone like or better than me discussing what's needed to pass the exam, what to focus on, etc.Side notes for other members reading this
1) I started throwing together a framework for book. It involves "alternative penetration testing"
I won't go too much into detail. Depending on how it comes along, I intend on finding someone @ Elsevier or another publisher to look into it. If I CAN'T get one of them to do anything with it, I will publish chapters online.
2) I may or may not (depending on my schedule) begin to teach classes from time to time it's just a matter of prioritization however, the kind of things I would go over WOULD NOT in theory be based on "take this class to pass this cert!" It would be more of a "take this class to be a ninja... Forget the cert because hopefully after I whip on you, any cert would come naturally." kind of class. My issue/concerns are: a) market for this (it is becoming saturated as is) b) recognizability (hard for me to compete with some of the bigger guns) c) value for the dollar. I KNOW what it is to give away money for something not worthy of it and the last thing I would ever want is say a student feeling as though their money wasn't worth it. Last thing I want is for someone to feel as if something was missing.
3) RWSP - OMFG
Thee CCIE of pentesting coming soon to a theater near you (http://www.peaksec.com/training/real-wo ... urity.html
) I'm trying to get down to TechnoForensics this year so if anyone else is going, let me know, maybe we can "has some brews or two or a dozen"