.

Infosec Intitute & Intense School

<<

Bl4ck_D4wn

Newbie
Newbie

Posts: 4

Joined: Fri Sep 10, 2010 2:20 pm

Post Fri Sep 10, 2010 3:09 pm

Infosec Intitute & Intense School

Hi

In new in this stuff and i wanna get certificate  for mi carrear;
has some one made the Online Penetration testing course? of the
Infosec Institute
http://www.infosecinstitute.com/courses ... nline.html
or Intense School
http://www.intenseschool.com/online_tra ... ing_online

What do you think About the Online Courses ?

How deep they go in the material?
(because they cover a lot of think in 60 days!)

They give some type of support?

How are the Labs?

The material covered it´s good enough  for pass  the CEH , CTP , CEPT? or do you need somethinking else  to pass this exams?

And what do you think About the Reverse Engineering Online Course?  

...
I´m asking this because.. i wanna do some course that qualifies or give you the necesary Knowledge for pass o couple of  Oficial exams related for the topic of pentesting and also y wanna learn Reverse Engineering.

Thanks ...
Last edited by Bl4ck_D4wn on Fri Sep 10, 2010 7:46 pm, edited 1 time in total.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sat Sep 11, 2010 12:18 pm

Re: Infosec Intitute & Intense School

Intense School was bought out/assimilated/etc by InfoSecInstitute some time last year (I don't recall when) and I've taken courses from both of them.

So here goes the long and short of it.

Infosec Institute
Rock solid material for those who need to ESCALATE their knowledge. I highlighted the word escalate because a bootcamp from my perspective is supposed to validate/explain/go_over things you already know. If you expect to take a bootcamp with zero experience, expect to waste your money. You're better off reading, studying and learning on your own BEFORE taking a bootcamp. Think of a bootcamp as mopping up the mess.

With that said, InfoSec Institute and their trainers are tops in their field. Their current trainers are a who's who of hacking, reverse engineering and penetration testers. Typically when you sign up for say the advanced ethical hacking, you'll receive a box containing about 5 books. 3 of those books will be about 500 pages and will be used to explain ALTERNATIVE tools to the ones commonly used in which you should be familiar with. For example, nmap. Instead of going through a book on how to use nmap, there will be an explanation on how different systems react to nmap and show you alternatives TO nmap using say hping.

Again, if you aren't already familiar with many tools, protocols and systems, you're wasting your money because you WILL BE lost when it comes to things like assembly, buffer/heap/stack overflows. If you're not comfortable using gdb without looking at a man page, the course will be a waste of time and overkill for you. If you can't explain a three-way handshake, the purpose of using URG for certain systems, what URG is in a packet, why and when to use something like fragroute, you WILL BE lost. And your money ... WILL BE LOST.

Alongside the books is a login to a website which contains video based training that goes over EACH and EVERY one of the modules in EACH and EVERY one of those books. The videos were recorded during a bootcamp so while they are explanatory, if you have questions you will be hit because there is no one to ask... Figure it out on your own - again if you have ZERO experience it will be a waste of time and money.

The key to getting it right is to do the modules, use the examples and practice at your own pace. The downside is again - I recommend at LEAST a security+ of at LEAST 2-3 years in the industry with moderate knowledge of tools and A LOT of knowledge on protocols and systems.

Intense School
Would be a waste of time to explain my dealings with them as they are NOT who they once were. For this I will speak about my trainer who taught CISM bootcamp, Larry Greenblatt who has been running his own thing for a while at Internetwork Defense (http://www.internetworkdefense.com/).

Larry Greenblatt is perhaps THEE man when it comes to explaining, teaching and making one understand WHAT needs to be done in order to correctly position themselves to pass the CISSP, Security+ and/or CISM class. He is an excellent instructor who has taken the time to blend in "real life" analogies which make his classes fun and memorable.

He was one of the reasons I had intended on taking another class before Intense School (then known as Vigilar) ended up in a "WTF happened to them" state. Because business is business, I believe Vigilar went under, InfoSec bought the domain from them, etc., or something along those lines.

Anyhow, Larry DOES NOT *really* teach penetration testing but can if he wanted to. I'm supposed to work with him on doing the C|EH training where I would intervene from time to time on the technical side. I'm still trying to work out the logistics, timing, etc. so if you DID take a class through Internetwork Defense, depending on the dates, you'd end up with someone like or better than me discussing what's needed to pass the exam, what to focus on, etc.

Side notes for other members reading this
1) I started throwing together a framework for book. It involves "alternative penetration testing" ;) I won't go too much into detail. Depending on how it comes along, I intend on finding someone @ Elsevier or another publisher to look into it. If I CAN'T get one of them to do anything with it, I will publish chapters online.

2) I may or may not (depending on my schedule) begin to teach classes from time to time it's just a matter of prioritization however, the kind of things I would go over WOULD NOT in theory be based on "take this class to pass this cert!" It would be more of a "take this class to be a ninja... Forget the cert because hopefully after I whip on you, any cert would come naturally." kind of class. My issue/concerns are: a) market for this (it is becoming saturated as is) b) recognizability (hard for me to compete with some of the bigger guns) c) value for the dollar. I KNOW what it is to give away money for something not worthy of it and the last thing I would ever want is say a student feeling as though their money wasn't worth it. Last thing I want is for someone to feel as if something was missing.

3) RWSP - OMFG ;) Thee CCIE of pentesting coming soon to a theater near you (http://www.peaksec.com/training/real-wo ... urity.html) I'm trying to get down to TechnoForensics this year so if anyone else is going, let me know, maybe we can "has some brews or two or a dozen"
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sat Sep 11, 2010 12:52 pm

Re: Infosec Intitute & Intense School

Sil,
How does the Advanced Hacking class from Infosec stack up against the OSCP?

Or better yet what would be an equivalent course?
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sat Sep 11, 2010 6:05 pm

Re: Infosec Intitute & Intense School

Dark_Knight wrote:Sil,
How does the Advanced Hacking class from Infosec stack up against the OSCP?

Or better yet what would be an equivalent course?


Depends on what lab exam you get. I had to compromise two machines at the end of the CPT exam with one of them being locked down with Bastille. I had to create my own exploit, escalate from their as there were ZERO local exploits available against my target. With the OSCP exam, your taught a broad based curriculum: metasploit, web exploitation, intro into overflows... The OSCP was fun for me and not to take anything away from the class, content, etc., but most of the things on the OSCP was simple for me.

CPT and CEPT focus more on understanding EXPLOITATION of the host your on no matter what the circumstances. You HAVE to understand file systems, escalation and buffer/heap/stack overflows more. Remember, the exam was created/co-authored by Jack Koziol, author of "The Shellcoders Handbook" so there was a lot more I learned at the end of the day from the CPT/CEPT. CPT gets more in depth with reversing programs to overcome them whereas OSCP seemed to me to be: "We've left exploitable services running, come find them." CPT was a pain in the sense that I had to literally create my exploits from scratch.

Not to give away the gist of the CPT, there were two machines to compromise, with OSCP maybe over 10 I don't remember. The two machines on the CPT were more challenging because you weren't necessarily introduced to tools, you were introduced to how exploits affect a target... Now go make your own tool. Trust me when I say this, I have an arsenal of local and remote exploits. NOTHING worked against CPT targets. Whereas on the OSCP exam, it was simple for me to cd /penetration/msf3/milw0rm and find things already there. Doesn't take rocket science to search for exploits. It does take a little bit more to write your own, test it, dabble with variables (EIP, ECX, etc.) then retry until you get it right.

As for the equivalent to the CPT/CEPT, I would think the OCSE but I haven't aimed for that yet. At the end of the year, it may end up being the RWSP (Real World Security Professional). In the RWSP you're thrown into a team on both sides of the fence (offense and defense). I hope to take it in October, so we'll see. Nothing beats testing both the offense and defense, so theoretically, it would be the first of its kind - also because it is peer reviewed. You WON'T just skate through it reading, downloading programs... Think of a live CTF on both sides to pass 2/3rds of the exam followed by a written which is then peer reviewed in order to pass. Sounds like CCIE of pentesting/defense if you ask me.
<<

Bl4ck_D4wn

Newbie
Newbie

Posts: 4

Joined: Fri Sep 10, 2010 2:20 pm

Post Sat Sep 11, 2010 8:47 pm

Re: Infosec Intitute & Intense School

thanks @sll
Thanks a lot.. :)
i realy did the OSCP course , so is not a realy beginner level, (in like 2 month and  i have the exam so im reading a lot )but i wanna learn all this cool stuff (to said in some way) and infosec institute has a lot of modules and intense school has also alot of modules .. but im interested in how deep the go in to every module! , and how much i can learn!

Of course i dont know any thinking about..
...I had to create my own exploit, escalate from their as there were ZERO local exploits available against my target...And i had to make my onw tool....You HAVE to understand file systems, escalation and buffer/heap/stack overflows more.


Thats what i wanna learn !(make my own exploits, and learn assembly, shellcode, undertant file systems..)
"take this class to be a ninja...


Im also learning python, and i have some knowledge in Java..
but the problem is that make the courses online has some problems because if you dont understand some thinking you have to "TRY HARDER"(the answer of the offsec guys) ! and it´s Ok .. but some times you need help to learn!(when you are alone)

im realy not much interested  in the certification(but its important to get the certifications for get a good job), i´m interested in learn HOW TO DO!, and understand all this thinks in deep..thats why i wanna do the Penetrating testing and the Reverse Engennering courses ..Realy i dont care from were.
I JUST DONT WANNA PAY AND GET DISAPPOINTED WHIT SOME STUFF BECAUSE ITS ALOT OF MONEY!,and every body out there they claim to be the best course( and also have the chance to get some certifications if i buy some online course )

Also other problem is that im not from USA, so i cant  take all this cool BootCamp courses where you can ask everythink to the trainer, i have to take the online courses . :(

what (online)trainings did you recomend?
And what  do you recomend for prepare to this online trainings?
what did i need to know? or read about?

im think to do the "Penetration Testing Online" course of intense school and after  the "Reverse Engineering Online "
Because in the Penetration Testing covers some  basic knowledge of the  Reverse Engineering course...and the Penetration Testing also covers the Hacker Training Online &  Advanced Hacking Online..
and I have the chance to take the CEH, CTP, CETP tests...

What do you think about? (for what you said earlier I think that you like more  INFOSEC institute than intense school or not?)
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sun Sep 12, 2010 11:31 am

Re: Infosec Intitute & Intense School

Infosec Institute = Intense School ... They're one in the same now HOWEVER, many of the former trainers of Intense School are NOT teaching the courses for Infosec Institute. So think about that. I've already stated Infosec has some great trainers for their current courses, what they did with the stuff they acquired Intense, I have no idea.

Forget about "losing money" for a moment and look at it as an investment in your life. You WILL learn if you apply it, your tolerance and capacity to learn are something only you can answer. Unless you go to Infosec's classes IN PERSON, you won't be able to ask any questions. The online courses are pre-recorded and at BEST, you can keep rewinding the videos until you get it. A better approach to having questions answered is to join a particular forum which focuses on what you're learning. Or... IRC.
<<

outsourcethis

User avatar

Newbie
Newbie

Posts: 7

Joined: Thu Feb 05, 2009 11:37 am

Post Sun Sep 12, 2010 12:29 pm

Re: Infosec Intitute & Intense School

I've taken multiple courses form Infosec Institute and their material is top notch. I've never taken any courses through Intense school though I haven't heard very much positive from others.

As far as your question about how does the infosec advanced hacking course stand up against the OSCP course, I've taken both and if you are comparing Infosec advanced hacking to OSCP V2 they were comparable. Throw in the new OSCP V3 and it is much better then the advanced course from Infosec.

Now having said that I would suggest Infosec advanced course first then move to the OSCP V3 course. I think you will get more out of it going this route.

Just me 2 cents
CISSP, C|EH, E|CSA, L|PT, MCSE+S. MCSA+S
<<

mallaigh

User avatar

Jr. Member
Jr. Member

Posts: 65

Joined: Fri Jul 16, 2010 12:36 am

Post Mon Sep 13, 2010 2:03 am

Re: Infosec Intitute & Intense School

sil wrote:Side notes for other members reading this
1) I started throwing together a framework for book. It involves "alternative penetration testing" ;) I won't go too much into detail. Depending on how it comes along, I intend on finding someone @ Elsevier or another publisher to look into it. If I CAN'T get one of them to do anything with it, I will publish chapters online.

2) I may or may not (depending on my schedule) begin to teach classes from time to time it's just a matter of prioritization however, the kind of things I would go over WOULD NOT in theory be based on "take this class to pass this cert!" It would be more of a "take this class to be a ninja... Forget the cert because hopefully after I whip on you, any cert would come naturally." kind of class. My issue/concerns are: a) market for this (it is becoming saturated as is) b) recognizability (hard for me to compete with some of the bigger guns) c) value for the dollar. I KNOW what it is to give away money for something not worthy of it and the last thing I would ever want is say a student feeling as though their money wasn't worth it. Last thing I want is for someone to feel as if something was missing.

3) RWSP - OMFG ;) Thee CCIE of pentesting coming soon to a theater near you (http://www.peaksec.com/training/real-wo ... urity.html) I'm trying to get down to TechnoForensics this year so if anyone else is going, let me know, maybe we can "has some brews or two or a dozen"


sil, please keep us informed as to what comes of this.  It would be great opportunity to read your book or take a class lead by you.
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Mon Sep 13, 2010 11:45 am

Re: Infosec Intitute & Intense School

I am also interested in two courses:

- Enterprise Security Architecture Design Online (http://www.infosecinstitute.com/courses ... nline.html)
  I am at least familiar with most of the topics, but I would like a course that takes me from A to Z. The most important is the labs, so I would like your opinions.

- Penetration Testing Online (http://www.infosecinstitute.com/courses ... nline.html)
or Hacker Training Online (http://www.infosecinstitute.com/courses ... nline.html)

Penetration Testing course seems more comprehensive than the hacking one.
I not very interested for the moment in becoming advanced in writing exploits, as I will not use this at work for the beggining.
Also, on the long run I am interested in the management, but one with an excellent technical foundation.

So, do you think that their courses delivers what's advertised on their website??
Because if this is true I will try to do them.

Thanks!
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Sep 13, 2010 1:46 pm

Re: Infosec Intitute & Intense School

Sil, as mallaigh sais please keep us informed of any progress/outcome i regards to your book or training...

Don, maybe you could work your magic for a chance to win a seat in one of the courses?
<<

Bl4ck_D4wn

Newbie
Newbie

Posts: 4

Joined: Fri Sep 10, 2010 2:20 pm

Post Mon Sep 13, 2010 6:25 pm

Re: Infosec Intitute & Intense School

@alucian

Hacker Training Online + Advanced Hacking Online = Penetration Testing Online

Thats what intense school tell me! ;)

if anyone is going to do or wants to do the "Penetration Testing Online" course PM. maibe we can make it together and get a discount :)
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Sep 13, 2010 8:05 pm

Re: Infosec Intitute & Intense School

Hey T_Bone,

Great minds think alike. I'm already putting the finishing touches on an agreement that will bring an InfoSec Institute Course to a lucky EH-Netter.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Tue Oct 12, 2010 6:31 pm

Re: Infosec Intitute & Intense School

I know this is an older topic, but thank you guys so much. I was preparing to go with the 10 day IS CEH/CPT/CEPT boot camp. While I have an Sec+ knowledge, I am no coder, and I definatly don't have the knowledge required at that level.

What advice would you guys give for someone wanting to get to this level? A roadmap of sorts?
sectestanalysis.blogspot.com/‎
<<

wubitizer

Newbie
Newbie

Posts: 2

Joined: Wed Jan 27, 2010 6:53 pm

Post Wed Dec 15, 2010 1:51 pm

Re: Infosec Intitute & Intense School

Hey Sil,

As you mentioned below, people has been asking Larry to do CEH for a while.  2011 will be all about CEH for Larry Greenblatt.  He is team-up with Secure Ninja training company to deliver his EC-Council CEH course with his own Cyber Kung Fu twist since CEH is now part of the 8570 for CND.

His CEH class  named "Cyber Sparring" is unique and very different from any other CEH course out there and he welcome your input.  His next Cyber Sparring /CEH class will be on Jan 24 -28, 2011 at Alexandria, Va. You got his number if you want to audit the class.

Best,



sil wrote:Intense School was bought out/assimilated/etc by InfoSecInstitute some time last year (I don't recall when) and I've taken courses from both of them.

So here goes the long and short of it.

Infosec Institute
Rock solid material for those who need to ESCALATE their knowledge. I highlighted the word escalate because a bootcamp from my perspective is supposed to validate/explain/go_over things you already know. If you expect to take a bootcamp with zero experience, expect to waste your money. You're better off reading, studying and learning on your own BEFORE taking a bootcamp. Think of a bootcamp as mopping up the mess.

With that said, InfoSec Institute and their trainers are tops in their field. Their current trainers are a who's who of hacking, reverse engineering and penetration testers. Typically when you sign up for say the advanced ethical hacking, you'll receive a box containing about 5 books. 3 of those books will be about 500 pages and will be used to explain ALTERNATIVE tools to the ones commonly used in which you should be familiar with. For example, nmap. Instead of going through a book on how to use nmap, there will be an explanation on how different systems react to nmap and show you alternatives TO nmap using say hping.

Again, if you aren't already familiar with many tools, protocols and systems, you're wasting your money because you WILL BE lost when it comes to things like assembly, buffer/heap/stack overflows. If you're not comfortable using gdb without looking at a man page, the course will be a waste of time and overkill for you. If you can't explain a three-way handshake, the purpose of using URG for certain systems, what URG is in a packet, why and when to use something like fragroute, you WILL BE lost. And your money ... WILL BE LOST.

Alongside the books is a login to a website which contains video based training that goes over EACH and EVERY one of the modules in EACH and EVERY one of those books. The videos were recorded during a bootcamp so while they are explanatory, if you have questions you will be hit because there is no one to ask... Figure it out on your own - again if you have ZERO experience it will be a waste of time and money.

The key to getting it right is to do the modules, use the examples and practice at your own pace. The downside is again - I recommend at LEAST a security+ of at LEAST 2-3 years in the industry with moderate knowledge of tools and A LOT of knowledge on protocols and systems.

Intense School
Would be a waste of time to explain my dealings with them as they are NOT who they once were. For this I will speak about my trainer who taught CISM bootcamp, Larry Greenblatt who has been running his own thing for a while at Internetwork Defense (http://www.internetworkdefense.com/).

Larry Greenblatt is perhaps THEE man when it comes to explaining, teaching and making one understand WHAT needs to be done in order to correctly position themselves to pass the CISSP, Security+ and/or CISM class. He is an excellent instructor who has taken the time to blend in "real life" analogies which make his classes fun and memorable.

He was one of the reasons I had intended on taking another class before Intense School (then known as Vigilar) ended up in a "WTF happened to them" state. Because business is business, I believe Vigilar went under, InfoSec bought the domain from them, etc., or something along those lines.

Anyhow, Larry DOES NOT *really* teach penetration testing but can if he wanted to. I'm supposed to work with him on doing the C|EH training where I would intervene from time to time on the technical side. I'm still trying to work out the logistics, timing, etc. so if you DID take a class through Internetwork Defense, depending on the dates, you'd end up with someone like or better than me discussing what's needed to pass the exam, what to focus on, etc.

Side notes for other members reading this
1) I started throwing together a framework for book. It involves "alternative penetration testing" ;) I won't go too much into detail. Depending on how it comes along, I intend on finding someone @ Elsevier or another publisher to look into it. If I CAN'T get one of them to do anything with it, I will publish chapters online.

2) I may or may not (depending on my schedule) begin to teach classes from time to time it's just a matter of prioritization however, the kind of things I would go over WOULD NOT in theory be based on "take this class to pass this cert!" It would be more of a "take this class to be a ninja... Forget the cert because hopefully after I whip on you, any cert would come naturally." kind of class. My issue/concerns are: a) market for this (it is becoming saturated as is) b) recognizability (hard for me to compete with some of the bigger guns) c) value for the dollar. I KNOW what it is to give away money for something not worthy of it and the last thing I would ever want is say a student feeling as though their money wasn't worth it. Last thing I want is for someone to feel as if something was missing.

3) RWSP - OMFG ;) Thee CCIE of pentesting coming soon to a theater near you (http://www.peaksec.com/training/real-wo ... urity.html) I'm trying to get down to TechnoForensics this year so if anyone else is going, let me know, maybe we can "has some brews or two or a dozen"

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software