We often get asked by students of our Hacking By Numbers courses if the course environments or at least the VMWare images are available after the training is over. As a result we’ve started to experiment with a model for offering our courses in an online environment. The idea would be to maintain the full numbers of labs and technical work, maintain the high standard of trainers and materials, but make the training available via the internet to people at various diverse locations. The approach we’ve been testing appears to show some promise, so we’re hoping to ask some of you for your input and opinions.

The model we have in mind works like this:

1. Our slide decks have been ported to a Flash format with voice-overs blended in. This allows the students to browse through the materials, pause the presentation and move forward and backward as they please. The voice-over is by an experienced trainer and is presented in the same anecdotal style we use in our regular courses. There’s also a transcript of the speaker’s presentation that ensures students understand the trainer and allows them to copy and reuse text from the dialog.

2. The Flash slides are accompanied by the same lab sheets and accompanying answer sheets that are used in our regular training.

3. In order to complete the labs students connect to a Microsoft Terminal Server over the Internet. Each student has their own desktop that’s pre-installed and configured with everything they’ll need, including an SSH session to the Linux box that’s needed for some of the labs. In this way the student walks right into a clean pre-configured environment with a full Windows and Linux toolset. All the targets, along with the classroom infrastructure like web and DNS servers, are available on virtual networks attached to the Terminal Server.

4. The course is broken up into a series of ‘modules’, where a module corresponds to a number of slides from the deck, followed by a lab exercise from the lab sheets. The students can work their way through the slides in the module then tackle the corresponding labs by logging onto the Terminal Server.

5. Although students work their way through the materials and labs on their own time, they are expected to complete each module within a certain amount of time. At the start and end of each module there is a trainer briefing that occurs via Skype. Students are given an overview of the materials and labs to follow and are given the opportunity to ask questions and make comments.

6. There is also an interim Skype briefing at fixed times at the start and end of each day. Finally, students have the opportunity to submit questions via email during the course of the day that will be dealt with by the trainer at the next briefing.  In this manner we envisage a two-day classroom being spread over a five-day or even a seven-day period.

So that’s the basic approach. We’ve started by porting our Cadet Edition in this fashion because it had the least labs and (as a beginners course) seemed to make the most sense. There’s a brief course summary of the course here. But before we take the course live, we’re planning to take it for a few test runs and hopefully get some input and feedback from you. Basically, there are three questions we want to ask:

1. Have you done online training before?
If you’ve done online courses, what are your observations? Did it work for you? What did you and didn’t you like?

2. Do you think our online approach is a workable learning tool?
Do you think our approach can work and would you be interested to attend a course presented in this manner?

3. What would you be prepared to pay for such a course?
Here’s some benchmark pricing for you to consider
– A CEH course starts at $ 695.00 (normal pricing seems to be $ 895)
– A SANS @Home hacking course starts at $3,275.00
– The Offensive Security Offsec 101 starts at $ 550.00 (and goes up to about $ 700, without ‘options’)
– Our Cadet course retails at Black Hat from $ 2,200.00, with fully configured laptops provided
Our total training content amounts to about 2 days. Given this, what do you think would be a fair price to pay for this course?

Finally, we’re planning to hold a free online ‘beta’ of the course early in 2009. If you’d like to take part, please let us know by contact ‘training@sensepost.com’