Many many good points in this thread.....

As Tony pointed out, the knowledge is out there and as the old saying goes, "People do what they want to do." I'm sure some of you have seen the Virus Lab Kit right? For those who haven't it basically has point-and-click virus creation capabilities while at the same time generates and displays the code used to perform the action. With programs like this available, what is the sense of not offering a course that actually teaches *proper* coding techniques in a controlled environment?

Trying to discourage people from taking courses like this, in my opinion, is closed minded and backwards. I have a lab here at my facility where I teach my junior security technicians the mechanics of high profile exploits. After that, I show them how to use those skill sto identify unpublished vulnerabilities. Once they have a true understanding of how an exploit works, I believe that they will be better technicians. Will they or could they pump this info into the underground? Sure, but to me the benefits of them knowing far outwiegh the potential damage they could do with their new skills. How many people here get pissed off when a netadmin doesn't understand how domain broadcast traffic is handled? Same idea here folks. Sure, by knowing exactly how domain broadcast traffic works, you can potentially hose up WINS resolution but wouldn't you want the admin to know how this works should your PC stop performing lookups across network segments? See my point here?

(Rant over)