I just got back from the SANS New Orleans conference, where we had a great mix of fun, food, awesome students and laughs.  Highlights include:

1. •Kevin Johnson taught the Advanced Web Penetration Testing course, earning the title “Hacker Princess”.  He even has a shirt to prove it.
   

2. •Realization from my students that lots of people still run WEP, and it really is horribly broken.
   

3. •Sushi.
   

4. •Paul Asadoorian’s presentation on the threats of embedded devices.  If I pwn your Linksys router, and I can change your DNS server to a DNS server under my control, I can manipulate all the web sites you access.  This is kinda scary, when combined with XSS and CSRF vulnerabilities in SOHO devices that few consumers recognize or patch.
   

5. •Hacking WiFi, neon-style (see photo).
   

6. •Something about cinnamon-sugar coated plantains at a Brazilian steak-house.
   

7. •Paul Asadoorian wore a crushed-velvet jacket.  No, really.
   

8. •Jazz and great food at a restaurant with Mike Poor and the good folks from Core Security.  The Jazz musician is called “Sugar Bear”.  Mike Poor is now “Big Red”.
   

9. •Helping a classroom of students wanting to learn about wireless security.  At the end of the class, I’m pretty sure my students had their fill of wireless hacking and security topics, but I know they all went back to work with practical advice and actionable tasks on how to defend the security of their wireless networks.
   

-Josh