-A more in-depth understanding of exploits I was familiar with (XSS, for example, which now terrifies me more than ever).
-An introduction to new attack vectors (SOAP, AJAX, Web Services)
-Deeper knowledge of tools I already use (learned some neat tricks with Burp Proxy, and other tools)
-Introduced to some new, very nifty tools
-Got to mingle with some fantastic geeky folks
-And of course, real-world exercises including a CTF event on the last day.
And what can I say about the instructor, Kevin Johnson... the guy is a card, but he's sharp, and an incredibly effective instructor (I'll be looking forward to 642 when it's ready).
I'm making my first trip to DefCon mostly to see his talk on exploiting web services. If you're a pen tester and going to be at DefCon, be absolutely certain to attend the "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" talk: https://www.defcon.org/html/defcon-19/d ... html#Eston Judging by the discussion we had in class, they are going to release some great info on this attack vector, which currently isn't very well documented.
Aside from the 6-day cram turning my brain in to mush, I can't think of a single bad thing to say about the class. If you're involved in web app pen testing, Sec542 is time very well spent!
Next step, GWAPT exam!
If anyone has questions on the class or materials, please don't hesitate to ask!