DEF CON 34 runs August 6–9, 2026 at the Las Vegas Convention Center, and the math has always been brutal: four days, roughly 30 villages, and no way to see everything. Early Bird tickets are $560 through May 22 before jumping to $580, and every hour you burn wandering between overcrowded rooms is an hour you didn’t spend actually hacking something. The villages — the hands-on, topic-specific zones that make DEF CON more than a talks conference — are where that money earns out or doesn’t.
This guide breaks down the DEF CON 34 village lineup by what you’re actually trying to do. Not alphabetical, not promotional. Offensive practitioners, defenders, hardware hackers, policy people, and first-timers all have different optimal routes through the floor, and some villages that sound essential from the name are optional in practice while quieter ones reward the visit disproportionately. Content below is drawn from the official DEF CON 34 accepted-content list as of late April, with the caveat that schedules and featured contests continue to firm up through July.
How to Read the DEF CON 34 Village Floor
The villages operate as semi-independent mini-conferences. Each runs its own talk schedule, workshops, and usually a capture-the-flag (CTF) — a timed hacking competition where you score points by solving challenges. Some villages are essentially miniature conferences (Blue Team Village, AppSec Village, Red Team Village) with hundred-plus–person rooms and published schedules. Others are closer to living exhibits: you walk in, something is plugged into a bench, and you start poking at it. A handful function as communities of interest where the value is the people more than the programming.
The planning mistake most first-timers make is optimizing for talks. Talks get recorded and posted to the DEF CON YouTube channel — hundreds of DEF CON 33 videos are already up from last year. Hands-on access to a fishing boat, a Rivian, a PLC rack, or a vulnerable ATM badge does not get recorded. Prioritize what you can only do in the room.
The Offensive Track: Where Red Teamers Should Camp
Four villages form the offensive backbone of DEF CON 34, and they don’t fully overlap.
Red Team Village remains the default destination for practitioners who want talks, workshops, and CTFs focused on offensive tradecraft — adversary emulation, lateral movement, evasion. Expect full rooms; arrive early for workshops with signup limits. Red Team Village’s programming historically skews toward working operators rather than introductory material, so it pairs well for attendees already doing the work.
Adversary Village is the deeper specialist track within the offensive bucket. Where Red Team Village covers the full offensive craft, Adversary Village focuses specifically on adversary simulation and emulation — replicating the behavior of named threat actors, APT groups, and ransomware crews as structured exercises. The village runs an Adversary Simulator booth with volunteer-guided emulation plans tied to specific threat actors, and its Adversary Wars CTF uses scenario-based challenges (“Breach-the-Hospital,” “Breach-the-Office,” “Breach-the-Bank”) represented on physical LEGO-style city models where breached components get physically marked as the CTF progresses. If you work in purple teaming, detection engineering validation, or threat-informed defense, this is the village you were looking for.
Bug Bounty Village, returning after debuting at DEF CON 32, has grown into one of the heaviest-traffic stops on the floor. At DEF CON 32, workshops saw waiting lines of over 100 people. This is the village for practitioners who earn on HackerOne, Bugcrowd, Intigriti, and similar platforms, with programming oriented around recon workflow, vulnerability chains, and monetization strategy.
Recon Village pairs naturally with Bug Bounty Village. It’s the OSINT and reconnaissance specialist track — target discovery, asset enumeration, pivoting from a single data point to a full attack surface. Live Recon contests let you watch and do the work in real time.
The Defensive Track: Blue Team Priorities
Blue Team Village (BTV) is the anchor for defenders, and its Project Obsidian is the single most structured training-in-a-village offering at DEF CON. Project Obsidian 101 modules cover incident response, digital forensics, malware analysis, cyber threat intelligence, and threat hunting with a deliberate emphasis on the operational when and why behind each task rather than just the how. For SOC analysts, IR consultants, or people trying to move into defensive roles, this alone justifies the trip.
Packet Hacking Village sits alongside BTV as the network-analysis specialist village. Its Capture The Packet contest has earned Black Badge status — DEF CON’s highest competitive honor, granting lifetime free entry — more than ten times. The Packet Inspector and Packet Detective games provide a ladder from complete beginner to Capture The Packet contender. The Wall of Sheep, the village’s long-running public display of credentials captured from unprotected conference traffic, remains a reliable teaching moment for anyone who forgot to turn off auto-connect.
Malware Village is a focused destination for reverse engineers and malware analysts. The programming leans hands-on, with historical context framing more modern analysis techniques.
Hardware, Radio, and Embedded: The Physical Layer
The hardware-adjacent villages are where DEF CON differentiates itself most sharply from every other security conference. These are rooms full of benches, oscilloscopes, soldering irons, and devices that were not designed to be hacked on but are being hacked on anyway.
Hardware Hacking and Soldering Skills Village (HHV/SSV) is the entry-level on-ramp. Soldering kits, interactive demos, and competitions aimed at building core skills. First-timers who’ve never touched a soldering iron should start here before graduating to:
Embedded Systems Village, which runs deeper. The village’s stated purpose is teaching attendees to reduce “complex, exotic devices to their underlying embedded components” — firmware extraction, JTAG, UART, the flash chip off-board analysis pipeline. Its workshops feed directly into what the other hardware villages expect you to already know.
Car Hacking Village has led automotive security at DEF CON for over a decade. DEF CON 33 featured a Rivian van and a Rivian truck as public research targets; as the village’s own framing notes, every car brought to DEF CON gets hacked. Expect similar live-target programming at DC34.
Radio Frequency Village (formerly the Wireless/WiFi Village, now in its 17th year under RF Hackers Sanctuary) covers the full spectrum — WiFi, Bluetooth, Zigbee, Z-Wave, RFID, infrared, and software-defined radio more broadly. Its RF Capture the Flag runs alongside the talks. Pair it with Ham Radio Village, which offers FCC license testing on-site, hidden-transmitter fox hunts, and the more hobbyist side of radio.
IoT Village and ICS Village cover the two domains where hardware security has the highest stakes. ICS Village at DEF CON 34 will bring real programmable logic controllers, HMIs, and remote telemetry units to the floor, with escape rooms run by Idaho National Labs and CISA, plus a maritime-technology collaboration with Maritime Hacking Village and a health-care ICS crossover with Biohacking Village.
Specialist Domains: Critical Infrastructure and Niche Targets
Biohacking Village is the medical-device and healthcare-cybersecurity village. Programming covers penetration testing of virtualized medical devices, coordinated disclosure for medical vendors, FDA and EU Cyber Resilience Act regulatory questions, and tabletop ransomware exercises modeled on hospital incidents. The village has become the primary venue where medical-device manufacturers, regulators, and independent researchers actually sit in the same room.
Maritime Hacking Village (MHV) is one of the more dramatic recent additions. At DEF CON 33 the village brought a fishing boat, a drone boat, and a virtual maritime ship as hackable targets. For DC34, MHV has confirmed it’s returning to the Las Vegas Convention Center with the same immersive model. Shipping, ports, and maritime communications sit in a strange gap where every stakeholder agrees the sector is insecure but no one owns the fix; MHV is the closest thing the industry has to a neutral ground.
Aerospace Village extends the same model to aviation and space — satellite systems, avionics, air traffic communications — in coordination with aviation authorities, researchers, and operators.
Voting Village, running annually since 2017 under the Election Integrity Foundation, provides hands-on access to voting system hardware and software. The village has testified to Congress multiple times and drew a defense from a bipartisan group of senators in 2018 after pushback from voting-system vendors. With US elections in the news year-round, expect attention even outside presidential cycles.
Telecom Village focuses specifically on 5G security — RAN gap analysis, 5G API security, protocol-level penetration testing. Narrow and technical, but uniquely so.
Payment Village covers payment-system security broadly. The village has announced what it’s calling the largest-ever DEF CON badge for DC34: a vulnerable ATM badge simulating an ATM’s attack surfaces in a carry-in-two-hands physical form factor. Whether you find that cute or a fire hazard, the hands-on payment-hardware angle is rare outside this village.
AI, Cloud, and Software
AI Village has become one of the highest-traffic villages on the floor as AI security has moved from research topic to business priority. For DC34, the village is running its third Generative Red Team, this time red-teaming the evaluations that establish a model’s performance — paying bounties for findings against the evaluation benchmarks used to make model-card claims. Last year’s real-time deepfake demonstrations are expanding to five different deepfake systems spanning high-end professional setups down to consumer-grade hardware, specifically to show how detection approaches degrade as compute-per-dollar improves.
AppSec Village covers traditional application security — web, API, deserialization, all the bread-and-butter software vulnerability work. The village runs its own AppSec-focused CTF alongside talks and workshops.
Cloud Village runs a 2.5-day jeopardy-style CTF covering AWS, GCP, Azure, Alibaba, and Digital Ocean, with top-three prizes. For practitioners specifically working cloud security, this is the main event.
Physical Security, Policy, and Community
Lock Pick Village, run by The Open Organization Of Lockpickers (TOOOL), has been a DEF CON institution since long before “village” was the term. Trial locks, pick tools, and TOOOL volunteers who will teach anyone who walks up.
Physical Security Village covers the broader physical-security picture beyond locks — bypass techniques, covert entry, and facility-security testing.
Policy @ DEF CON is where the conference’s hacker-policymaker engagement happens. Senior government officials, researchers, nonprofits, and private-sector experts in the same room. For anyone whose job touches regulation, CISA advisories, or national-strategy questions, this is the only DEF CON village specifically built for that conversation.
Social Engineering Community Village, Blacks In Cyber Village, Cryptocurrency Village, and Data Duplication Village round out the specialist community spaces. Data Duplication Village’s quietly useful offering: terabytes of archived security-conference talks and research, free to copy onto drives you bring.
A DEF CON 34 Village Reference
Which Villages Are Actually Worth Your Time
“Worth your time” is a function of your job and what you already know. A few honest calls based on what’s programmed for DC34:
If you have exactly one day and you’re offense-leaning: Adversary Village for a block of Adversary Wars CTF, then Bug Bounty Village for a workshop, then AI Village to watch the Generative Red Team. Skip Red Team Village talks — those will post to YouTube.
If you’re defense-leaning with one day: Anchor at Blue Team Village for Project Obsidian. Add a Capture The Packet qualifier at Packet Hacking Village. If time allows, Malware Village for a reverse-engineering session.
If you’re hardware-curious and not yet skilled: Start at Hardware Hacking/Soldering Village, progress to Embedded Systems Village, then pick one of Car Hacking, ICS, or Maritime based on which target looks most interesting to you. Don’t try to do all three.
If you’re a first-timer overwhelmed by choice: Lock Pick Village, Ham Radio Village (take the license exam), Packet Hacking Village’s Wall of Sheep, and whichever specialist village matches your day job. That’s four anchors with low barrier-to-entry and high learning return.
If you’re in policy, compliance, or GRC: Policy @ DEF CON is non-optional. Voting Village and Biohacking Village are the sharper-edge policy conversations. Skip the purely technical villages unless you’re genuinely curious.
The villages the DEF CON floor generally doesn’t reward: broad talk-only destinations for topics you can get recordings of. Villages that reward the in-person visit are the ones with physical artifacts — a boat, a car, a PLC, a lock, a vulnerable ATM badge, a radio — or with contests and workshops where presence is the point.
FAQ
How do I find the current schedule for each village? DEF CON 34 schedules typically firm up in June and July. Each village maintains its own site and social channels; the master schedule historically posts to the DEF CON Forums and the DEF CON info app closer to the event. As of late April, official accepted-content lists are live but individual village schedules are still being finalized as Calls for Papers close May 1.
Do I need a separate ticket for the villages? No. Your DEF CON badge gets you into every village, every contest, and every talk. Some individual workshops within villages require sign-ups due to seat limits, and those are handled by each village independently — show up early to the village in question on day one.
Are the CTFs beginner-friendly? It varies sharply. The main DEF CON CTF is elite-only. Village CTFs range from Capture The Packet’s explicit beginner-to-advanced pathway (Packet Inspector → Packet Detective → Capture The Packet) to specialist CTFs at Cloud Village, Adversary Village, and others that assume baseline skill. Read each village’s CTF description before committing a day to it.
What’s new at DEF CON 34 compared to DEF CON 33? Confirmed additions include the AI Village’s third Generative Red Team (now targeting model evaluations), the Payment Village’s vulnerable-ATM badge, Maritime Hacking Village returning with expanded programming, and a new Badgelife community space building a Badgelife Museum. Content announcements continue through July.
Before You Go
Buy the ticket before May 22 if you can — the Early Bird pricing saves $20–40 and the regular tier adds no value. Book a room at one of DEF CON’s blocked hotels (Fontainebleau, Sahara, Wynn/Encore, Circus Circus) early, because Vegas conference weeks price aggressively. Bring cash, physical notebooks, a laptop you don’t mind sharing a network with, and realistic expectations: you will not see everything. Nobody does. Pick the three villages that matter most, show up in the first hour of day one, and let the rest of the conference unfold around what you actually learn.
