I have attended DefCon 30, 31, 32 and BlackHat 2022.
DefCon32 was hold in a different venue in 2024, it was in the other convention center (BlackHat was in the other convention center). DefCon 30 (after Covid and there were less people) and 31 were in Flamingo, Ceasers, Linq etc hotels.
Tips
Keep it in mind that there are around 30k people attending the conferences.
Have a water bottle or a 0.5l water with you during the day. There are a lot of free water fountains to refill. Outside is above 40 Celsius and inside it is 20 Celsius or below. And you will probably talk a lot.
Have some throat candies (not sure if this is the name of it) like ice breakers, halls etc. It could help when you talk a lot.
A small and thin jumper or hoodie is also recommended as time passes, you will feel cold.
Have a small towel in case you sweat a lot.
Food court is usually at the conference place, but some can be outside and close as well.
Buy the badge in advance online, it might be a slightly more expensive, but you don’t have to be in queue for 2-4-6 hours unnecessarily. When you pick up your badge on day 0, go around 11:00 and there will be very little line. Important, badges are not always electronic badges, sometimes they are plastic (2023 it was plastic, if you bought at the conference then it was a paper which was later exchanged to another one).
Have cash with you, most of the time it is cash only. For official merchandise, it is definitely.
They opened the conference and villages at the same time, so there could be some delay in the morning.
Talk to people. People are nice and happy to talk. I got stopped, because of my t-shirt (Zelda like pattern from SVX at DefCon) and had no problem taking a picture about it and have a little chat. Or I was waiting for green light and just started to chat with the person in Piff the magic dragon (good show by the way) t-shirt. Both of us watched his show and had a nice little chat.
If you see someone famous and want to talk to them and have a picture then always ask for permission and keep it short. They usually happy to have a picture and talk for a short period.
Use Hacker Tracker mobile app for iOS and Android. Plus there are a website as well (https://hackertracker.app/schedule/?conf=DEFCON32). There are a website for parties and another websites that collects badge sales.
It is good to follow the DefconParrot and DefCon twitter account and #defcon or #defconYY (YY is the number) etc hash tags.
For badges, look for the #badgelife (there is usually a Google Sheet and twitter account that collects the URL and people as well). You can also buy SAO (sh1tty add on) that you can attach to the badge as an accessory basically. SAO is from 10$ and badges are usually between 40$ and 150$.
Official merchandise and t-shirt. In the last 2 years, I had no chance to buy anything, because of the queue or out of size. In 2024, I didn’t even queued. I usually buy the t-shirts at SVX or Shadowvex at the vendors area as they always have cool designs, all sizes and less queue. Hack5 and Hacker Warehouse are the two vendors that usually have huge lines as well.
Stickers are big now. There are hundreds or thousands of stickers and exchange of it. There is even a wall now in the last two years.
There are other activities outside the conference as well. I talked to someone who went for BBQ party, but you can go to outdoor shooting range or race car driving on a race track, now the Sphere is open, golf or area51 etc.
Most of the talks are recorded now in the villages as well and will be uploaded later to the villages YouTube channel.
There is always a drama, every year. 2022 it was thunderstorm with flood and flood surfers, 2023 it was an unattended bag with bomb alarm/search and this year (2024), it was badge license. Also there was a flipper zero Bluetooth popup problem with iOS and WiFi knocked down of vending machines.
Villages
People with same and shared interest in a topic like red team, cloud, appsec etc are in the villages. They usually have their own badges and t-shirts and website etc. Talks are mostly beginner and intermediate levels and the schedule is on the village website (they have their own website and schedule). You can attend talks and workshops and try out things like car hacking or watch short simulations like hacking a farm house with IoT devices and lock picking etc. I saw part of a rocket or real cars as well. The cold calls and vishing competitions are super funny. You can sit down with bunch of people and learn lock picking and there is help at the table or people help each other.
There are ongoing CTF for every village as well basically and Crack Me If You Can (password hashes cracking competition) is held at DefCon.
Be prepared that the red team village is extremely popular. There is always a huge line and I couldn’t attend any talk. I had the same with this year with the social engineering village as well where I wanted to attend the cold calls competition (2 hours long) and we went there 15mins earlier and they said the line is 1.5hrs long. So if you want to attend a talk or workshop, be there early or sometimes you can calculate like be in the line 1 presentation before.
I started to see more people attending village talks than main track talks.
Hackers Jeopardy
I haven’t attended any of it, but here are 2 videos from last time:
https://www.youtube.com/watch?v=jfX4YIWScoo
https://www.youtube.com/watch?v=yTDCt4rvR7s
First timers
I would suggest to explore the conference and the villages and the vendors. Attend 1-2 talks that you are really interested and try to make friends. Watch the DefCon documentary video:
Tib3rius Top10 tips:
I don’t agree most of what is in the video, but it’s other people’s opinion:
https://www.youtube.com/live/ijQpFfuq-9A?si=bL1hzaNKBkjjKomu
Second or more timers
Schedule meetings in advance or write people in advance which day and hour you can meet. If you want to deliver a talk then be advised that villages have their own CFP timeline and pages to submit. As a speaker in the village, you usually get a village badge (not DefCon badge), a coin, stickers and a t-shirt.
BSides Las Vegas
If you have the budget and you are not at Black Hat, I recommend attending it. I attended the 2023 conference. It was so far in the Tuscany hotel (you can get cheap room as well during the conference) and workshops in the nearby hotels. It was big and there was even a room for some vendors and big round tables to sit down.
BlackHat USA 2022
I attended the USA as a presenter. There is a merchandise shop, but you need a badge to get into (which is a shame) and there was less people then DefCon. There is a party for presenters and arsenal only before the conference. In the morning you pick up your paper badge and some swag, it’s very fast. There was a buffet lunch in a separate place. After the talk, there a loads of parties. You can get into when you go into the business hall and talk to the vendors. There are also websites where you can apply.
I use the business hall to check what the industry is working on and see demos of the tools. Half of the time it’s sales people, but there are technical people onsite as well when you ask some more technical questions. I haven’t attended the Arsenal part unfortunately, so cannot comment on it.
Most of the stuff applies that I wrote above.