![[watchdog]: Inside a Mirai variant with six-layer persistence](/_astro/Mirai%20Botnet%20with%206%20layers%20of%20persistence%20Hero_Z2qvA8g.webp)
Video: How to capture real value from network fingerprinting in practice
Learn practical tips for deploying JA4, JA3, and MuonFP fingerprints in your security operations. Get expert insights from Vlad Iliushin and discover how to unlock their full defensive value.
Whether you’re focused on threat detection, blue teaming, or deeply engaged in network traffic analysis, this talk is a must-watch. At BSides San Francisco 2025, Vlad Iliushin, CEO of ELLIO and author of ELLIO Threat Platform, delivered an in-depth walkthrough of network fingerprinting and how to unlock their full value in practice.
Watch the full video and learn practical tips for deploying JA4, JA3, and MuonFP fingerprints in your security operations. Whether you’re focused on threat hunting, detection engineering, or SOC operations, this talk offers valuable insights you won’t want to miss.
In this video, you’ll learn:
- TCP/IP Fingerprinting(p0f, MuonFP)
- TLS / Layer 7 Fingerprinting(JA3, JA3S, JA3n, HASSH, JA4, JA4+)
- Differences between JA3, JA4, and MuonFP
- JA4 vs. JA4+
- TCP and VPNs
- How to Gather Fingerprints
- True value and limitations of network fingerprinting
- Fingerprint worksflows
And one fun post-show fact: with 156 slides, Vlad’s session was the largest presentation at BSides San Francisco 2025!
Ready to see network fingerprints in action?
Access the ELLIO Threat Platform and create your own custom threat searches using fingerprints. Discover how it can meet your specific use cases and needs.
Written by
A group of researchers at ELLIO, transforming insights from mass exploitation and network reconnaissance into real-world cybersecurity defenses.
Read next
All posts →
Every packet tells a story: The evolution of fingerprinting and netsec
The journey began in 1969, when the very first RFC - Request for Comments - was published. Explore key milestones that shaped network security and the practice of network fingerprinting.
IP Blocking vs TCP Fingerprint Blocking: How to Use and Combine Them
Learn how combining Threat Intelligence-based IP blocking and TCP fingerprinting enhances network security by disrupting attacker reconnaissance.
MITRE ATT&CK® framework now integrated into ELLIO Threat Platform
Transform your threat investigations with the ELLIO Threat Intelligence Platform. Now with MITRE ATT&CK threat mapping and advanced fingerprint analysis.