November 21, 2025 (Friday)
10 - 11:30am EDT
Virtual hands-on lab

MuonFP in Action:
Catch recon & mass exploitation before it lands.

Register for a hands-on virtual lab: TCP Handshake Fingerprinting with MuonFP and p0f. Dive deep into network reconnaissance detection and learn how to spot and stop scanning at the TCP SYN.

In this live session, we'll show how to:

• Capture Nmap, Masscan, and ZMap traffic, read behavioral traits, and validate real-time blocks using BPF/eBPF. All without disrupting legitimate flows.
• Identify and block reconnaissance activity at the TCP SYN stage.
• Capture TCP handshakes, interpret p0f and MuonFP traits (option order, window size, scale, MSS), and recognize scanning patterns in real time.
• Convert fingerprint traits into BPF rules, apply them via iptables/nftables, validate with live scans, and upgrade to eBPF filtering using wildcard MuonFP signatures.

How to participate:

• For hands-on practice, have a laptop with terminal access. Lab VMs will be provided to confirmed attendees who register before the deadline.
• Just want to listen? No problem! You can still follow along, watch the demonstrations, and learn how MuonFP and p0f work in practice.