Join the Recon U.S.
Roadshow 2025

Multiple U.S. cities
Winter/Spring 2025

Sign up for the workshopCheck full agenda
Workshop topic

Network fingerprinting to counter reconnaissance and mass exploitation.

Join the hands-on expert workshop to dive into network reconnaissance, the first step in many cyberattacks. Learn new adversarial techniques like JA4, JA4+, and MuonFP, build eBPF filters to block unwanted connections, and discover methods to mask your edge infrastructure from automated scans. Whether you're an intermediate analyst or an advanced defender, this workshop will equip you with the tools to enhance your skills.

Understanding Recon

The role of network recon in cyberattacks. Common scanning tools and patterns.

Foundations of Network Fingerprinting

From p0f and other early techniques to core principles of TCP/IP fingerprinting and L7 fingerprinting.

New Fingerprinting Methods - strengths, limitations

JA4, JA4+, MuonFP. Identifying malicious patterns vs. legitimate traffic.

Hands-On with eBPF Filters

Creating custom filters to flag or/and drop unwanted connections.

Masking Edge Infrastructure

Reducing Exposure to Public Scanners with Actionable Techniques.

Workflow Integration

Fitting fingerprinting into SOC and CSIRT processes.

Practical use cases.

Live demos and discussion tailored to your needs.

Register Your Interest

Thank you! Our team will get back to you within 2 business days to confirm a workshop date and fine-tune any other details.
We kindly request a business email address. Please note that temporary or free email addresses are not accepted. Should you require assistance or wish to discuss this matter further, please contact us at partners@ellio.tech. Thank you for your cooperation.
Based outside the US and interested in the workshop?
Let us know at info@ellio.tech

What You'll Walk Away With

Fingerprinting Foundation

You will know how network fingerprinting enables you to identify and mitigate attacker behaviors and scanning patterns.

Fingerprinting

Reduced Exposure

You will acquire actionable methods to smartly detect, deter, and reduce exposure to mass exploitation attempts.

Fingerprint Based Blocking

Quick
Detection

You will know to use fingerprinting data to quickly spot suspicious activities, uncover new attack vectors, and stay ahead of adversaries.

Automation

Proactive Filtering

You will know to build custom filters to proactively drop or flag unwanted connections, fortifying your defense against malicious traffic.

eBPF
Check full agenda
Why it matters

Network reconnaissance is often overlooked, but still remains a crucial first step in the kill chain.

Network reconnaissance is the first step in a wide range of cyberattacks, and knowing how to detect and deter it is a crucial part of a modern defense. In this hands-on workshop, you'll learn how adversaries map targets for mass exploitation, the foundations of network fingerprinting, and modern methods like JA4, JA4+, and MuonFP - including what these techniques can and cannot do. We'll then dive into building eBPF filters to drop or flag unwanted connections, and explore how to mask your edge infrastructure from automated scans. Finally, we'll discuss how to integrate fingerprinting into your workflows so you can stay one step ahead of both opportunistic and targeted attacks. Whether you're an intermediate analyst seeking to understand the fingerprinting landscape or an advanced defender ready to build sophisticated filters, this workshop will give you the tools and insights you need.
Workshop Guide

Meet Vlad Iliushin

The workshop will be led by Vlad, an expert in mass exploitation, network reconnaissance, and cyber deception.

Vlad is a co-founder of ELLIO and President of the Anti-Malware Testing Standards Organization AMTSO. A true cybersecurity enthusiast, he is passionate about network security, IoT, and cyber deception.  Before ELLIO, he founded and led the Avast IoT Lab (now Gen Digital), developing security features and researching IoT threats. He has spoken at many conferences, including Security Analyst Summit, Web Summit, or South by Southwest (SXSW), where he demonstrated IoT vulnerabilities alongside World Chess Champion Garry Kasparov.

Workshop Flow

Agenda

Why Network Recon Matters
The role of reconnaissance in cyberattacks
Common scanning tools and patterns
Recon
Scanning
Foundations of Network Fingerprinting
p0f and early techniques
Core principles of TCP/IP fingerprinting and L7 fingerprinting
p0f
JA3
HASSH
TCP/IP
L3
L4
L7
Modern Methods: JA4, JA4+, and MuonFP
Identification of benign traffic and scanning activity
Strengths, limitations, and practical use cases
JA4
JA4T
JA4+
MuonFP
Hands-On with eBPF Filters
Creating custom filters to flag or drop unwanted connections
Live demos and best practices
eBPF
eXpress Data Path
Masking Edge Infrastructure
Techniques to reduce visibility to public scanners
Practical steps for immediate impact
DNS
Fingerprint-based blocking
IP-based blocking
Workflow Integration
Fitting fingerprinting into SOC processes
How to stay ahead of opportunistic and targeted attacks
Fingerprint Gathering
Data Enrichment
Automation
Q&A and Open Discussion
Tailored questions based on attendees’ environments
Q&A
Sign up for the workshop

Big thanks to our ELLIO User Community!

Over 5,000 users worldwide

trust ELLIO to keep them protected and informed.

Cybernoise Map

Everybody scans. We listen.

How cybersecurity experts use ELLIO in their defense mission.

Data Insight & Automation for SOC Teams

Accelerate triage by filtering out non-urgent and false positive alerts in SIEM, SOAR or TIP in real-time using ELLIO Threat Intelligence.

Learn more

Data Enrichment for Threat Hunting

Improve investigation and response to targeted attacks, making both faster and more precise with the latest, highly accurate threat data, trends, and anomalies.

Learn more

Mask network from Scanning Services

Make your perimeter invisible to scanning services used by malicious actors to locate new targets. Reduce your network footprint.

Learn more

Ultimate IP Blocking

Real-time protection against active malicious IPs at the perimeter with the largest and most dynamic IP threat feeds on the market.

Learn more

See all Use Cases.

Upgrade your actionable knowledge.
Recon Workshop coming to your town!

Register for the workshop
ELLIO logo

We help security teams focus on threats that really matter.

Partners
Partner ProgramLead registration
Company
Recon U.S. Roadshow 2025BlogEventsAbout usContact usTalk to an expert
Community
SlackDiscordX
Close.

Sign up for news

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Copyright 2024 ELLIO Technology.