Flashback: ELLIO at Black Hat and DEF CON 2025.

We couldn't miss Cyberweek in Las Vegas. Here's a look at the great time we had at Black Hat, DEF CON, and BSides Las Vegas this year.

Our way of giving back: Sharing knowledge and experience.

New open-source TCP Fingerprint Firewall.

At Black Hat 2025, ELLIO launched the new open-source defense tool, TCP Fingerprint Firewall, designed to protect networks from malicious and promiscuous scanners. Powered by eBPF and leveraging XDP (eXpress Data Path) for inline packet processing, this firewall uses MuonFP’s advanced TCP fingerprinting technology to detect and block reconnaissance traffic with exceptional speed and accuracy.

More at GitHub

Workshop: Deep-dive into modern network fingerprinting.

At DEF CON 2025, the ELLIO team offered hands-on experience with TCP and TLS fingerprinting in a live lab setting. Participants learned how to apply modern fingerprinting techniques for proactive defense. They captured real packets using tools like MuonFP, p0f, JA3, JA3n, and JA4; normalized JA3 to JA3n; converted MuonFP detections into p0f signatures; and compiled these into BPF and ip tables rules for dynamic threat blocking. Attendees sharpened skills to detect and block malicious traffic with advanced fingerprinting.

Agenda

Why Network Recon Matters
The role of reconnaissance in cyberattacks
Common scanning tools and patterns
Recon
Scanning
Foundations of Network Fingerprinting
p0f and early techniques
Core principles of TCP/IP fingerprinting and L7 fingerprinting
p0f
JA3
TCP/IP
L3
L4
L7
Modern Methods: MuonFP
Identification of benign traffic and scanning activity
Strengths, limitations, and practical use cases
MuonFP
Hands-On with BPF Filters
Creating custom filters to flag or drop unwanted connections
Live demos and best practices
BPF
p0f BPF compiler
TLP: Red
Masking Edge Infrastructure
Techniques to reduce visibility to public scanners
Practical steps for immediate impact
Fingerprint-based blocking
IP-based blocking
Workflow Integration
Fitting fingerprinting into SOC processes
How to stay ahead of opportunistic and targeted attacks
Fingerprint Gathering
Data Enrichment
Automation
Q&A and Open Discussion
Tailored questions based on attendees’ environments
Q&A
Sign up for the workshop

Hot Takes with ELLIO:
Don't cry over wings, just CVEs.

During Cyberweek, the ELLIO team hosted a fun and flavorful event called Hot Takes: Where Spice Meets Security. The gathering mixed spicy sauce tasting with lively chats about the latest in cybersecurity. It was a great chance for folks who love spice and those passionate about cybersecurity to connect, share ideas, and enjoy some tasty heat together. Thanks to everyone who joined us !

More than job. It's what we're part of.

Our past workshops.

High-adaptive IP blocking for the mass scanning era.

June 26, 2025
Online

We discussed advanced dynamic blocking, leveraging behavior analysis, anomaly detection, threat intelligence, fingerprinting, and precise automation for efficient prevention.

Interactive fingerprinting walkthrough.

June 3, 2025
The Honeynet Project Annual Workshop, Prague

Designed for anyone ready to dive into modern network fingerprinting and learn how to turn raw data into actionable defenses. We covered JA3, JA3N, JA4, p0f, MuonFP, and various TCP/IP fingerprinting techniques.

Dark side of network recon. New defense techniques.

May 1, 2025
San Srancisco

A workshop on practical techniques to enhance firewall defenses against illegitimate traffic, emerging threats, and zero-day attacks, tailored for today’s threat landscape dominated by mass scanning, and AI-driven attacks.

ELLIO logo

Threat Intelligence & Actionable defense against mass exploitation and reconnaissance.

Partners
Partner ProgramLead registration
Company
Why ELLIOWorkshopsBlogEventsAbout usContact usTalk to an expert
Close.

Sign up for news

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Copyright 2024 ELLIO Technology.