In Las Vegas for Black Hat, DEF CON, or BSides?

Let’s meet over coffee - coffee@ellio.tech - or join us for hands-on sessions and our special Hot Takes series.

Level up your skills with our hands-on sessions.

New TCP Fingerprint Firewall. Recon Shield.

Wednesday, August 6, 2025
2:00 - 2:55 PM
Black Hat, Business Hall, Arsenal Station 3

Don’t miss the release of a new open-source defense tool: TCP Fingerprint Firewall, a high-performance, eBPF-powered shield against malicious and promiscuous scanners. It leverages XDP (eXpress Data Path) for inline packet processing and MuonFP’s advanced TCP fingerprinting to detect and block recon traffic with high speed and precision, stopping threats before they can map your network.
More details

Deep-dive into modern network fingerprinting.

Saturday, August 9, 2025
2:00 - 6:00 PM
DEF CON, LVCC - L2

Go beyond theory and get hands-on with TCP and TLS fingerprinting in a live lab. You'll capture real packets using tools like MuonFP, p0f, JA3, JA3n, and JA4; normalize JA3 to JA3n; convert MuonFP detections to p0f signatures; and compile them into BPF and iptables rules for dynamic blocking. Detect and stop mass scans from ZMap and Masscan in real time - and even forge your own fingerprints with Scapy to test your defenses.
More details

Agenda

Why Network Recon Matters
The role of reconnaissance in cyberattacks
Common scanning tools and patterns
Recon
Scanning
Foundations of Network Fingerprinting
p0f and early techniques
Core principles of TCP/IP fingerprinting and L7 fingerprinting
p0f
JA3
TCP/IP
L3
L4
L7
Modern Methods: MuonFP
Identification of benign traffic and scanning activity
Strengths, limitations, and practical use cases
MuonFP
Hands-On with BPF Filters
Creating custom filters to flag or drop unwanted connections
Live demos and best practices
BPF
p0f BPF compiler
TLP: Red
Masking Edge Infrastructure
Techniques to reduce visibility to public scanners
Practical steps for immediate impact
Fingerprint-based blocking
IP-based blocking
Workflow Integration
Fitting fingerprinting into SOC processes
How to stay ahead of opportunistic and targeted attacks
Fingerprint Gathering
Data Enrichment
Automation
Q&A and Open Discussion
Tailored questions based on attendees’ environments
Q&A

Register for Hot Takes: Where Spice Meets Security

Have a free lunch or afternoon block? Join us for Hot Takes: Where Spice Meets Security - where cybersecurity gets spicy, literally. Hosted by Vlad Iliushin, Head of Cybersecurity at ELLIO, you’ll dive into bold discussions on the latest cyber trends while trying 10 different spicy sauces over a shared meal. Whether you’re into spice or cybersecurity, this is for you! Seats are limited, so sign up now!

Monday (Aug 4), 12:30 - 2 pm (near BSides LV) Register
Tuesday (Aug 5), 12:30 - 2 pm (near BSides LV) Register
Wednesday (Aug 6), 3 - 5 pm (near Black Hat) Register
Saturday (Aug 9), 7 - 9 pm (near DEF CON) Register

Our past workshops.

High-adaptive IP blocking for the mass scanning era.

June 26, 2025
Online

We discussed advanced dynamic blocking, leveraging behavior analysis, anomaly detection, threat intelligence, fingerprinting, and precise automation for efficient prevention.

Interactive fingerprinting walkthrough.

June 3, 2025
Prague (The Honeynet Project Annual Workshop)

Designed for anyone ready to dive into modern network fingerprinting and learn how to turn raw data into actionable defenses. We covered JA3, JA3N, JA4, p0f, MuonFP, and various TCP/IP fingerprinting techniques.

Dark side of network recon. New defense techniques.

May 1, 2025
San Srancisco

A workshop on practical techniques to enhance firewall defenses against illegitimate traffic, emerging threats, and zero-day attacks, tailored for today’s threat landscape dominated by mass scanning, and AI-driven attacks.