We had a great time at Black Hat and DEF CON 2025.

Thanks to everyone who spent time with the ELLIO team. We always value sharing knowledge, exchanging insights, and gaining new perspectives on the challenges we face together every day.

No chance to meet us in Vegas?
Let's connect now!

This year belonged to network fingerprints.

New open-source TCP Fingerprint Firewall live on GitHub.

How do you stop scanners before they map your network? At Black Hat 2025, we launched TCP Fingerprint Firewall, built to block malicious and promiscuous scanners. Instead of relying on simple port or IP rules, it uses MuonFP-based fingerprints - subtle TCP header traits that reveal tools like Nmap, ZMap, and Masscan, along with operating system and device signatures.

More at GitHub

Deep-dive into modern network fingerprinting.

At DEF CON 2025, the ELLIO team ran a live lab on TCP and TLS fingerprinting. Participants learned how to capture packets, use tools like MuonFP, p0f, JA3/JA3n, and JA4, and turn fingerprints into firewall rules to block threats in real time. Want to see network fingerprinting in action? Check out the ELLIO IP Threat Platform and see how modern fingerprints work for you.

Explore Fingerprints with ELLIO

Agenda

Why Network Recon Matters
The role of reconnaissance in cyberattacks
Common scanning tools and patterns
Recon
Scanning
Foundations of Network Fingerprinting
p0f and early techniques
Core principles of TCP/IP fingerprinting and L7 fingerprinting
p0f
JA3
TCP/IP
L3
L4
L7
Modern Methods: MuonFP
Identification of benign traffic and scanning activity
Strengths, limitations, and practical use cases
MuonFP
Hands-On with BPF Filters
Creating custom filters to flag or drop unwanted connections
Live demos and best practices
BPF
p0f BPF compiler
TLP: Red
Masking Edge Infrastructure
Techniques to reduce visibility to public scanners
Practical steps for immediate impact
Fingerprint-based blocking
IP-based blocking
Workflow Integration
Fitting fingerprinting into SOC processes
How to stay ahead of opportunistic and targeted attacks
Fingerprint Gathering
Data Enrichment
Automation
Q&A and Open Discussion
Tailored questions based on attendees’ environments
Q&A
Sign up for the workshop
ELLIO logo

IP Threat Intelligence & Actionable defense against mass exploitation and reconnaissance.

Copyright 2024 ELLIO Technology.

Legal
Terms and ConditionsPrivacy PolicyCookie PolicyDisclaimer
Resources
Free TrialSign upBlogDocumentsMy Fingerprints
Close.

Sign up for news

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.