Join our hands-on workshops to advance your skills in threat hunting, network defense, and incident response. Gain the latest insights into the behavior driving network recon and mass scanning, their role in modern cyberattacks, and how to build an effective, real-world defense against them. Learn practical techniques to reduce risk and losses from early-stage recon and mass exploitation.

Upcoming hands-on workshops.

Ultimate IP Blocking for the mass scanning age

June 26, 2025
11AM - 1PM PDT
1PM - 3PM CDT
2PM - 4PM EDT
8PM - 10PM CEST

Learn practical techniques to strengthen your perimeter and enhance firewall defenses against illegitimate traffic, emerging threats, and zero-day attacks, especially in the critical window before patches are available. Discover how to smartly mask your network from mass scanning and apply dynamic, behavior-driven IP blocking powered by CTI, fingerprints, and automation.

Tactical Threat Hunting in the mass scanning age

July 12, 2025
11AM - 1PM PDT
1PM - 3PM CDT
2PM - 4PM EDT
8PM - 10PM CEST‍

Gain hands-on experience in detecting and disrupting threats hidden behind mass scanning and recon traffic. This workshop focuses on practical threat hunting techniques tailored to today’s high-volume, low-signal environments. Learn how to identify early-stage threat patterns, decode behavioral indicators, and correlate fingerprinting analysis to uncover stealthy adversaries. Gain skills to hunt smarter, reduce alert fatigue, and respond faster to real threats.

New TCP Fingerprint Firewall. Recon Shield.

August 6, 2025
2PM - 2:55PM PDT
Black Hat Arsenal 2025
Las Vegas
Paid registration

Learn about a new open-source tool TCP Fingerprint Firewall, a high-performance, eBPF-based network security tool that leverages TCP fingerprinting to detect and block malicious or promiscuous network scanners with high speed and accuracy. It combines the power of XDP (eXpress Data Path) for inline packet processing with MuonFP’s advanced TCP fingerprinting capabilities, allowing to identify and stop recon activities before they map your network infrastructure.

Buy ticket

Agenda

Why Network Recon Matters

The role of reconnaissance in cyberattacks

Common scanning tools and patterns

Recon

Scanning

Foundations of Network Fingerprinting

p0f and early techniques

Core principles of TCP/IP fingerprinting and L7 fingerprinting

p0f

JA3

TCP/IP

Modern Methods: MuonFP

Identification of benign traffic and scanning activity

Strengths, limitations, and practical use cases

MuonFP

Hands-On with BPF Filters

Creating custom filters to flag or drop unwanted connections

Live demos and best practices

BPF

p0f BPF compiler

TLP: Red

Masking Edge Infrastructure

Techniques to reduce visibility to public scanners

Practical steps for immediate impact

Fingerprint-based blocking

IP-based blocking

Workflow Integration

Fitting fingerprinting into SOC processes

How to stay ahead of opportunistic and targeted attacks

Fingerprint Gathering

Data Enrichment

Automation

Q&A and Open Discussion

Tailored questions based on attendees’ environments

Q&A

Past workshops.

Interactive Fingerprinting Walkthrough

June 3, 2025
Prague (The Honeynet Project Annual Workshop)

Designed for anyone ready to dive into modern network fingerprinting and learn how to turn raw data into actionable defenses. We covered JA3, JA3N, JA4, p0f, MuonFP, and various TCP/IP fingerprinting techniques. It was packed with live demos and interactive labs, so participants walked away with practical skills they could immediately apply in their own defensive workflows.

Dark side of network recon. New defense techniques.

May 1, 2025
San Francisco
‍

Register for a workshop

Advance your skills and knowledge with ELLIO experts.