Level up your skills with our hands-on sessions.

New TCP Fingerprint Firewall. Recon Shield.

Wednesday, August 6, 2025
2:00 - 2:55 PM
Black Hat, Business Hall, Arsenal Station 3

Don’t miss the release of a new open-source defense tool: TCP Fingerprint Firewall, a high-performance, eBPF-powered shield against malicious and promiscuous scanners. It leverages XDP (eXpress Data Path) for inline packet processing and MuonFP’s advanced TCP fingerprinting to detect and block recon traffic with high speed and precision, stopping threats before they can map your network.
More details

Deep-dive into modern network fingerprinting.

Saturday, August 9, 2025
2:00 - 6:00 PM
‍DEF CON, LVCC - L2‍

Go beyond theory and get hands-on with TCP and TLS fingerprinting in a live lab. You'll capture real packets using tools like MuonFP, p0f, JA3, JA3n, and JA4; normalize JA3 to JA3n; convert MuonFP detections to p0f signatures; and compile them into BPF and iptables rules for dynamic blocking. Detect and stop mass scans from ZMap and Masscan in real time - and even forge your own fingerprints with Scapy to test your defenses.
More details

Agenda

Why Network Recon Matters

The role of reconnaissance in cyberattacks

Common scanning tools and patterns

Recon

Scanning

Foundations of Network Fingerprinting

p0f and early techniques

Core principles of TCP/IP fingerprinting and L7 fingerprinting

p0f

JA3

TCP/IP

Modern Methods: MuonFP

Identification of benign traffic and scanning activity

Strengths, limitations, and practical use cases

MuonFP

Hands-On with BPF Filters

Creating custom filters to flag or drop unwanted connections

Live demos and best practices

BPF

p0f BPF compiler

TLP: Red

Masking Edge Infrastructure

Techniques to reduce visibility to public scanners

Practical steps for immediate impact

Fingerprint-based blocking

IP-based blocking

Workflow Integration

Fitting fingerprinting into SOC processes

How to stay ahead of opportunistic and targeted attacks

Fingerprint Gathering

Data Enrichment

Automation

Q&A and Open Discussion

Tailored questions based on attendees’ environments

Q&A

Register for Hot Takes: Where Spice Meets Security

Have a free lunch or afternoon block? Join us for Hot Takes: Where Spice Meets Security - where cybersecurity gets spicy, literally. Hosted by Vlad Iliushin, Head of Cybersecurity at ELLIO, you’ll dive into bold discussions on the latest cyber trends while trying 10 different spicy sauces over a shared meal. Whether you’re into spice or cybersecurity, this is for you! Seats are limited, so sign up now!

Monday (Aug 4), 12:30 - 2 pm (near BSides LV) Register
Tuesday (Aug 5), 12:30 - 2 pm (near BSides LV) Register
Wednesday (Aug 6), 3 - 5 pm (near Black Hat) Register
Saturday (Aug 9), 7 - 9 pm (near DEF CON) Register

Our past workshops.

High-adaptive IP blocking for the mass scanning era.

June 26, 2025
Online

We discussed advanced dynamic blocking, leveraging behavior analysis, anomaly detection, threat intelligence, fingerprinting, and precise automation for efficient prevention.

Interactive fingerprinting walkthrough.

June 3, 2025
Prague (The Honeynet Project Annual Workshop)‍

Designed for anyone ready to dive into modern network fingerprinting and learn how to turn raw data into actionable defenses. We covered JA3, JA3N, JA4, p0f, MuonFP, and various TCP/IP fingerprinting techniques.

Dark side of network recon. New defense techniques.

May 1, 2025
San Srancisco

A workshop on practical techniques to enhance firewall defenses against illegitimate traffic, emerging threats, and zero-day attacks, tailored for today’s threat landscape dominated by mass scanning, and AI-driven attacks.

In Las Vegas for Black Hat, DEF CON, or BSides?