Close.

Register for a workshop

Thank you! Our team will get back to you within 2 business days to confirm a workshop date and fine-tune any other details.
We kindly request a business email address. Please note that temporary or free email addresses are not accepted. Should you require assistance or wish to discuss this matter further, please contact us at partners@ellio.tech. Thank you for your cooperation.
Threat Intelligence on mass scans and exploits. Hunt, respond, eliminate it faster and targeted with ELLIO Threat Platform.

Hands-on virtual workshops

Dark Side of Network Recon. New Defense Techniques.

Register
Threat Intelligence on mass scans and exploits. Hunt, respond, eliminate it faster and targeted with ELLIO Threat Platform.

Register for the hands-on workshop and level up your skills in network protection, threat hunting, and mitigating risk from network reconnaissance and mass exploitation.

Network reconnaissance remains the first step in many cyberattacks. Understanding it is key to better defense. Whether you're an intermediate analyst looking to navigate the fingerprinting landscape or an advanced defender ready to build custom filters, this workshop will equip you with practical tools and insights.

Workshop Topics

  • The role of reconnaissance in cyberattacks.
  • Identifying benign traffic vs. scanning activity.
  • Network fingerprinting (TCP/IP fingerprinting, MuonFP).
  • Building custom BPF filters to detect and block unwanted traffic.
  • Fitting fingerprinting into SOC processes, threat hunting.
  • Masking edge infrastructure.
  • Best practices, live demos & discussions.

Virtual workshop
US East Coast + Europe
May 22, 2025

9 AM - 12 PM EDT
2 PM - 5 PM BST
3 PM - 6 PM CEST

Virtual workshop
US West Coast
May 23, 2025

9 AM - 12 PM PDT / MST
11 AM - 2 PM CDT
12 PM - 3 PM EDT

Agenda

Why Network Recon Matters
The role of reconnaissance in cyberattacks
Common scanning tools and patterns
Recon
Scanning
Foundations of Network Fingerprinting
p0f and early techniques
Core principles of TCP/IP fingerprinting and L7 fingerprinting
p0f
JA3
TCP/IP
L3
L4
L7
Modern Methods: MuonFP
Identification of benign traffic and scanning activity
Strengths, limitations, and practical use cases
MuonFP
Hands-On with BPF Filters
Creating custom filters to flag or drop unwanted connections
Live demos and best practices
BPF
p0f BPF compiler
TLP: Red
Masking Edge Infrastructure
Techniques to reduce visibility to public scanners
Practical steps for immediate impact
Fingerprint-based blocking
IP-based blocking
Workflow Integration
Fitting fingerprinting into SOC processes
How to stay ahead of opportunistic and targeted attacks
Fingerprint Gathering
Data Enrichment
Automation
Q&A and Open Discussion
Tailored questions based on attendees’ environments
Q&A

Previous workshops

In-person workshop
during RSA 2025

May 1, 2025
9 AM - 12 PM
San Francisco

Thank you for coming!