Close.

Register for a workshop

Thank you! Our team will get back to you within 2 business days to confirm a workshop date and fine-tune any other details.
We kindly request a business email address. Please note that temporary or free email addresses are not accepted. Should you require assistance or wish to discuss this matter further, please contact us at partners@ellio.tech. Thank you for your cooperation.

Hand-on workshop during RSAC 2025

Dark Side of Network Recon. New Defense Techniques.

Register

Register for the hands-on workshop and level up your skills in network protection, threat hunting, and mitigating risk from network reconnaissance and mass exploitation.

Network reconnaissance remains the first step in many cyberattacks. Understanding it is key to better defense. Whether you're an intermediate analyst looking to navigate the fingerprinting landscape or an advanced defender ready to build custom filters, this workshop will equip you with practical tools and insights.

Workshop Topics

  • The role of reconnaissance in cyberattacks.
  • Identifying benign traffic vs. scanning activity.
  • Network fingerprinting (TCP/IP fingerprinting, JA4, JA4+, MuonFP).
  • Building custom eBPF filters to detect and block unwanted traffic.
  • Fitting fingerprinting into SOC processes, threat hunting.
  • Masking edge infrastructure.
  • Best practices, live demos & discussions.

In-person workshop
at RSA 2025

May 1, 2025, 9 AM - 12 PM
San Francisco
(venue details sent after registration)

Register

Virtual workshop
East Coast

May 22, 2025
9 AM -  11 AM EST
Online

Register

Virtual workshop
West Coast

May 23, 2025
9 AM - 11 AM PST
Online

Register
Workshop Guide

Hey, I’m Vlad

I’m Vlad Iliushin, co-founder of ELLIO, specializing in cyber deception, network reconnaissance, and mass exploitation. Before ELLIO, I led the Avast IoT Lab (now Gen Digital), researching IoT threats and developing security features. I’ve spoken at many events such as BSides, Security Analyst Summit, Web Summit, or SXSW, where I had the chance to showcase IoT vulnerabilities alongside Chess Champion Garry Kasparov. In addition to my work at ELLIO, I contribute to cybersecurity testing standards as President of AMTSO (Anti-Malware Testing Standards Organization).

Join our workshop and let's dive into the dark side of network reconnaissance.

Workshop Flow

Agenda

Why Network Recon Matters
The role of reconnaissance in cyberattacks
Common scanning tools and patterns
Recon
Scanning
Foundations of Network Fingerprinting
p0f and early techniques
Core principles of TCP/IP fingerprinting and L7 fingerprinting
p0f
JA3
HASSH
TCP/IP
L3
L4
L7
Modern Methods: JA4, JA4+, and MuonFP
Identification of benign traffic and scanning activity
Strengths, limitations, and practical use cases
JA4
JA4T
JA4+
MuonFP
Hands-On with eBPF Filters
Creating custom filters to flag or drop unwanted connections
Live demos and best practices
eBPF
eXpress Data Path
TLP: Red
Masking Edge Infrastructure
Techniques to reduce visibility to public scanners
Practical steps for immediate impact
DNS
Fingerprint-based blocking
IP-based blocking
Workflow Integration
Fitting fingerprinting into SOC processes
How to stay ahead of opportunistic and targeted attacks
Fingerprint Gathering
Data Enrichment
Automation
Q&A and Open Discussion
Tailored questions based on attendees’ environments
Q&A
Sign up for the workshop

Big thanks to our ELLIO User Community!

Over 15,000 users worldwide

trust ELLIO to keep them protected and informed.

Cybernoise Map

Everybody scans. We listen.

How cybersecurity experts use ELLIO in their defense mission.

Data Insight & Automation for SOC Teams

Accelerate triage by filtering out non-urgent and false positive alerts in SIEM, SOAR or TIP in real-time using ELLIO Threat Intelligence.

Learn more

Data Enrichment for Threat Hunting

Improve investigation and response to targeted attacks, making both faster and more precise with the latest, highly accurate threat data, trends, and anomalies.

Learn more

Mask network from Scanning Services

Make your perimeter invisible to scanning services used by malicious actors to locate new targets. Reduce your network footprint.

Learn more

Ultimate IP Blocking

Real-time protection against active malicious IPs at the perimeter with the largest and most dynamic IP threat feeds on the market.

Learn more

See all Use Cases.

Upgrade your actionable knowledge.
Recon Workshop coming to your town!

Register for the workshop
ELLIO logo

We help security teams focus on threats that really matter.

Partners
Partner ProgramLead registration
Company
Join ELLIO at Breakfast during RSACWorkshopsBlogEventsAbout usContact usTalk to an expert
Community
SlackDiscordX
Close.

Sign up for news

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Copyright 2024 ELLIO Technology.