Advanced Labs

Real-world scenarios combining multiple JA4+ fingerprints for threat detection, malware analysis, and network forensics. Complete the Quick Labs first.

Capturing Live Traffic with JA4H

30 minAdvanced

Set up a live traffic capture pipeline using tshark, extract JA4H fingerprints in real-time, and build an HTTP client inventory for your network.

Live capturetshark pipelinesClient inventoryBaseline building

Malware Detection with JA4+

45 minAdvanced

Analyze pcaps containing known malware families. Correlate JA4, JA4S, JA4H, and JA4X fingerprints to identify C2 beacons and lateral movement.

C2 detectionFingerprint correlationIOC extractionThreat hunting

Multi-Fingerprint Threat Hunting

40 minAdvanced

Combine all JA4+ fingerprints to build comprehensive threat profiles. Learn correlation techniques for identifying sophisticated threats.

Cross-fingerprint analysisThreat profilesBehavioral patternsAlert tuning

TCP Anomaly Detection

35 minAdvanced

Use JA4T, JA4TS, and JA4TScan together to detect port scanning, OS spoofing, and unusual TCP behavior on your network.

Scan detectionOS mismatchAnomaly scoringNetwork mapping

SSH Tunnel Investigation

30 minAdvanced

Investigate suspicious SSH sessions using JA4SSH. Detect data exfiltration, unauthorized tunneling, and compromised credentials.

Tunnel detectionExfiltration analysisSession forensicsBehavioral baselining

More labs coming soon

Advanced labs are actively being developed. Check the GitHub repository for the latest updates.