AI-driven defense is only as strong as the ground-truth data it relies on.

We believe that security automation and AI-driven defense are only as effective as the ground-truth intelligence they’re built on. ELLIO delivers foundational threat intelligence focused on the earliest phases of the attack lifecycle - reconnaissance and mass exploitation - where adversaries signal intent before impact. Our mission is simple: Reduce operational burden and security spend by disrupting threats upstream, before incidents escalate and become costly.

Our story

2022

5 JAN

Stealth Launch

Started research and analysis of the pre-attack threat landscape.

2023

30 JUN

High-signal IP Blocklist Release

Launched our flagship IP blocklist - ELLIO Threat List MAX - a large-scale, high-fidelity IP blocklist derived from observed exploitation and recon traffic in real-time.

1 OCT

Smart ELLIO Blocklist Manager

Launched a customizable platform for precise IP blocking and allowlisting, reducing false positives while maintaining strong protection.

2024

1 APR

ELLIO Exploitation and Recon Threat Intelligence Platform

Launched a unified platform for actionable defense against mass exploitation and network reconnaissance, including threat intelligence, perimeter protection, and cyber deception.

1 NOV

Advanced Network Fingerprints

Added network fingerprinting analysis to the ELLIO Intelligence Platform, giving teams faster insights and early-stage attack prevention.

15 DEC

Tripled Sensor Coverage

Expanded ELLIO Cyber Deception Network threefold, improving real-time detection and visibility across threats.

2025

1 JUN

MITRE ATT&CK® Integration

Integrated the MITRE ATT&CK® framework into the ELLIO Intelligence Platform for deeper threat analysis.

5 AUG

Open-Source TCP Fingerprint Firewall

Introduced Recon Shield, an open-source TCP fingerprint firewall, boosting protection against reconnaissance and pre-attack activity.

2026

15 JAN

Interactive Historical IP Timeline

Expanded ELLIO Intelligence with a Historical IP Timeline for deeper insights, easier filtering, and quick report exports.

AI-adaptive cyber deception.

ELLIO operates a global deception network and honeypots, giving you direct access to core threat data with unique context, free from third-party noise and data contamination. We continuously envolve cyber deception to capture authentic adversary behavior at scale.

ELLIO cybersecurity dashboard showing threat intelligence data with IP classifications, malicious activity detection, HTTP traffic analysis, fingerprint analysis heatmap, and Apache vulnerability scanners with real-time security metrics

Inspired by the legacy of the first antivirus pioneers.

ELLIO was founded by Vlad Iliushin and Jana Tom, who met at Avast, the company behind the first Windows 95 antivirus. Backed by Presto Ventures, they launched ELLIO to automate, optimize, and uncover emerging threats before they grow into incidents.

Backed by Presto Ventures.

ELLIO's Jana Tom and Vlad Iliushin

Latest improvements & insights.

Infographic showing February 2026 credential-stuffing attack on Palo Alto GlobalProtect: 8,575 unique IPs, 3 attack waves, 48-hour duration. ELLIO branding at bottom.
#CVE #Network Fingerprints
Threat/Vulnerability News

Coordinated Credential-Stuffing Campaign Targets Palo Alto GlobalProtect Portals

A coordinated credential-stuffing campaign hit GlobalProtect VPN portals with 8,575 IPs in 48 hours. Three attack waves, 78 targeted usernames, one password. Our team breaks down the timeline, infrastructure, fingerprints, and what defenders can do.

ELLIO Team
ELLIO Team ·
Line chart showing SSH brute force attack trends from Jan 12 - Feb 11, 2026, tracking unique attacking IPs per credential for usernames "root" (blue), "admin" (yellow), and "n8n" (red). Shows "n8n" surpassing "admin" as second most targeted.
Threat/Vulnerability News

"n8n" is the new "admin."

On February 10, 2026, our deception network recorded "n8n" overtaking "admin" as the #2 most brute-forced SSH username. The campaign scaled from a handful of probing IPs to hundreds of unique sources in under a week, with attackers rapidly iterating through password variants.

Vlad Iliushin
Vlad Iliushin ·
Network security timeline dashboard showing activity patterns across countries from Oct 29 to Jan 28, with color-coded threat data by geography, fingerprints, HTTP paths and user agents
Product Updates

New Historical IP Timeline is live

ELLIO Threat Intelligence Platform expands its capabilities with an interactive Historical IP Timeline, giving teams deep visibility into historical IP activity with flexible filtering and report-ready exports.

ELLIO Product Team
ELLIO Product Team ·
View all articles
Cyberpunk-style illustration of hooded figure with cat face using laptop beside futuristic car against neon blue cityscape, representing cybersecurity hacking theme
Vlad Iliushin presenting at cybersecurity workshop with audience seated in conference room, projection screen showing "WORKSHOP.ELLIO.TECH" and technical data
Collection of holographic cybersecurity-themed stickers featuring cats with text "NETSEC is DEAD", "MUST BE NICE LIVING IN THIS FANTASY", "IF YOU KNOW, YOU KNOW", "HUNT RESPOND ELIMINATE" and ELLIO branding
BSides Nashvile Lockpicking
Hack the Bay 2025
Camouflage baseball cap with blue holographic patch displaying "MuonFP" text and geometric design
Hand holding ELLIO cybersecurity materials including "Blue Ticket to the IP Verse" with threat intelligence data sheets in front of illuminated display screens
Cybersecurity presentation in modern conference room with attendees at orange chairs viewing "Dark Side of Recon" slide on large screen
DEFCON SPEAKER BADGE
ELLIO at RSAC 2025
ELLIO Technology booth at trade show with representatives demonstrating cybersecurity solutions to visitors, featuring company branding and product displays
Conference presentation in industrial venue with audience seated at tables, speaker on stage with projection screens displaying cybersecurity content
Stack of vintage CRT televisions displaying ELLIO logos in a graffiti-covered room with colorful street art on walls and security shutters
Cybersecurity-themed wall mural with "IF YOU KNOW, YOU KNOW" text and cat figure in hoodie, displaying "MASS EXPLOITATION RECONNAISSANCE" and ELLIO branding in purple/blue lighting
Jana Tom of ELLIO at DefCon 31
ELLIO Booth CZ Conference

Massive, realistic attack surface emulation.

Early-stage attack chain coverage.

High-interaction & behavioral capture.

Attribution-ready metadata.

Integrated with automated response systems.

FAQ

What is ELLIO?

ELLIO is a research lab focusing on real-time detection and analysis of mass exploitation and network reconnaissance.