diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..67f42e7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+*.aux
+*.log
+*.nav
+*.out
+*.snm
+*.toc
+*.swp
diff --git a/docs/support_tools/ipasn_bgpanking/beamercolorthemefocus.sty b/docs/support_tools/ipasn_bgpanking/beamercolorthemefocus.sty
new file mode 100644
index 0000000..3f533df
--- /dev/null
+++ b/docs/support_tools/ipasn_bgpanking/beamercolorthemefocus.sty
@@ -0,0 +1,71 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+
+% DEFINE COLORS. ---------------------------------------------------------------
+\definecolor{main}{RGB}{64, 64, 64}
+\definecolor{background}{RGB}{239, 239, 239}
+
+\definecolor{alert}{RGB}{180, 0, 0}
+\definecolor{example}{RGB}{0, 110, 0}
+
+
+% SET COLORS. ------------------------------------------------------------------
+\setbeamercolor{normal text}{fg=textcolor, bg=background}
+\setbeamercolor{alerted text}{fg=alert}
+\setbeamercolor{example text}{fg=example}
+
+\setbeamercolor{titlelike}{fg=background, bg=main}
+\setbeamercolor{frametitle}{parent={titlelike}}
+
+\setbeamercolor{footline}{fg=background, bg=main}
+
+\setbeamercolor{block title}{bg=main!80!background, fg=background}
+\setbeamercolor{block body}{bg=main!10!background, fg=main}
+
+\setbeamercolor{block title alerted}{bg=alert, fg=background}
+\setbeamercolor{block body alerted}{bg=alert!10!background, fg=main}
+
+\setbeamercolor{block title example}{bg=example, fg=background}
+\setbeamercolor{block body example}{bg=example!10!background, fg=main}
+
+\setbeamercolor{itemize item}{fg=main}
+\setbeamercolor{itemize subitem}{fg=main}
+
+\setbeamercolor{enumerate item}{fg=main!70!black}
+\setbeamercolor{enumerate subitem}{fg=main!70!black}
+
+\setbeamercolor{description item}{fg=main!70!black}
+\setbeamercolor{description subitem}{fg=main!70!black}
+
+\setbeamercolor{caption name}{fg=textcolor}
+
+\setbeamercolor{section in toc}{fg=textcolor}
+\setbeamercolor{subsection in toc}{fg=textcolor}
+\setbeamercolor{section number projected}{bg=textcolor}
+\setbeamercolor{subsection number projected}{bg=textcolor}
+
+\setbeamercolor{bibliography item}{fg=main}
+\setbeamercolor{bibliography entry author}{fg=main!70!black}
+\setbeamercolor{bibliography entry title}{fg=main}
+\setbeamercolor{bibliography entry location}{fg=main}
+\setbeamercolor{bibliography entry note}{fg=main}
+
+\mode
diff --git a/docs/support_tools/ipasn_bgpanking/beamerfontthemefocus.sty b/docs/support_tools/ipasn_bgpanking/beamerfontthemefocus.sty
new file mode 100644
index 0000000..f324876
--- /dev/null
+++ b/docs/support_tools/ipasn_bgpanking/beamerfontthemefocus.sty
@@ -0,0 +1,47 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+
+% SET FONTS. -------------------------------------------------------------------
+\setbeamerfont{title}{size=\huge, shape=\bfseries}
+\setbeamerfont{subtitle}{size=\Large, parent=structure}
+\setbeamerfont{author}{size=\scriptsize}
+
+\setbeamerfont{institute}{size=\normalsize}
+\setbeamerfont{date}{size=\scriptsize}
+
+\setbeamerfont{sectiontitle}{size=\huge, series=\scshape\bfseries}
+\setbeamerfont{frametitle}{size=\Large, shape=\scshape}
+
+\setbeamerfont{footline}{size=\scriptsize}
+
+\setbeamerfont{focusframe}{size=\huge, shape=\scshape}
+
+\setbeamerfont{description item}{shape=\bfseries}
+
+\setbeamerfont{caption name}{shape=\bfseries}
+
+\setbeamerfont{bibliography item}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry author}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry title}{size=\small, series=\scshape\bfseries}
+\setbeamerfont{bibliography entry location}{size=\small, shape=\scshape\normalfont}
+\setbeamerfont{bibliography entry note}{size=\small, shape=\scshape\normalfont}
+
+\mode
diff --git a/docs/support_tools/ipasn_bgpanking/beamerinnerthemefocus.sty b/docs/support_tools/ipasn_bgpanking/beamerinnerthemefocus.sty
new file mode 100644
index 0000000..bccfa7a
--- /dev/null
+++ b/docs/support_tools/ipasn_bgpanking/beamerinnerthemefocus.sty
@@ -0,0 +1,117 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+\RequirePackage{tikz}
+
+
+% CUSTOMIZE STRUCTURE ELEMENTS. ------------------------------------------------
+\setbeamertemplate{blocks}[default]
+
+\setbeamertemplate{section in toc}[square]
+\setbeamertemplate{subsection in toc}[square]
+
+\setbeamertemplate{itemize items}[square]
+\setbeamertemplate{itemize subitem}[triangle]
+
+
+% STRUCTURE FRAME TEMPLATE DEFINITIONS. ----------------------------------------
+% Title page.
+\defbeamertemplate*{title page}{focus}{%
+ {\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+ \begin{tikzpicture}[overlay, remember picture]
+ \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+ \end{tikzpicture}}
+
+ \vspace{-1.65\baselineskip}
+ \begin{minipage}[b][0.35\paperheight]{\textwidth}
+ \vspace{\baselineskip}
+ \usebeamerfont{title}
+ \usebeamercolor[fg]{frametitle}
+ \inserttitle
+ \end{minipage}
+
+ \begin{minipage}[t][0.1\paperheight]{\textwidth}
+ \usebeamerfont{subtitle}
+ \usebeamercolor[fg]{frametitle}
+ \insertsubtitle
+ \end{minipage}
+
+ % Set the title graphic in a zero-height box, so that
+ % the position of other elements is not affected.
+ {\vfuzz=9999pt\vbox to 0pt {
+ \raggedleft
+ \inserttitlegraphic
+ }}
+
+
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{institute}
+ \insertinstitute
+ \end{minipage}
+
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{date}{\insertdate}
+ \end{minipage}
+
+
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{author}
+ \insertauthor
+ \end{minipage}
+
+
+ \vspace*{5\baselineskip}
+
+ \addtocounter{framenumber}{-1}
+}
+
+% Section page.
+\defbeamertemplate*{section page}{focus}{%
+ {%
+ \usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+ \begin{tikzpicture}[overlay, remember picture]
+ \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+ \end{tikzpicture}%
+ }
+
+ \vspace{-2\baselineskip}
+ \begin{minipage}[b][0.45\paperheight]{\textwidth}
+ \usebeamerfont{sectiontitle}
+ \usebeamercolor[fg]{frametitle}
+ \let\hyperlink\@secondoftwo\insertsection
+ \end{minipage}
+
+ \begin{minipage}[t][0.55\paperheight]{\textwidth}
+ \end{minipage}
+}
+
+\AtBeginSection{%
+ \begin{frame}[plain, noframenumbering]{}
+ \sectionpage
+ \end{frame}%
+}
+
+\mode
diff --git a/docs/support_tools/ipasn_bgpanking/beamerouterthemefocus.sty b/docs/support_tools/ipasn_bgpanking/beamerouterthemefocus.sty
new file mode 100644
index 0000000..3f05f33
--- /dev/null
+++ b/docs/support_tools/ipasn_bgpanking/beamerouterthemefocus.sty
@@ -0,0 +1,255 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+\RequirePackage{appendixnumberbeamer}% Don't number appendix frames.
+\RequirePackage{etoolbox}% \BeforeBeginEnvironment
+\RequirePackage{tikz}
+
+
+% FRAMETITLE TEMPLATES. --------------------------------------------------------
+\defbeamertemplate*{frametitle}{focus}{%
+ % If not title page.
+ \ifnum\value{framenumber}>0%
+ \vspace{-1pt}%
+ \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm]{frametitle}%
+ \strut\insertframetitle\strut%
+ \end{beamercolorbox}%
+ \fi%
+}
+
+% Plain header.
+\defbeamertemplate{frametitle}{plain}{%
+ % If not title page.
+ \ifnum\value{framenumber}>0%
+ \vspace{-1pt}%
+ \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm,ignorebg]{frametitle}%
+ \strut%
+ \end{beamercolorbox}%
+ \fi%
+}
+
+
+% FOOTLINE TEMPLATES. ----------------------------------------------------------
+% Lenghts for the progress bar footline.
+\newlength{\focus@pbar@height}% Progress bar height.
+\newlength{\focus@pbar@leftoffset}
+\newlength{\focus@pbar@rightoffset}
+
+\defbeamertemplate*{footline}{progressbar}{%
+ % If not appendix.
+ \ifnum\mainend<0% From package appendixnumberbeamer.
+ %
+ \settowidth{\focus@pbar@leftoffset}{1}%
+ \addtolength{\focus@pbar@leftoffset}{1.5em}%
+ %
+ \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+ \addtolength{\focus@pbar@rightoffset}{1.5em}%
+ %
+ % If not title page.
+ \ifnum\c@framenumber>0%
+ \ifnum\c@framenumber<\inserttotalframenumber%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]\usebeamerfont{footline}
+ \pgfmathsetmacro{\focus@pbar@progress}%
+ {(\paperwidth-\focus@pbar@leftoffset-\focus@pbar@rightoffset)*(\insertframenumber/\inserttotalframenumber)}
+
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\the\focus@pbar@leftoffset,\the\focus@pbar@height);
+
+ \fill[footline.bg] (\the\focus@pbar@leftoffset,0) rectangle ++(\focus@pbar@progress pt,\the\focus@pbar@height)
+ ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=east, text=footline.fg] {\strut\insertframenumber};
+
+ \fill[footline.bg] (\paperwidth,0) rectangle ++(-\the\focus@pbar@rightoffset,\the\focus@pbar@height)
+ ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=west, text=footline.fg] {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \else%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+
+ \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+ \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+ \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \fi%
+ \fi%
+ \fi%
+}
+
+% Full bar footline.
+\defbeamertemplate{footline}{fullbar}{%
+ % If not appendix.
+ \ifnum\mainend<0% From package appendixnumberbeamer.
+ %
+ \settowidth{\focus@pbar@leftoffset}{1}%
+ \addtolength{\focus@pbar@leftoffset}{1.5em}%
+ %
+ \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+ \addtolength{\focus@pbar@rightoffset}{1.5em}%
+ %
+ % If not title page.
+ \ifnum\c@framenumber>0%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+
+ \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+ \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+ \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \fi%
+ \fi%
+}
+
+% Empty footline.
+\defbeamertemplate{footline}{none}{}
+
+\DeclareOptionBeamer{numbering}{\def\beamer@focus@numbering{#1}}
+\ExecuteOptionsBeamer{numbering=progressbar}
+\ProcessOptionsBeamer
+
+\def\beamer@focus@numberingprogressbar{progressbar}
+\def\beamer@focus@numberingfullbar{fullbar}
+\def\beamer@focus@numberingnone{none}
+
+
+% BACKGROUND CANVAS TEMPLATES. -------------------------------------------------
+\defbeamertemplate*{background canvas}{focus}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusplain}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusframe}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[frametitle.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+
+% HOOKS FOR CREATING FRAMES. ---------------------------------------------------
+\BeforeBeginEnvironment{frame}{%
+ \setbeamertemplate{background canvas}[focus]%
+ \setbeamertemplate{frametitle}[focus]%
+ %
+ % Reset footline height and determine it for the current slide.
+ \setlength{\focus@pbar@height}{0cm}%
+ \focus@calculatefootheight%
+ %
+ % If not appendix.
+ \ifnum\mainend<0 % From package appendixnumberbeamer.
+ \settoheight{\focus@pbar@height}{\usebeamerfont{footline}1234567890/}%
+ \addtolength{\focus@pbar@height}{6pt}%
+ %
+ \ifx\beamer@focus@numbering\beamer@focus@numberingprogressbar%
+ \setbeamertemplate{footline}[progressbar]%
+ \else%
+ \ifx\beamer@focus@numbering\beamer@focus@numberingfullbar%
+ \setbeamertemplate{footline}[fullbar]%
+ \fi%
+ \fi%
+ %
+ \focus@calculatefootheight%
+ \fi%
+}
+
+% Enable noframenumbering option.
+\define@key{beamerframe}{noframenumbering}[true]{%
+ \setbeamertemplate{footline}[none]%
+ \setlength{\focus@pbar@height}{0cm}%
+ \focus@calculatefootheight%
+ %
+ \addtocounter{framenumber}{-1}%
+}
+
+
+% Enable plain option.
+\define@key{beamerframe}{plain}[true]{%
+ \setbeamertemplate{background canvas}[focusplain]%
+ \setbeamertemplate{frametitle}[plain]%
+ %
+ \setbeamertemplate{footline}[none]%
+}
+
+
+% Full vertical centering
+% (from https://tex.stackexchange.com/questions/247826/beamer-full-vertical-centering).
+\define@key{beamerframe}{c}[true]{%
+ \beamer@frametopskip=0pt plus 1fill\relax%
+ \beamer@framebottomskip=0pt plus 1fill\relax%
+ \beamer@frametopskipautobreak=0pt plus 0.4\paperheight\relax%
+ \beamer@framebottomskipautobreak=0pt plus 0.6\paperheight\relax%
+ \def\beamer@initfirstlineunskip{}%
+}
+
+
+% Enable focus option.
+\providebool{focus@standout}
+\define@key{beamerframe}{focus}[true]{%
+ \booltrue{focus@standout}%
+ \begingroup%
+ \setkeys{beamerframe}{noframenumbering}%
+ \setbeamertemplate{background canvas}[focusframe]%
+ \setbeamertemplate{frametitle}[plain]%
+ %
+ \setkeys{beamerframe}{c}%
+ \centering%
+ \usebeamerfont{focusframe}%
+ \usebeamercolor[fg]{frametitle}%
+}
+
+\apptocmd{\beamer@reseteecodes}
+{%
+ \ifbool{focus@standout}%
+ {%
+ \endgroup%
+ \boolfalse{focus@standout}%
+ }{}%
+}{}{}
+
+
+% Recalculate the footline's size and refresh other parameters.
+% Partially copied from the definition of \beamer@calculateheadfoot.
+\def\focus@calculatefootheight{%
+ \footheight=\focus@pbar@height%
+ \advance\footheight by 4pt%
+ \sidebarheight=\paperheight%
+ \advance\sidebarheight by-\headheight%
+ \advance\sidebarheight by\headdp%
+ \advance\sidebarheight by-\footheight%
+ \advance\sidebarheight by 4pt%
+ \footskip=\footheight%
+ \textheight=\paperheight%
+ \advance\textheight by-\footheight%
+ \advance\textheight by-\headheight%
+ \@colht\textheight%
+ \@colroom\textheight%
+ \vsize\textheight%
+}
+
+\mode
diff --git a/docs/support_tools/ipasn_bgpanking/beamerthemefocus.sty b/docs/support_tools/ipasn_bgpanking/beamerthemefocus.sty
new file mode 100644
index 0000000..f37394d
--- /dev/null
+++ b/docs/support_tools/ipasn_bgpanking/beamerthemefocus.sty
@@ -0,0 +1,60 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\NeedsTeXFormat{LaTeX2e}
+\ProvidesPackage{beamerthemefocus}[2018/08/09 v2.2 Focus Beamer theme]
+
+\mode
+
+
+% THEME OPTIONS. ---------------------------------------------------------------
+\DeclareOptionBeamer{numbering}{%
+ \PassOptionsToPackage{numbering=#1}{beamerouterthemefocus}
+}
+
+\newif\if@focus@loadfirafonts
+\@focus@loadfirafontstrue
+
+\DeclareOptionBeamer{nofirafonts}{\@focus@loadfirafontsfalse}
+\ProcessOptionsBeamer
+
+
+% LOAD EXTERNAL PACKAGES. ------------------------------------------------------
+\if@focus@loadfirafonts
+ \RequirePackage[T1]{fontenc}
+
+ \PassOptionsToPackage{type1}{FiraSans}
+ \PassOptionsToPackage{type1}{FiraMono}
+
+ \RequirePackage{FiraSans}
+ \RequirePackage{FiraMono}
+\fi
+
+\usecolortheme{focus}
+\usefonttheme{focus}
+\useinnertheme{focus}
+\useoutertheme{focus}
+
+\setbeamertemplate{navigation symbols}{}
+
+
+% SET MARGINS. -----------------------------------------------------------------
+\setbeamersize{text margin left=0.75cm, text margin right=0.75cm}
+\setlength{\leftmargini}{0.75cm}
+
+\mode
diff --git a/docs/support_tools/ipasn_bgpanking/d4-logo.pdf b/docs/support_tools/ipasn_bgpanking/d4-logo.pdf
new file mode 100644
index 0000000..f6cfdbf
Binary files /dev/null and b/docs/support_tools/ipasn_bgpanking/d4-logo.pdf differ
diff --git a/docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.pdf b/docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.pdf
new file mode 100644
index 0000000..af68d84
Binary files /dev/null and b/docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.pdf differ
diff --git a/docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.tex b/docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.tex
new file mode 100644
index 0000000..e88da4a
--- /dev/null
+++ b/docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.tex
@@ -0,0 +1,138 @@
+% Full instructions available at:
+% https://github.com/elauksap/focus-beamertheme
+
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\usepackage{tikz}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+\usepackage{transparent}
+\usepackage{fancyvrb}
+\usepackage{listings}
+\usepackage[utf8]{inputenc}
+\definecolor{main}{RGB}{47, 161, 219}
+%\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+\definecolor{textcolor}{RGB}{85, 87, 83}
+\title{D4 Project}
+\subtitle{IPASN History and BGPRanking}
+\author{Raphaƫl Vinot}
+\titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}}
+\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
+\date{20190328}
+
+\begin{document}
+ \begin{frame}
+ \maketitle
+ \end{frame}
+
+\begin{frame}
+ \frametitle{IPASN History - Problem statement}
+ \begin{itemize}
+ \item Rapidly figuring out the owner of a specific IP address is a common problem
+ \item Resolving that relationship for a massive amount of IP addresses at scale is a medium hard problem
+ \item Doing so for a specific day in the past is somewhat more difficult
+ \item Comparing the resolution across sources is pretty painful
+ \item Doing all that together is pretty much a pain
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{IPASN History - Objective}
+ \begin{itemize}
+ \item Fast, scalable, flexible framework to load multiple data sources of BGP announcements
+ \item Flexible configuration of the size of the history to keep in memory
+ \item Fire and forget model
+ \item Simple REST API
+ \item Even simpler Python client and API
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{IPASN History - (short) History}
+ \begin{itemize}
+ \item D4 Project (co-funded under INEA CEF EU program) started - 1st November 2018
+ \item A PoC of IPASN History was initially developed in 2012-2013 and only supported IPv4
+ \item Was used in production for BGP Ranking over many years
+ \item The current version was released initially in November 2018 after a complete rewrite
+ \item The support of multiple data source was added in March 2019
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{IPASN History - Current status}
+ \begin{itemize}
+ \item Supports Caida and RIPE as data sources
+ \item Supports requests for IPv4 and IPv6
+ \item Python3 module
+ \item Simple REST API
+ \item Used in production in the new version of BGP Ranking
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{BGP Ranking - Problem statement}
+ \begin{itemize}
+ \item There are 10th of thousands of actors on the internet owning IP Addresses
+ \item Many of them own a very small amount of IP addresses (/24)
+ \item They change name, purposes and owner relatively often
+ \item Their security practises are poor, if they ever exist
+ \item They are plain malicious and have no legitimate purpose
+ \item One way to find these malicious providers is to map them to lists of known malicious IPs
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{BGP Ranking - Objective}
+ \begin{itemize}
+ \item Daily ranking of internet providers by maliciousness
+ \item History of said rankings over a long period of time
+ \item Fire and forget model
+ \item Simple REST API
+ \item Even simpler Python client and API
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{BGP Ranking - (short) History}
+ \begin{itemize}
+ \item D4 Project (co-funded under INEA CEF EU program) started - 1st November 2018
+ \item A PoC of BGP Ranking was initially developed in the early 2010s and only supported IPv4
+ \item The current version was released initially in November 2018 after a complete rewrite
+ \item The integration with IPASN HIstory was finalized in February 2019
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{IPASN History - Current status}
+ \begin{itemize}
+ \item The public instance automatically loads a couple dozen of publicly available lists of known malicious IPs
+ \item Supports the ShadowServer data (requires an account from Shadow Server)
+ \item Supports IPv4 and IPv6 lists
+ \item Python3 module
+ \item Simple REST API
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{IPASN History \& BGP Ranking}
+ \begin{itemize}
+ \item IPASN History source code: \url{https://github.com/D4-project/IPASN-History}
+ \item IPASN History Query interface over BGP Ranking: \url{https://bgpranking-ng.circl.lu/ipasn}
+ \item BGP Ranking source code: \url{https://github.com/D4-project/BGP-Ranking}
+ \item BGP Ranking interface: \url{https://bgpranking-ng.circl.lu/}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Get in touch if you want to join the project, host a sensor or contribute}
+\begin{itemize}
+\item Collaboration can include research partnership, sharing of collected streams or improving the software.
+\item Contact: info@circl.lu
+\item \url{https://github.com/D4-Project} - \url{https://twitter.com/d4_project}
+\end{itemize}
+\end{frame}
+
+\end{document}
diff --git a/docs/workshop/0-introduction/d4-introduction.tex b/docs/workshop/0-introduction/d4-introduction.tex
index cd442a0..a803c00 100644
--- a/docs/workshop/0-introduction/d4-introduction.tex
+++ b/docs/workshop/0-introduction/d4-introduction.tex
@@ -63,7 +63,7 @@
\begin{frame}
\frametitle{D4 Overview}
- \includegraphics[scale=0.38]{d4-overview.pdf}
+ \includegraphics[scale=0.38]{../../diagram/d4-overview.png}
\end{frame}
\begin{frame}
@@ -175,7 +175,7 @@ After the stream is processed depending of the type using dedicated worker.
\begin{frame}
\frametitle{D4 server - type 254 worker handler}
\begin{itemize}
- \item Worker 2
+ \item Worker custom type (called Worker 2)
\begin{itemize}
\item Get type 2 data from a stream
\item Reconstruct Json
@@ -189,6 +189,11 @@ After the stream is processed depending of the type using dedicated worker.
\end{itemize}
\end{frame}
+\begin{frame}
+ \frametitle{D4 server - type 254 - implementation}
+ \includegraphics[scale=0.3]{d4-worker-2.png}
+\end{frame}
+
\begin{frame}
\frametitle{D4 server - management interface}
The D4 server provides a web interface to manage D4 sensors, sessions and analyzer.
diff --git a/docs/workshop/0-introduction/d4-worker-2.png b/docs/workshop/0-introduction/d4-worker-2.png
new file mode 100644
index 0000000..3ca0410
Binary files /dev/null and b/docs/workshop/0-introduction/d4-worker-2.png differ
diff --git a/docs/workshop/2-passive-ssl/d4-passivessl.tex b/docs/workshop/2-passive-ssl/d4-passivessl.tex
index 9e16c22..96fe89d 100644
--- a/docs/workshop/2-passive-ssl/d4-passivessl.tex
+++ b/docs/workshop/2-passive-ssl/d4-passivessl.tex
@@ -9,6 +9,7 @@
\usepackage{transparent}
\usepackage{fancyvrb}
\usepackage{listings}
+\usepackage{csquotes}
\definecolor{main}{RGB}{47, 161, 219}
%\definecolor{textcolor}{RGB}{128, 128, 128}
\definecolor{background}{RGB}{240, 247, 255}
@@ -36,11 +37,12 @@
\frametitle{A passive SSL fingerprinter}
CSIRT's rationale for collecting TLS handshakes:
\begin{itemize}
- \item Pivot on additional data points
- \item Find owners of IP addresses
- \item Detect usage of CIDR blocks
- \item Detect vulnerable systems
- \item Detect compromised services
+ \item pivot on additional data points,
+ \item find owners of IP addresses,
+ \item detect usage of CIDR blocks,
+ \item detect vulnerable systems,
+ \item detect compromised services,
+ \item detect Key material reuse.
\end{itemize}
\end{frame}
@@ -49,21 +51,26 @@
History of links between:
\begin{itemize}
- \item x509 certificates (And therefore their fields)
- \item Ports
- \item IP address
- \item Client (ja3)
- \item Server (ja3s)
+ \item x509 certificates (And therefore their fields),
+ \item ports,
+ \item IP address,
+ \item client (ja3),
+ \item server (ja3s),
\end{itemize}
+ \begin{displayquote}
+ ``JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.''\footnote{https://github.com/salesforce/ja3}
+ \end{displayquote}
\end{frame}
\begin{frame}
\frametitle{Problem statement}
\begin{itemize}
- \item CIRCL already offers a similar service based on SSLDump
- \item SSLDump needs some love - maintaining it is hard
- \item Alternatives do not span the entire TLS Handshake (Salesforce's ja3)
- \item TCP reassembly is not an easy problem to solve (Cloudfare uses tshark)
+ \item CIRCL already offers a similar service based on SSLDump\footnote{https://www.circl.lu/services/passive-ssl/},
+ \item SSLDump needs some love - maintaining it is hard,
+ \item SSLDump needs some love - extending it even harder,
+ \item nlternatives do not span the entire TLS Handshake (Salesforce's
+ ja3\footnote{https://github.com/salesforce/ja3}),
+ \item TCP reassembly is not an easy problem to solve (Cloudfare's uses tshark\footnote{https://github.com/cloudflare/mitmengine}),
\end{itemize}
\end{frame}
@@ -71,15 +78,15 @@
\frametitle{sensor-d4-tls-fingerprinting}
Main features:
\begin{itemize}
- \item Take over SSLDump's duty
+ \item take over SSLDump's duty,
\item written in Golang
- \item uses Go packet for tcp reassembly and spans whole handshake
+ \item uses Go packet for tcp reassembly and spans whole TLS handshake
\item ja3, ja3s, certificates, ip src / dst, port src / dst, TLSH
\end{itemize}
Current caveats:
\begin{itemize}
\item Support for TLS 1.3 pending
- \item Reassembly requires RAM
+ \item Reassembly consumes a lot of RAM
\end{itemize}
\end{frame}
@@ -106,7 +113,7 @@
\end{frame}
\begin{frame}
- \frametitle{sensor-d4-tls-fingerprinting - collectoin}
+ \frametitle{sensor-d4-tls-fingerprinting - collection}
\input{d4-tlsf.tex}
@@ -131,17 +138,55 @@ Depends on libpcap.
\end{frame}
-\begin{frame}
+\begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 client}
- \input{pipe.tex}
- \vspace{.8cm}
- D4 server requires a meta-header in order to accept this data:
+ Required setting:
+ \begin{itemize}
+ \item type should be set to 2 or 254
+ \item metaheader.json should state type: ja3-jl
+ \end{itemize}
\input{metaheader.json}
+ \vspace{.5cm}
+ \input{pipe.tex}
+ In the present setting the sensor will:
+ \begin{itemize}
+ \item describe every TLS Sessions,
+ \item marshal this description in JSON format
+ \item ship this description to D4 server
+ \end{itemize}
\end{frame}
-\begin{frame}
+\begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 worker}
\input{worker.tex}
+ \begin{itemize}
+ \item processes each reassembled JSON description,
+ \item extracts x509 certificates and write to disk,
+ \item writes JSON description to disk,
+ \item push the files paths to the analyzer.
+ \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{sensor-d4-tls-fingerprinting - d4 analyzer}
+ (Proof of Concept)
+ \begin{itemize}
+ \item LPOP a redis list populated by the worker
+ \item dumbly push JSON description into a postgres database
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}[fragile]
+ \frametitle{sensor-d4-tls-fingerprinting - d4 passivessl API}
+ (Proof of Concept)
+
+ Exposes a REST API to query the collected data:
+ \begin{itemize}
+ \item /index : returns, the full DB :)
+ \item /ja3/ : returns, all TLS sessions with a given JA3 Signature
+ \item /ja3s/ : returns, all TLS sessions with a given JA3S Signature
+ \end{itemize}
\end{frame}
diff --git a/docs/workshop/2-passive-ssl/pipe.tex b/docs/workshop/2-passive-ssl/pipe.tex
index 8b28217..ed8c8b8 100644
--- a/docs/workshop/2-passive-ssl/pipe.tex
+++ b/docs/workshop/2-passive-ssl/pipe.tex
@@ -1,3 +1,3 @@
\begin{lstlisting}
-./d4-tlsf-amd64 ... | ./d4-amd64 -c conf.folder
+./d4-tlsf-amd64 -i eth0 | ./d4-amd64 -c conf.crq
\end{lstlisting}
\ No newline at end of file
diff --git a/docs/workshop/2-passive-ssl/worker.tex b/docs/workshop/2-passive-ssl/worker.tex
new file mode 100644
index 0000000..8d74b39
--- /dev/null
+++ b/docs/workshop/2-passive-ssl/worker.tex
@@ -0,0 +1,11 @@
+\begin{lstlisting}
+ def __init__(self, uuid, json_file):
+ super().__init__(uuid, json_file)
+ self.set_rotate_file_mode(False)
+
+ def process_data(self, data):
+ self.reconstruct_data(data)
+
+ def handle_reconstructed_data(self, data):
+ ...
+\end{lstlisting}
\ No newline at end of file
diff --git a/docs/workshop/4-passive-dns/beamercolorthemefocus.sty b/docs/workshop/4-passive-dns/beamercolorthemefocus.sty
new file mode 100644
index 0000000..3f533df
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamercolorthemefocus.sty
@@ -0,0 +1,71 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+
+% DEFINE COLORS. ---------------------------------------------------------------
+\definecolor{main}{RGB}{64, 64, 64}
+\definecolor{background}{RGB}{239, 239, 239}
+
+\definecolor{alert}{RGB}{180, 0, 0}
+\definecolor{example}{RGB}{0, 110, 0}
+
+
+% SET COLORS. ------------------------------------------------------------------
+\setbeamercolor{normal text}{fg=textcolor, bg=background}
+\setbeamercolor{alerted text}{fg=alert}
+\setbeamercolor{example text}{fg=example}
+
+\setbeamercolor{titlelike}{fg=background, bg=main}
+\setbeamercolor{frametitle}{parent={titlelike}}
+
+\setbeamercolor{footline}{fg=background, bg=main}
+
+\setbeamercolor{block title}{bg=main!80!background, fg=background}
+\setbeamercolor{block body}{bg=main!10!background, fg=main}
+
+\setbeamercolor{block title alerted}{bg=alert, fg=background}
+\setbeamercolor{block body alerted}{bg=alert!10!background, fg=main}
+
+\setbeamercolor{block title example}{bg=example, fg=background}
+\setbeamercolor{block body example}{bg=example!10!background, fg=main}
+
+\setbeamercolor{itemize item}{fg=main}
+\setbeamercolor{itemize subitem}{fg=main}
+
+\setbeamercolor{enumerate item}{fg=main!70!black}
+\setbeamercolor{enumerate subitem}{fg=main!70!black}
+
+\setbeamercolor{description item}{fg=main!70!black}
+\setbeamercolor{description subitem}{fg=main!70!black}
+
+\setbeamercolor{caption name}{fg=textcolor}
+
+\setbeamercolor{section in toc}{fg=textcolor}
+\setbeamercolor{subsection in toc}{fg=textcolor}
+\setbeamercolor{section number projected}{bg=textcolor}
+\setbeamercolor{subsection number projected}{bg=textcolor}
+
+\setbeamercolor{bibliography item}{fg=main}
+\setbeamercolor{bibliography entry author}{fg=main!70!black}
+\setbeamercolor{bibliography entry title}{fg=main}
+\setbeamercolor{bibliography entry location}{fg=main}
+\setbeamercolor{bibliography entry note}{fg=main}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerfontthemefocus.sty b/docs/workshop/4-passive-dns/beamerfontthemefocus.sty
new file mode 100644
index 0000000..f324876
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerfontthemefocus.sty
@@ -0,0 +1,47 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+
+% SET FONTS. -------------------------------------------------------------------
+\setbeamerfont{title}{size=\huge, shape=\bfseries}
+\setbeamerfont{subtitle}{size=\Large, parent=structure}
+\setbeamerfont{author}{size=\scriptsize}
+
+\setbeamerfont{institute}{size=\normalsize}
+\setbeamerfont{date}{size=\scriptsize}
+
+\setbeamerfont{sectiontitle}{size=\huge, series=\scshape\bfseries}
+\setbeamerfont{frametitle}{size=\Large, shape=\scshape}
+
+\setbeamerfont{footline}{size=\scriptsize}
+
+\setbeamerfont{focusframe}{size=\huge, shape=\scshape}
+
+\setbeamerfont{description item}{shape=\bfseries}
+
+\setbeamerfont{caption name}{shape=\bfseries}
+
+\setbeamerfont{bibliography item}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry author}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry title}{size=\small, series=\scshape\bfseries}
+\setbeamerfont{bibliography entry location}{size=\small, shape=\scshape\normalfont}
+\setbeamerfont{bibliography entry note}{size=\small, shape=\scshape\normalfont}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerinnerthemefocus.sty b/docs/workshop/4-passive-dns/beamerinnerthemefocus.sty
new file mode 100644
index 0000000..bccfa7a
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerinnerthemefocus.sty
@@ -0,0 +1,117 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+\RequirePackage{tikz}
+
+
+% CUSTOMIZE STRUCTURE ELEMENTS. ------------------------------------------------
+\setbeamertemplate{blocks}[default]
+
+\setbeamertemplate{section in toc}[square]
+\setbeamertemplate{subsection in toc}[square]
+
+\setbeamertemplate{itemize items}[square]
+\setbeamertemplate{itemize subitem}[triangle]
+
+
+% STRUCTURE FRAME TEMPLATE DEFINITIONS. ----------------------------------------
+% Title page.
+\defbeamertemplate*{title page}{focus}{%
+ {\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+ \begin{tikzpicture}[overlay, remember picture]
+ \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+ \end{tikzpicture}}
+
+ \vspace{-1.65\baselineskip}
+ \begin{minipage}[b][0.35\paperheight]{\textwidth}
+ \vspace{\baselineskip}
+ \usebeamerfont{title}
+ \usebeamercolor[fg]{frametitle}
+ \inserttitle
+ \end{minipage}
+
+ \begin{minipage}[t][0.1\paperheight]{\textwidth}
+ \usebeamerfont{subtitle}
+ \usebeamercolor[fg]{frametitle}
+ \insertsubtitle
+ \end{minipage}
+
+ % Set the title graphic in a zero-height box, so that
+ % the position of other elements is not affected.
+ {\vfuzz=9999pt\vbox to 0pt {
+ \raggedleft
+ \inserttitlegraphic
+ }}
+
+
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{institute}
+ \insertinstitute
+ \end{minipage}
+
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{date}{\insertdate}
+ \end{minipage}
+
+
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{author}
+ \insertauthor
+ \end{minipage}
+
+
+ \vspace*{5\baselineskip}
+
+ \addtocounter{framenumber}{-1}
+}
+
+% Section page.
+\defbeamertemplate*{section page}{focus}{%
+ {%
+ \usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+ \begin{tikzpicture}[overlay, remember picture]
+ \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+ \end{tikzpicture}%
+ }
+
+ \vspace{-2\baselineskip}
+ \begin{minipage}[b][0.45\paperheight]{\textwidth}
+ \usebeamerfont{sectiontitle}
+ \usebeamercolor[fg]{frametitle}
+ \let\hyperlink\@secondoftwo\insertsection
+ \end{minipage}
+
+ \begin{minipage}[t][0.55\paperheight]{\textwidth}
+ \end{minipage}
+}
+
+\AtBeginSection{%
+ \begin{frame}[plain, noframenumbering]{}
+ \sectionpage
+ \end{frame}%
+}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerouterthemefocus.sty b/docs/workshop/4-passive-dns/beamerouterthemefocus.sty
new file mode 100644
index 0000000..3f05f33
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerouterthemefocus.sty
@@ -0,0 +1,255 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+\RequirePackage{appendixnumberbeamer}% Don't number appendix frames.
+\RequirePackage{etoolbox}% \BeforeBeginEnvironment
+\RequirePackage{tikz}
+
+
+% FRAMETITLE TEMPLATES. --------------------------------------------------------
+\defbeamertemplate*{frametitle}{focus}{%
+ % If not title page.
+ \ifnum\value{framenumber}>0%
+ \vspace{-1pt}%
+ \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm]{frametitle}%
+ \strut\insertframetitle\strut%
+ \end{beamercolorbox}%
+ \fi%
+}
+
+% Plain header.
+\defbeamertemplate{frametitle}{plain}{%
+ % If not title page.
+ \ifnum\value{framenumber}>0%
+ \vspace{-1pt}%
+ \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm,ignorebg]{frametitle}%
+ \strut%
+ \end{beamercolorbox}%
+ \fi%
+}
+
+
+% FOOTLINE TEMPLATES. ----------------------------------------------------------
+% Lenghts for the progress bar footline.
+\newlength{\focus@pbar@height}% Progress bar height.
+\newlength{\focus@pbar@leftoffset}
+\newlength{\focus@pbar@rightoffset}
+
+\defbeamertemplate*{footline}{progressbar}{%
+ % If not appendix.
+ \ifnum\mainend<0% From package appendixnumberbeamer.
+ %
+ \settowidth{\focus@pbar@leftoffset}{1}%
+ \addtolength{\focus@pbar@leftoffset}{1.5em}%
+ %
+ \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+ \addtolength{\focus@pbar@rightoffset}{1.5em}%
+ %
+ % If not title page.
+ \ifnum\c@framenumber>0%
+ \ifnum\c@framenumber<\inserttotalframenumber%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]\usebeamerfont{footline}
+ \pgfmathsetmacro{\focus@pbar@progress}%
+ {(\paperwidth-\focus@pbar@leftoffset-\focus@pbar@rightoffset)*(\insertframenumber/\inserttotalframenumber)}
+
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\the\focus@pbar@leftoffset,\the\focus@pbar@height);
+
+ \fill[footline.bg] (\the\focus@pbar@leftoffset,0) rectangle ++(\focus@pbar@progress pt,\the\focus@pbar@height)
+ ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=east, text=footline.fg] {\strut\insertframenumber};
+
+ \fill[footline.bg] (\paperwidth,0) rectangle ++(-\the\focus@pbar@rightoffset,\the\focus@pbar@height)
+ ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=west, text=footline.fg] {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \else%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+
+ \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+ \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+ \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \fi%
+ \fi%
+ \fi%
+}
+
+% Full bar footline.
+\defbeamertemplate{footline}{fullbar}{%
+ % If not appendix.
+ \ifnum\mainend<0% From package appendixnumberbeamer.
+ %
+ \settowidth{\focus@pbar@leftoffset}{1}%
+ \addtolength{\focus@pbar@leftoffset}{1.5em}%
+ %
+ \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+ \addtolength{\focus@pbar@rightoffset}{1.5em}%
+ %
+ % If not title page.
+ \ifnum\c@framenumber>0%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+
+ \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+ \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+ \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \fi%
+ \fi%
+}
+
+% Empty footline.
+\defbeamertemplate{footline}{none}{}
+
+\DeclareOptionBeamer{numbering}{\def\beamer@focus@numbering{#1}}
+\ExecuteOptionsBeamer{numbering=progressbar}
+\ProcessOptionsBeamer
+
+\def\beamer@focus@numberingprogressbar{progressbar}
+\def\beamer@focus@numberingfullbar{fullbar}
+\def\beamer@focus@numberingnone{none}
+
+
+% BACKGROUND CANVAS TEMPLATES. -------------------------------------------------
+\defbeamertemplate*{background canvas}{focus}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusplain}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusframe}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[frametitle.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+
+% HOOKS FOR CREATING FRAMES. ---------------------------------------------------
+\BeforeBeginEnvironment{frame}{%
+ \setbeamertemplate{background canvas}[focus]%
+ \setbeamertemplate{frametitle}[focus]%
+ %
+ % Reset footline height and determine it for the current slide.
+ \setlength{\focus@pbar@height}{0cm}%
+ \focus@calculatefootheight%
+ %
+ % If not appendix.
+ \ifnum\mainend<0 % From package appendixnumberbeamer.
+ \settoheight{\focus@pbar@height}{\usebeamerfont{footline}1234567890/}%
+ \addtolength{\focus@pbar@height}{6pt}%
+ %
+ \ifx\beamer@focus@numbering\beamer@focus@numberingprogressbar%
+ \setbeamertemplate{footline}[progressbar]%
+ \else%
+ \ifx\beamer@focus@numbering\beamer@focus@numberingfullbar%
+ \setbeamertemplate{footline}[fullbar]%
+ \fi%
+ \fi%
+ %
+ \focus@calculatefootheight%
+ \fi%
+}
+
+% Enable noframenumbering option.
+\define@key{beamerframe}{noframenumbering}[true]{%
+ \setbeamertemplate{footline}[none]%
+ \setlength{\focus@pbar@height}{0cm}%
+ \focus@calculatefootheight%
+ %
+ \addtocounter{framenumber}{-1}%
+}
+
+
+% Enable plain option.
+\define@key{beamerframe}{plain}[true]{%
+ \setbeamertemplate{background canvas}[focusplain]%
+ \setbeamertemplate{frametitle}[plain]%
+ %
+ \setbeamertemplate{footline}[none]%
+}
+
+
+% Full vertical centering
+% (from https://tex.stackexchange.com/questions/247826/beamer-full-vertical-centering).
+\define@key{beamerframe}{c}[true]{%
+ \beamer@frametopskip=0pt plus 1fill\relax%
+ \beamer@framebottomskip=0pt plus 1fill\relax%
+ \beamer@frametopskipautobreak=0pt plus 0.4\paperheight\relax%
+ \beamer@framebottomskipautobreak=0pt plus 0.6\paperheight\relax%
+ \def\beamer@initfirstlineunskip{}%
+}
+
+
+% Enable focus option.
+\providebool{focus@standout}
+\define@key{beamerframe}{focus}[true]{%
+ \booltrue{focus@standout}%
+ \begingroup%
+ \setkeys{beamerframe}{noframenumbering}%
+ \setbeamertemplate{background canvas}[focusframe]%
+ \setbeamertemplate{frametitle}[plain]%
+ %
+ \setkeys{beamerframe}{c}%
+ \centering%
+ \usebeamerfont{focusframe}%
+ \usebeamercolor[fg]{frametitle}%
+}
+
+\apptocmd{\beamer@reseteecodes}
+{%
+ \ifbool{focus@standout}%
+ {%
+ \endgroup%
+ \boolfalse{focus@standout}%
+ }{}%
+}{}{}
+
+
+% Recalculate the footline's size and refresh other parameters.
+% Partially copied from the definition of \beamer@calculateheadfoot.
+\def\focus@calculatefootheight{%
+ \footheight=\focus@pbar@height%
+ \advance\footheight by 4pt%
+ \sidebarheight=\paperheight%
+ \advance\sidebarheight by-\headheight%
+ \advance\sidebarheight by\headdp%
+ \advance\sidebarheight by-\footheight%
+ \advance\sidebarheight by 4pt%
+ \footskip=\footheight%
+ \textheight=\paperheight%
+ \advance\textheight by-\footheight%
+ \advance\textheight by-\headheight%
+ \@colht\textheight%
+ \@colroom\textheight%
+ \vsize\textheight%
+}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerthemefocus.sty b/docs/workshop/4-passive-dns/beamerthemefocus.sty
new file mode 100644
index 0000000..f37394d
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerthemefocus.sty
@@ -0,0 +1,60 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\NeedsTeXFormat{LaTeX2e}
+\ProvidesPackage{beamerthemefocus}[2018/08/09 v2.2 Focus Beamer theme]
+
+\mode
+
+
+% THEME OPTIONS. ---------------------------------------------------------------
+\DeclareOptionBeamer{numbering}{%
+ \PassOptionsToPackage{numbering=#1}{beamerouterthemefocus}
+}
+
+\newif\if@focus@loadfirafonts
+\@focus@loadfirafontstrue
+
+\DeclareOptionBeamer{nofirafonts}{\@focus@loadfirafontsfalse}
+\ProcessOptionsBeamer
+
+
+% LOAD EXTERNAL PACKAGES. ------------------------------------------------------
+\if@focus@loadfirafonts
+ \RequirePackage[T1]{fontenc}
+
+ \PassOptionsToPackage{type1}{FiraSans}
+ \PassOptionsToPackage{type1}{FiraMono}
+
+ \RequirePackage{FiraSans}
+ \RequirePackage{FiraMono}
+\fi
+
+\usecolortheme{focus}
+\usefonttheme{focus}
+\useinnertheme{focus}
+\useoutertheme{focus}
+
+\setbeamertemplate{navigation symbols}{}
+
+
+% SET MARGINS. -----------------------------------------------------------------
+\setbeamersize{text margin left=0.75cm, text margin right=0.75cm}
+\setlength{\leftmargini}{0.75cm}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/d4-1.png b/docs/workshop/4-passive-dns/d4-1.png
new file mode 100644
index 0000000..d46c31e
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-1.png differ
diff --git a/docs/workshop/4-passive-dns/d4-2.png b/docs/workshop/4-passive-dns/d4-2.png
new file mode 100644
index 0000000..02c5efc
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-2.png differ
diff --git a/docs/workshop/4-passive-dns/d4-3.png b/docs/workshop/4-passive-dns/d4-3.png
new file mode 100644
index 0000000..68ffc11
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-3.png differ
diff --git a/docs/workshop/4-passive-dns/d4-4.png b/docs/workshop/4-passive-dns/d4-4.png
new file mode 100644
index 0000000..4c191d9
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-4.png differ
diff --git a/docs/workshop/4-passive-dns/d4-5.png b/docs/workshop/4-passive-dns/d4-5.png
new file mode 100644
index 0000000..556aea3
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-5.png differ
diff --git a/docs/workshop/4-passive-dns/d4-client.tex b/docs/workshop/4-passive-dns/d4-client.tex
new file mode 100644
index 0000000..0f9f146
--- /dev/null
+++ b/docs/workshop/4-passive-dns/d4-client.tex
@@ -0,0 +1,3 @@
+\begin{lstlisting}
+tcpdump -n -s0 -w - | ./d4 -c ./conf | socat - OPENSSL-CONNECT:$D4-SERVER-IP-ADDRESS:$PORT,verify=1
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/d4-introduction.pdf b/docs/workshop/4-passive-dns/d4-introduction.pdf
new file mode 100644
index 0000000..3df2a08
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-introduction.pdf differ
diff --git a/docs/workshop/4-passive-dns/d4-introduction.tex b/docs/workshop/4-passive-dns/d4-introduction.tex
new file mode 100644
index 0000000..de2f12b
--- /dev/null
+++ b/docs/workshop/4-passive-dns/d4-introduction.tex
@@ -0,0 +1,184 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\usepackage{tikz}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+\usepackage{transparent}
+\usepackage{fancyvrb}
+\usepackage{listings}
+\definecolor{main}{RGB}{47, 161, 219}
+%\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+\definecolor{textcolor}{RGB}{85, 87, 83}
+\title{Improving Passive DNS collection}
+\subtitle{with D4 Project}
+\author{Alexandre Dulaunoy}
+\titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}}
+\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
+\date{2019/03/29}
+
+\begin{document}
+ \begin{frame}
+ \maketitle
+ \end{frame}
+
+\begin{frame}
+ \frametitle{Problem statement}
+ \begin{itemize}
+ \item CIRCL (and other CSIRTs) have their own passive DNS\footnote{\url{https://www.circl.lu/services/passive-dns/}} collection mechanisms
+ \item Current {\bf collection models} are affected with DoH\footnote{DNS over HTTPS} and centralised DNS services
+ \item DNS answers collection is a tedious process
+ \item {\bf Sharing Passive DNS stream} between organisation is challenging due to privacy
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Potential Strategy}
+ \begin{itemize}
+ \item Improve {\bf Passive DNS collection diversity} by being closer to the source and limit impact of DoH (e.g. at the OS resolver level)
+ \item Increasing diversity and {\bf mixing models} before sharing/storing Passive DNS records
+ \item Simplify process and tools to install for {\bf Passive DNS collection by relying on D4 sensors} instead of custom mechanisms
+ \item Provide a distributed infrastructure for mixing streams and filtering out the sharing to the validated partners
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{First release}
+ \begin{itemize}
+
+ \item analyzer-d4-passivedns\footnote{\url{https://github.com/D4-project/analyzer-d4-passivedns}} is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in passivedns CSV format\footnote{\url{https://github.com/gamelinux/passivedns}})
+ \item Ingest these into a {\bf Passive DNS server} which can be queried later to search for the Passive DNS records
+\item The lookup server (using on redis-compatible backend) is a Passive DNS REST server compliant to the Common Output Format\footnote{\url{https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-04}}
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{D4 Overview}
+ \includegraphics[scale=0.38]{d4-overview.pdf}
+\end{frame}
+
+
+\begin{frame}[t]{Common Output Format}
+\begin{itemize}
+\item {\bf Consistent naming of fields across Passive DNS software} based on the most common Passive DNS implementations
+\item Minimal set of fields to be supported
+\item Minimal set of optional fields to be supported
+\item Way to add "additional" fields via a simple registry mechanism (IANA-like)
+\item Simple and easily parsable format
+\item A gentle reminder regarding privacy aspects of Passive DNS
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t,fragile]{Sample output www.terena.org}
+\lstdefinelanguage{JavaScript}{
+ keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break},
+ keywordstyle=\color{blue}\bfseries,
+ ndkeywords={class, export, boolean, throw, implements, import, this},
+ ndkeywordstyle=\color{darkgray}\bfseries,
+ identifierstyle=\color{black},
+ sensitive=false,
+ comment=[l]{//},
+ morecomment=[s]{/*}{*/},
+ commentstyle=\color{purple}\ttfamily,
+ stringstyle=\color{red}\ttfamily,
+ morestring=[b]',
+ morestring=[b]"
+}
+
+\lstset{
+ language=JavaScript,
+ backgroundcolor=\color{lightgray},
+ extendedchars=true,
+ basicstyle=\footnotesize\ttfamily,
+ showstringspaces=false,
+ showspaces=false,
+ numbers=left,
+ numberstyle=\footnotesize,
+ numbersep=9pt,
+ tabsize=2,
+ breaklines=true,
+ showtabs=false,
+ captionpos=b
+}
+\lstset{breaklines=true, language=JavaScript}
+\begin{lstlisting}
+{"count": 868, "time_first": 1298398002, "rrtype": "A", "rrname": "www.terena.org", "rdata": "192.87.30.6", "time_last": 1383124252}
+{"count": 89, "time_first": 1383729690, "rrtype": "CNAME", "rrname": "www.terena.org", "rdata": "godzilla.terena.org", "time_last": 1391517643}
+{"count": 110, "time_first": 1298398002, "rrtype": "AAAA", "rrname": "www.terena.org", "rdata": "2001:610:148:dead::6", "time_last": 136670845}
+\end{lstlisting}
+\end{frame}
+
+
+\begin{frame}[t]{Mandatory fields}
+\begin{itemize}
+\item \textbf{rrname} : name of the queried resource records
+\begin{itemize}
+\item JSON String
+\end{itemize}
+\item \textbf{rrtype} : resource record type
+\begin{itemize}
+\item JSON String (interpreted type of resource type if known)
+\end{itemize}
+\item \textbf{rdata} : resource records of the query(ied) resource(s)
+\begin{itemize}
+\item JSON String or an array of string if more than one unique triple
+\end{itemize}
+\item \textbf{time\_first} : first time that the resource record triple (rrname, rrtype, rdata) was seen
+\item \textbf{time\_last} : last time that the resource record triple (rrname, rrtype, rdata) was seen
+\begin{itemize}
+\item JSON Number (epoch value) UTC TZ
+\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t]{Optional fields}
+\begin{itemize}
+\item \textbf{count} : how many authoritative DNS answers were received by the Passive DNS collector
+\begin{itemize}
+\item JSON Number
+\end{itemize}
+\item \textbf{bailiwick} : closest enclosing zone delegated to a nameserver served in the zone of the resource records
+\begin{itemize}
+\item JSON String
+\end{itemize}
+
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t]{Additionals fields}
+\begin{itemize}
+\item \textbf{sensor\_id} : Passive DNS sensor information
+\begin{itemize}
+\item JSON String
+\end{itemize}
+\item \textbf{zone\_time\_first} : specific first/last time seen when imported from a master file
+\item \textbf{zone\_time\_last}
+\begin{itemize}
+\item JSON Number
+\end{itemize}
+\item Additional fields can be requested via \url{https://github.com/adulau/pdns-qof/wiki/Additional-Fields}
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t]{Future}
+\begin{itemize}
+ \item {\bf Mixing models for passive DNS stream} (for privacy) in next version of D4 core server
+ \item Interconnecting private D4 sensor networks with other D4 sensor networks (sharing to partners filtered stream)
+ \item Previewing dataset collected in D4 sensor network and providing {\bf open data stream} (if contributor agrees to share under specific conditions)
+\end{itemize}
+
+\end{frame}
+
+
+\begin{frame}
+\frametitle{Get in touch if you want to join/support the project, host a passive dns sensor or contribute}
+\begin{itemize}
+\item Collaboration can include research partnership, sharing of collected streams or improving the software.
+\item Contact: info@circl.lu
+\item \url{https://github.com/D4-Project} - \url{https://twitter.com/d4_project}
+\end{itemize}
+\end{frame}
+
+
+\end{document}
diff --git a/docs/workshop/4-passive-dns/d4-logo.pdf b/docs/workshop/4-passive-dns/d4-logo.pdf
new file mode 100644
index 0000000..f6cfdbf
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-logo.pdf differ
diff --git a/docs/workshop/4-passive-dns/d4-overview.pdf b/docs/workshop/4-passive-dns/d4-overview.pdf
new file mode 100644
index 0000000..0e59253
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-overview.pdf differ
diff --git a/docs/workshop/4-passive-dns/d4-protocol-encapsulation.png b/docs/workshop/4-passive-dns/d4-protocol-encapsulation.png
new file mode 100644
index 0000000..ee5b74e
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-protocol-encapsulation.png differ
diff --git a/docs/workshop/4-passive-dns/flags.tex b/docs/workshop/4-passive-dns/flags.tex
new file mode 100644
index 0000000..cba7cd8
--- /dev/null
+++ b/docs/workshop/4-passive-dns/flags.tex
@@ -0,0 +1,12 @@
+\lstset{%
+ backgroundcolor=\color{gray!25},
+ basicstyle=\ttfamily,
+ breaklines=true,
+ columns=fullflexible
+}
+
+\begin{lstlisting}
+tshark -n -r capture-20170916110006.cap.gz -T fields -e frame.time_epoch -e ip.src -e tcp.flags
+1505552542.807286000 x.45.177.71 0x00000010
+1505552547.514922000 x.45.177.71 0x00000010
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/meta.tex b/docs/workshop/4-passive-dns/meta.tex
new file mode 100644
index 0000000..2c23946
--- /dev/null
+++ b/docs/workshop/4-passive-dns/meta.tex
@@ -0,0 +1,10 @@
+\begin{lstlisting}
+{
+ "type": "ja3-jl",
+ "encoding": "utf-8",
+ "tags": [
+ "tlp:white"
+ ],
+ "misp:org": "5b642239-4db4-4580-adf4-4ebd950d210f"
+}
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/pibs.tex b/docs/workshop/4-passive-dns/pibs.tex
new file mode 100644
index 0000000..43fc641
--- /dev/null
+++ b/docs/workshop/4-passive-dns/pibs.tex
@@ -0,0 +1,3 @@
+\begin{lstlisting}
+./pibs -b -r pcap_file.cap
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/server.notes b/docs/workshop/4-passive-dns/server.notes
new file mode 100644
index 0000000..28d1448
--- /dev/null
+++ b/docs/workshop/4-passive-dns/server.notes
@@ -0,0 +1,31 @@
+Welcome to the d4-core wiki!
+
+## Server
+
+- Support TLS connection
+- Unpack header
+- Verify client secret key (HMAC)
+- check blocklist
+- Filter by types
+ (Only accept one connection by type-UUID - except: type 254)
+- Discard incorrect data
+- Save data in a Redis Stream (unique for each session)
+
+## Worker Manager (one by type)
+
+- Check if a new session is created and valid data are saved in a Redis stream
+- Launch a new Worker for each session
+
+## Worker
+- Get data for a stream
+- Reconstruct data
+- Save data on disk (with file rotation)
+- Sava data in Redis. Create a queue for a D4-Analyzer
+
+## Flask server
+- Get Sensors status, errors and statistics
+- Get all connected sensors
+- Manage Sensors (stream size limit, secret key, ...)
+- Manage Accepted types
+- UUID/IP blocklist
+- Create Analyzer Queues
diff --git a/docs/workshop/4-passive-dns/tcpdump.tex b/docs/workshop/4-passive-dns/tcpdump.tex
new file mode 100644
index 0000000..53ea2ed
--- /dev/null
+++ b/docs/workshop/4-passive-dns/tcpdump.tex
@@ -0,0 +1,4 @@
+\begin{lstlisting}
+tcpdump -l -s 65535 -n -i vr0 -w - '( not port $PORT and not host $HOST )' | socat - OPENSSL-CONNECT:$COLLECTOR:$PORT,cert=/etc/openssl/client.pem,cafile=/etc/openssl/ca.crt,verify=1
+\end{lstlisting}
+