chg: [passive dns] first version

docs/workshop/4-passive-dns/beamercolorthemefocus.sty

@@ -0,0 +1,71 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+%               2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+% 
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+% 
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
+
+\mode<presentation>
+
+
+% DEFINE COLORS. ---------------------------------------------------------------
+\definecolor{main}{RGB}{64, 64, 64}
+\definecolor{background}{RGB}{239, 239, 239}
+
+\definecolor{alert}{RGB}{180, 0, 0}
+\definecolor{example}{RGB}{0, 110, 0}
+
+
+% SET COLORS. ------------------------------------------------------------------
+\setbeamercolor{normal text}{fg=textcolor, bg=background}
+\setbeamercolor{alerted text}{fg=alert}
+\setbeamercolor{example text}{fg=example}
+
+\setbeamercolor{titlelike}{fg=background, bg=main}
+\setbeamercolor{frametitle}{parent={titlelike}}
+
+\setbeamercolor{footline}{fg=background, bg=main}
+
+\setbeamercolor{block title}{bg=main!80!background, fg=background}
+\setbeamercolor{block body}{bg=main!10!background, fg=main}
+
+\setbeamercolor{block title alerted}{bg=alert, fg=background}
+\setbeamercolor{block body alerted}{bg=alert!10!background, fg=main}
+
+\setbeamercolor{block title example}{bg=example, fg=background}
+\setbeamercolor{block body example}{bg=example!10!background, fg=main}
+
+\setbeamercolor{itemize item}{fg=main}
+\setbeamercolor{itemize subitem}{fg=main}
+
+\setbeamercolor{enumerate item}{fg=main!70!black}
+\setbeamercolor{enumerate subitem}{fg=main!70!black}
+
+\setbeamercolor{description item}{fg=main!70!black}
+\setbeamercolor{description subitem}{fg=main!70!black}
+
+\setbeamercolor{caption name}{fg=textcolor}
+
+\setbeamercolor{section in toc}{fg=textcolor}
+\setbeamercolor{subsection in toc}{fg=textcolor}
+\setbeamercolor{section number projected}{bg=textcolor}
+\setbeamercolor{subsection number projected}{bg=textcolor}
+
+\setbeamercolor{bibliography item}{fg=main}
+\setbeamercolor{bibliography entry author}{fg=main!70!black}
+\setbeamercolor{bibliography entry title}{fg=main}
+\setbeamercolor{bibliography entry location}{fg=main}
+\setbeamercolor{bibliography entry note}{fg=main}
+
+\mode<all>

docs/workshop/4-passive-dns/beamerfontthemefocus.sty

@@ -0,0 +1,47 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+%               2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+% 
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+% 
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
+
+\mode<presentation>
+
+
+% SET FONTS. -------------------------------------------------------------------
+\setbeamerfont{title}{size=\huge, shape=\bfseries}
+\setbeamerfont{subtitle}{size=\Large, parent=structure}
+\setbeamerfont{author}{size=\scriptsize}
+
+\setbeamerfont{institute}{size=\normalsize}
+\setbeamerfont{date}{size=\scriptsize}
+
+\setbeamerfont{sectiontitle}{size=\huge, series=\scshape\bfseries}
+\setbeamerfont{frametitle}{size=\Large, shape=\scshape}
+
+\setbeamerfont{footline}{size=\scriptsize}
+
+\setbeamerfont{focusframe}{size=\huge, shape=\scshape}
+
+\setbeamerfont{description item}{shape=\bfseries}
+
+\setbeamerfont{caption name}{shape=\bfseries}
+
+\setbeamerfont{bibliography item}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry author}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry title}{size=\small, series=\scshape\bfseries}
+\setbeamerfont{bibliography entry location}{size=\small, shape=\scshape\normalfont}
+\setbeamerfont{bibliography entry note}{size=\small, shape=\scshape\normalfont}
+
+\mode<all>

docs/workshop/4-passive-dns/beamerinnerthemefocus.sty

@@ -0,0 +1,117 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+%               2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+% 
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+% 
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
+
+\mode<presentation>
+
+\RequirePackage{tikz}
+
+
+% CUSTOMIZE STRUCTURE ELEMENTS. ------------------------------------------------
+\setbeamertemplate{blocks}[default]
+
+\setbeamertemplate{section in toc}[square]
+\setbeamertemplate{subsection in toc}[square]
+
+\setbeamertemplate{itemize items}[square]
+\setbeamertemplate{itemize subitem}[triangle]
+
+
+% STRUCTURE FRAME TEMPLATE DEFINITIONS. ----------------------------------------
+% Title page.
+\defbeamertemplate*{title page}{focus}{%
+    {\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+        \begin{tikzpicture}[overlay, remember picture]
+            \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+        \end{tikzpicture}}
+    
+    \vspace{-1.65\baselineskip}
+    \begin{minipage}[b][0.35\paperheight]{\textwidth}
+        \vspace{\baselineskip}
+        \usebeamerfont{title}
+        \usebeamercolor[fg]{frametitle}
+        \inserttitle
+    \end{minipage}
+    
+    \begin{minipage}[t][0.1\paperheight]{\textwidth}
+        \usebeamerfont{subtitle}
+        \usebeamercolor[fg]{frametitle}
+        \insertsubtitle
+    \end{minipage}
+    
+    % Set the title graphic in a zero-height box, so that
+    % the position of other elements is not affected.
+    {\vfuzz=9999pt\vbox to 0pt {
+        \raggedleft
+        \inserttitlegraphic
+    }}
+    
+   
+    \vspace*{\baselineskip}
+    \begin{minipage}[t]{\textwidth}
+        \usebeamerfont{institute}
+        \insertinstitute
+    \end{minipage}
+    
+    \vspace*{\baselineskip}
+    \begin{minipage}[t]{\textwidth}
+        \usebeamerfont{date}{\insertdate}
+    \end{minipage}
+
+    
+    \vspace*{\baselineskip}
+    \vspace*{\baselineskip}
+    \vspace*{\baselineskip}
+    \vspace*{\baselineskip}
+    \begin{minipage}[t]{\textwidth}
+        \usebeamerfont{author}
+        \insertauthor
+    \end{minipage}
+    
+
+    \vspace*{5\baselineskip}
+    
+    \addtocounter{framenumber}{-1}
+}
+
+% Section page.
+\defbeamertemplate*{section page}{focus}{%
+    {%
+        \usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+        \begin{tikzpicture}[overlay, remember picture]
+            \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+        \end{tikzpicture}%
+    }
+    
+    \vspace{-2\baselineskip}
+    \begin{minipage}[b][0.45\paperheight]{\textwidth}
+        \usebeamerfont{sectiontitle}
+        \usebeamercolor[fg]{frametitle}
+        \let\hyperlink\@secondoftwo\insertsection
+    \end{minipage}
+    
+    \begin{minipage}[t][0.55\paperheight]{\textwidth}
+    \end{minipage}
+}
+
+\AtBeginSection{%
+    \begin{frame}[plain, noframenumbering]{}
+        \sectionpage
+    \end{frame}%
+}
+
+\mode<all>

docs/workshop/4-passive-dns/beamerouterthemefocus.sty

@@ -0,0 +1,255 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+%               2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+% 
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+% 
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
+
+\mode<presentation>
+
+\RequirePackage{appendixnumberbeamer}% Don't number appendix frames.
+\RequirePackage{etoolbox}% \BeforeBeginEnvironment
+\RequirePackage{tikz}
+
+
+% FRAMETITLE TEMPLATES. --------------------------------------------------------
+\defbeamertemplate*{frametitle}{focus}{%
+    % If not title page.
+    \ifnum\value{framenumber}>0%
+        \vspace{-1pt}%
+        \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm]{frametitle}%
+            \strut\insertframetitle\strut%
+        \end{beamercolorbox}%
+    \fi%
+}
+
+% Plain header.
+\defbeamertemplate{frametitle}{plain}{%
+    % If not title page.
+    \ifnum\value{framenumber}>0%
+        \vspace{-1pt}%
+        \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm,ignorebg]{frametitle}%
+            \strut%
+        \end{beamercolorbox}%
+    \fi%
+}
+
+
+% FOOTLINE TEMPLATES. ----------------------------------------------------------
+% Lenghts for the progress bar footline.
+\newlength{\focus@pbar@height}% Progress bar height.
+\newlength{\focus@pbar@leftoffset}
+\newlength{\focus@pbar@rightoffset}
+
+\defbeamertemplate*{footline}{progressbar}{%
+    % If not appendix.
+    \ifnum\mainend<0% From package appendixnumberbeamer.
+        %
+        \settowidth{\focus@pbar@leftoffset}{1}%
+        \addtolength{\focus@pbar@leftoffset}{1.5em}%
+        %
+        \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+        \addtolength{\focus@pbar@rightoffset}{1.5em}%
+        %
+        % If not title page.
+        \ifnum\c@framenumber>0%
+            \ifnum\c@framenumber<\inserttotalframenumber%
+                \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]\usebeamerfont{footline}
+                    \pgfmathsetmacro{\focus@pbar@progress}%
+                        {(\paperwidth-\focus@pbar@leftoffset-\focus@pbar@rightoffset)*(\insertframenumber/\inserttotalframenumber)}
+                
+                    \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+                    \fill[footline.bg] (0,0) rectangle ++(\the\focus@pbar@leftoffset,\the\focus@pbar@height);
+                    
+                    \fill[footline.bg] (\the\focus@pbar@leftoffset,0) rectangle ++(\focus@pbar@progress pt,\the\focus@pbar@height)
+                                       ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=east, text=footline.fg] {\strut\insertframenumber};
+                    
+                    \fill[footline.bg] (\paperwidth,0) rectangle ++(-\the\focus@pbar@rightoffset,\the\focus@pbar@height)
+                                       ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=west, text=footline.fg] {\strut\inserttotalframenumber};
+                \end{tikzpicture}%
+            \else%
+                \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+                    \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+                    \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+                    
+                    \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+                    \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+                    \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+                \end{tikzpicture}%
+            \fi%
+        \fi%
+    \fi%
+}
+
+% Full bar footline.
+\defbeamertemplate{footline}{fullbar}{%
+    % If not appendix.
+    \ifnum\mainend<0% From package appendixnumberbeamer.
+        %
+        \settowidth{\focus@pbar@leftoffset}{1}%
+        \addtolength{\focus@pbar@leftoffset}{1.5em}%
+        %
+        \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+        \addtolength{\focus@pbar@rightoffset}{1.5em}%
+        %
+        % If not title page.
+        \ifnum\c@framenumber>0%
+            \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+                \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+                \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+                
+                \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+                \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+                \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+            \end{tikzpicture}%
+        \fi%
+    \fi%
+}
+
+% Empty footline.
+\defbeamertemplate{footline}{none}{}
+
+\DeclareOptionBeamer{numbering}{\def\beamer@focus@numbering{#1}}
+\ExecuteOptionsBeamer{numbering=progressbar}
+\ProcessOptionsBeamer
+
+\def\beamer@focus@numberingprogressbar{progressbar}
+\def\beamer@focus@numberingfullbar{fullbar}
+\def\beamer@focus@numberingnone{none}
+
+
+% BACKGROUND CANVAS TEMPLATES. -------------------------------------------------
+\defbeamertemplate*{background canvas}{focus}{%
+    \begin{tikzpicture}
+        \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+        \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+    \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusplain}{%
+    \begin{tikzpicture}
+        \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+        \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+    \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusframe}{%
+    \begin{tikzpicture}
+        \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+        \fill[frametitle.bg] (0,0) rectangle ++(\paperwidth,\paperheight);        
+    \end{tikzpicture}%
+}
+
+
+% HOOKS FOR CREATING FRAMES. ---------------------------------------------------
+\BeforeBeginEnvironment{frame}{%
+    \setbeamertemplate{background canvas}[focus]%
+    \setbeamertemplate{frametitle}[focus]%
+    %
+    % Reset footline height and determine it for the current slide.
+    \setlength{\focus@pbar@height}{0cm}%
+    \focus@calculatefootheight%
+    %
+    % If not appendix.
+    \ifnum\mainend<0 % From package appendixnumberbeamer.
+        \settoheight{\focus@pbar@height}{\usebeamerfont{footline}1234567890/}%
+        \addtolength{\focus@pbar@height}{6pt}%
+        %
+        \ifx\beamer@focus@numbering\beamer@focus@numberingprogressbar%
+            \setbeamertemplate{footline}[progressbar]%
+        \else%
+            \ifx\beamer@focus@numbering\beamer@focus@numberingfullbar%
+                \setbeamertemplate{footline}[fullbar]%
+            \fi%
+        \fi%
+        %
+        \focus@calculatefootheight%
+    \fi%
+}
+
+% Enable noframenumbering option.
+\define@key{beamerframe}{noframenumbering}[true]{%
+    \setbeamertemplate{footline}[none]%
+    \setlength{\focus@pbar@height}{0cm}%
+    \focus@calculatefootheight%
+    %
+    \addtocounter{framenumber}{-1}%
+}
+
+
+% Enable plain option.
+\define@key{beamerframe}{plain}[true]{%
+    \setbeamertemplate{background canvas}[focusplain]%
+    \setbeamertemplate{frametitle}[plain]%
+    %
+    \setbeamertemplate{footline}[none]%
+}
+
+
+% Full vertical centering
+% (from https://tex.stackexchange.com/questions/247826/beamer-full-vertical-centering).
+\define@key{beamerframe}{c}[true]{%
+    \beamer@frametopskip=0pt plus 1fill\relax%
+    \beamer@framebottomskip=0pt plus 1fill\relax%
+    \beamer@frametopskipautobreak=0pt plus 0.4\paperheight\relax%
+    \beamer@framebottomskipautobreak=0pt plus 0.6\paperheight\relax%
+    \def\beamer@initfirstlineunskip{}%
+}
+
+
+% Enable focus option.
+\providebool{focus@standout}
+\define@key{beamerframe}{focus}[true]{%
+    \booltrue{focus@standout}%
+    \begingroup%
+        \setkeys{beamerframe}{noframenumbering}%
+        \setbeamertemplate{background canvas}[focusframe]%
+        \setbeamertemplate{frametitle}[plain]%
+        %
+        \setkeys{beamerframe}{c}%
+        \centering%
+        \usebeamerfont{focusframe}%
+        \usebeamercolor[fg]{frametitle}%
+}
+
+\apptocmd{\beamer@reseteecodes}
+{%
+    \ifbool{focus@standout}%
+    {%
+        \endgroup%
+        \boolfalse{focus@standout}%
+    }{}%
+}{}{}
+
+
+% Recalculate the footline's size and refresh other parameters.
+% Partially copied from the definition of \beamer@calculateheadfoot.
+\def\focus@calculatefootheight{%
+    \footheight=\focus@pbar@height%
+    \advance\footheight by 4pt%
+    \sidebarheight=\paperheight%
+    \advance\sidebarheight by-\headheight%
+    \advance\sidebarheight by\headdp%
+    \advance\sidebarheight by-\footheight%
+    \advance\sidebarheight by 4pt%
+    \footskip=\footheight%
+    \textheight=\paperheight%
+    \advance\textheight by-\footheight%
+    \advance\textheight by-\headheight%
+    \@colht\textheight%
+    \@colroom\textheight%
+    \vsize\textheight%
+}
+
+\mode<all>

docs/workshop/4-passive-dns/beamerthemefocus.sty

@@ -0,0 +1,60 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+%               2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+% 
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+% 
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
+
+\NeedsTeXFormat{LaTeX2e}
+\ProvidesPackage{beamerthemefocus}[2018/08/09 v2.2 Focus Beamer theme]
+
+\mode<presentation>
+
+
+% THEME OPTIONS. ---------------------------------------------------------------
+\DeclareOptionBeamer{numbering}{%
+    \PassOptionsToPackage{numbering=#1}{beamerouterthemefocus}
+}
+
+\newif\if@focus@loadfirafonts
+\@focus@loadfirafontstrue
+
+\DeclareOptionBeamer{nofirafonts}{\@focus@loadfirafontsfalse}
+\ProcessOptionsBeamer
+
+
+% LOAD EXTERNAL PACKAGES. ------------------------------------------------------
+\if@focus@loadfirafonts
+    \RequirePackage[T1]{fontenc}
+    
+    \PassOptionsToPackage{type1}{FiraSans}
+    \PassOptionsToPackage{type1}{FiraMono}
+    
+    \RequirePackage{FiraSans}
+    \RequirePackage{FiraMono}
+\fi
+
+\usecolortheme{focus}
+\usefonttheme{focus}
+\useinnertheme{focus}
+\useoutertheme{focus}
+
+\setbeamertemplate{navigation symbols}{}
+
+
+% SET MARGINS. -----------------------------------------------------------------
+\setbeamersize{text margin left=0.75cm, text margin right=0.75cm}
+\setlength{\leftmargini}{0.75cm}
+
+\mode<all>

docs/workshop/4-passive-dns/d4-client.tex

@@ -0,0 +1,3 @@
+\begin{lstlisting}
+tcpdump -n -s0 -w - | ./d4 -c ./conf | socat - OPENSSL-CONNECT:$D4-SERVER-IP-ADDRESS:$PORT,verify=1
+\end{lstlisting}

docs/workshop/4-passive-dns/d4-introduction.tex

@@ -0,0 +1,71 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\usepackage{tikz}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+\usepackage{transparent}
+\usepackage{fancyvrb}
+\usepackage{listings}
+\definecolor{main}{RGB}{47, 161, 219}
+%\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+\definecolor{textcolor}{RGB}{85, 87, 83}
+\title{Improving Passive DNS collection}
+\subtitle{with D4 Project}
+\author{Alexandre Dulaunoy}
+\titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}}
+\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
+\date{2019/03/29}
+
+\begin{document}
+    \begin{frame}
+        \maketitle
+    \end{frame}
+
+\begin{frame}
+        \frametitle{Problem statement}
+        \begin{itemize}
+                \item CIRCL (and other CSIRTs) have their own passive DNS\footnote{\url{https://www.circl.lu/services/passive-dns/}} collection mechanisms
+                \item Current {\bf collection models} are affected with DoH\footnote{DNS over HTTPS} and centralised DNS services
+                \item DNS answers collection is a tedious process
+                \item {\bf Sharing Passive DNS stream} between organisation is challenging due to privacy
+        \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+        \frametitle{Potential Strategy}
+ \begin{itemize}
+         \item Improve {\bf Passive DNS collection diversity} by being closer to the source and limit impact of DoH (e.g. at the OS resolver level)
+         \item Increasing diversity and {\bf mixing models} before sharing/storing Passive DNS records
+         \item Simplify process and tools to install for {\bf Passive DNS collection by relying on D4 sensors} instead of custom mechanisms
+         \item Provide a distributed infrastructure for mixing streams and filtering out the sharing to the validated partners
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+        \frametitle{First release}
+ \begin{itemize}
+
+         \item analyzer-d4-passivedns\footnote{\url{https://github.com/D4-project/analyzer-d4-passivedns}} is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in passivedns CSV format\footnote{\url{https://github.com/gamelinux/passivedns}})
+         \item Ingest these into a {\bf Passive DNS server} which can be queried later to search for the Passive DNS records
+\item The lookup server (using on redis-compatible backend) is a Passive DNS REST server compliant to the Common Output Format\footnote{\url{https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-04}}
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{D4 Overview}
+        \includegraphics[scale=0.38]{d4-overview.pdf}
+\end{frame}
+
+\begin{frame}
+\frametitle{Get in touch if you want to join/support the project, host a passive dns sensor or contribute}
+\begin{itemize}
+\item Collaboration can include research partnership, sharing of collected streams or improving the software.
+\item Contact: info@circl.lu
+\item \url{https://github.com/D4-Project} -  \url{https://twitter.com/d4_project}
+\end{itemize}
+\end{frame}
+
+
+\end{document}

docs/workshop/4-passive-dns/flags.tex

@@ -0,0 +1,12 @@
+\lstset{%
+    backgroundcolor=\color{gray!25},
+    basicstyle=\ttfamily,
+    breaklines=true,
+    columns=fullflexible
+}
+
+\begin{lstlisting}
+tshark -n -r  capture-20170916110006.cap.gz -T fields -e frame.time_epoch  -e ip.src -e tcp.flags
+1505552542.807286000 x.45.177.71 0x00000010
+1505552547.514922000 x.45.177.71 0x00000010
+\end{lstlisting}

docs/workshop/4-passive-dns/meta.tex

@@ -0,0 +1,10 @@
+\begin{lstlisting}
+{
+  "type": "ja3-jl",
+  "encoding": "utf-8",
+  "tags": [
+    "tlp:white"
+  ],
+  "misp:org": "5b642239-4db4-4580-adf4-4ebd950d210f"
+}
+\end{lstlisting}

docs/workshop/4-passive-dns/pibs.tex

@@ -0,0 +1,3 @@
+\begin{lstlisting}
+./pibs -b -r pcap_file.cap
+\end{lstlisting}

docs/workshop/4-passive-dns/server.notes

@@ -0,0 +1,31 @@
+Welcome to the d4-core wiki!
+
+## Server
+
+- Support TLS connection
+- Unpack header
+- Verify client secret key (HMAC)
+- check blocklist
+- Filter by types
+    (Only accept one connection by type-UUID - except: type 254)
+- Discard incorrect data
+- Save data in a Redis Stream (unique for each session)
+
+## Worker Manager (one by type)
+
+- Check if a new session is created and valid data are saved in a Redis stream
+- Launch a new Worker for each session
+
+## Worker
+- Get data for a stream
+- Reconstruct data
+- Save data on disk (with file rotation)
+- Sava data in Redis. Create a queue for a D4-Analyzer
+
+## Flask server
+- Get Sensors status, errors and statistics
+- Get all connected sensors
+- Manage Sensors (stream size limit, secret key, ...)
+- Manage Accepted types
+- UUID/IP blocklist
+- Create Analyzer Queues

docs/workshop/4-passive-dns/tcpdump.tex

@@ -0,0 +1,4 @@
+\begin{lstlisting}
+tcpdump -l -s 65535 -n -i vr0 -w - '( not port $PORT and not host $HOST )' | socat - OPENSSL-CONNECT:$COLLECTOR:$PORT,cert=/etc/openssl/client.pem,cafile=/etc/openssl/ca.crt,verify=1
+\end{lstlisting}
+