diff --git a/docs/workshop/4-passive-dns/beamercolorthemefocus.sty b/docs/workshop/4-passive-dns/beamercolorthemefocus.sty
new file mode 100644
index 0000000..3f533df
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamercolorthemefocus.sty
@@ -0,0 +1,71 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+
+% DEFINE COLORS. ---------------------------------------------------------------
+\definecolor{main}{RGB}{64, 64, 64}
+\definecolor{background}{RGB}{239, 239, 239}
+
+\definecolor{alert}{RGB}{180, 0, 0}
+\definecolor{example}{RGB}{0, 110, 0}
+
+
+% SET COLORS. ------------------------------------------------------------------
+\setbeamercolor{normal text}{fg=textcolor, bg=background}
+\setbeamercolor{alerted text}{fg=alert}
+\setbeamercolor{example text}{fg=example}
+
+\setbeamercolor{titlelike}{fg=background, bg=main}
+\setbeamercolor{frametitle}{parent={titlelike}}
+
+\setbeamercolor{footline}{fg=background, bg=main}
+
+\setbeamercolor{block title}{bg=main!80!background, fg=background}
+\setbeamercolor{block body}{bg=main!10!background, fg=main}
+
+\setbeamercolor{block title alerted}{bg=alert, fg=background}
+\setbeamercolor{block body alerted}{bg=alert!10!background, fg=main}
+
+\setbeamercolor{block title example}{bg=example, fg=background}
+\setbeamercolor{block body example}{bg=example!10!background, fg=main}
+
+\setbeamercolor{itemize item}{fg=main}
+\setbeamercolor{itemize subitem}{fg=main}
+
+\setbeamercolor{enumerate item}{fg=main!70!black}
+\setbeamercolor{enumerate subitem}{fg=main!70!black}
+
+\setbeamercolor{description item}{fg=main!70!black}
+\setbeamercolor{description subitem}{fg=main!70!black}
+
+\setbeamercolor{caption name}{fg=textcolor}
+
+\setbeamercolor{section in toc}{fg=textcolor}
+\setbeamercolor{subsection in toc}{fg=textcolor}
+\setbeamercolor{section number projected}{bg=textcolor}
+\setbeamercolor{subsection number projected}{bg=textcolor}
+
+\setbeamercolor{bibliography item}{fg=main}
+\setbeamercolor{bibliography entry author}{fg=main!70!black}
+\setbeamercolor{bibliography entry title}{fg=main}
+\setbeamercolor{bibliography entry location}{fg=main}
+\setbeamercolor{bibliography entry note}{fg=main}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerfontthemefocus.sty b/docs/workshop/4-passive-dns/beamerfontthemefocus.sty
new file mode 100644
index 0000000..f324876
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerfontthemefocus.sty
@@ -0,0 +1,47 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+
+% SET FONTS. -------------------------------------------------------------------
+\setbeamerfont{title}{size=\huge, shape=\bfseries}
+\setbeamerfont{subtitle}{size=\Large, parent=structure}
+\setbeamerfont{author}{size=\scriptsize}
+
+\setbeamerfont{institute}{size=\normalsize}
+\setbeamerfont{date}{size=\scriptsize}
+
+\setbeamerfont{sectiontitle}{size=\huge, series=\scshape\bfseries}
+\setbeamerfont{frametitle}{size=\Large, shape=\scshape}
+
+\setbeamerfont{footline}{size=\scriptsize}
+
+\setbeamerfont{focusframe}{size=\huge, shape=\scshape}
+
+\setbeamerfont{description item}{shape=\bfseries}
+
+\setbeamerfont{caption name}{shape=\bfseries}
+
+\setbeamerfont{bibliography item}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry author}{size=\small, shape=\scshape}
+\setbeamerfont{bibliography entry title}{size=\small, series=\scshape\bfseries}
+\setbeamerfont{bibliography entry location}{size=\small, shape=\scshape\normalfont}
+\setbeamerfont{bibliography entry note}{size=\small, shape=\scshape\normalfont}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerinnerthemefocus.sty b/docs/workshop/4-passive-dns/beamerinnerthemefocus.sty
new file mode 100644
index 0000000..bccfa7a
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerinnerthemefocus.sty
@@ -0,0 +1,117 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+\RequirePackage{tikz}
+
+
+% CUSTOMIZE STRUCTURE ELEMENTS. ------------------------------------------------
+\setbeamertemplate{blocks}[default]
+
+\setbeamertemplate{section in toc}[square]
+\setbeamertemplate{subsection in toc}[square]
+
+\setbeamertemplate{itemize items}[square]
+\setbeamertemplate{itemize subitem}[triangle]
+
+
+% STRUCTURE FRAME TEMPLATE DEFINITIONS. ----------------------------------------
+% Title page.
+\defbeamertemplate*{title page}{focus}{%
+ {\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+ \begin{tikzpicture}[overlay, remember picture]
+ \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+ \end{tikzpicture}}
+
+ \vspace{-1.65\baselineskip}
+ \begin{minipage}[b][0.35\paperheight]{\textwidth}
+ \vspace{\baselineskip}
+ \usebeamerfont{title}
+ \usebeamercolor[fg]{frametitle}
+ \inserttitle
+ \end{minipage}
+
+ \begin{minipage}[t][0.1\paperheight]{\textwidth}
+ \usebeamerfont{subtitle}
+ \usebeamercolor[fg]{frametitle}
+ \insertsubtitle
+ \end{minipage}
+
+ % Set the title graphic in a zero-height box, so that
+ % the position of other elements is not affected.
+ {\vfuzz=9999pt\vbox to 0pt {
+ \raggedleft
+ \inserttitlegraphic
+ }}
+
+
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{institute}
+ \insertinstitute
+ \end{minipage}
+
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{date}{\insertdate}
+ \end{minipage}
+
+
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \vspace*{\baselineskip}
+ \begin{minipage}[t]{\textwidth}
+ \usebeamerfont{author}
+ \insertauthor
+ \end{minipage}
+
+
+ \vspace*{5\baselineskip}
+
+ \addtocounter{framenumber}{-1}
+}
+
+% Section page.
+\defbeamertemplate*{section page}{focus}{%
+ {%
+ \usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
+ \begin{tikzpicture}[overlay, remember picture]
+ \fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
+ \end{tikzpicture}%
+ }
+
+ \vspace{-2\baselineskip}
+ \begin{minipage}[b][0.45\paperheight]{\textwidth}
+ \usebeamerfont{sectiontitle}
+ \usebeamercolor[fg]{frametitle}
+ \let\hyperlink\@secondoftwo\insertsection
+ \end{minipage}
+
+ \begin{minipage}[t][0.55\paperheight]{\textwidth}
+ \end{minipage}
+}
+
+\AtBeginSection{%
+ \begin{frame}[plain, noframenumbering]{}
+ \sectionpage
+ \end{frame}%
+}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerouterthemefocus.sty b/docs/workshop/4-passive-dns/beamerouterthemefocus.sty
new file mode 100644
index 0000000..3f05f33
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerouterthemefocus.sty
@@ -0,0 +1,255 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\mode
+
+\RequirePackage{appendixnumberbeamer}% Don't number appendix frames.
+\RequirePackage{etoolbox}% \BeforeBeginEnvironment
+\RequirePackage{tikz}
+
+
+% FRAMETITLE TEMPLATES. --------------------------------------------------------
+\defbeamertemplate*{frametitle}{focus}{%
+ % If not title page.
+ \ifnum\value{framenumber}>0%
+ \vspace{-1pt}%
+ \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm]{frametitle}%
+ \strut\insertframetitle\strut%
+ \end{beamercolorbox}%
+ \fi%
+}
+
+% Plain header.
+\defbeamertemplate{frametitle}{plain}{%
+ % If not title page.
+ \ifnum\value{framenumber}>0%
+ \vspace{-1pt}%
+ \begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm,ignorebg]{frametitle}%
+ \strut%
+ \end{beamercolorbox}%
+ \fi%
+}
+
+
+% FOOTLINE TEMPLATES. ----------------------------------------------------------
+% Lenghts for the progress bar footline.
+\newlength{\focus@pbar@height}% Progress bar height.
+\newlength{\focus@pbar@leftoffset}
+\newlength{\focus@pbar@rightoffset}
+
+\defbeamertemplate*{footline}{progressbar}{%
+ % If not appendix.
+ \ifnum\mainend<0% From package appendixnumberbeamer.
+ %
+ \settowidth{\focus@pbar@leftoffset}{1}%
+ \addtolength{\focus@pbar@leftoffset}{1.5em}%
+ %
+ \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+ \addtolength{\focus@pbar@rightoffset}{1.5em}%
+ %
+ % If not title page.
+ \ifnum\c@framenumber>0%
+ \ifnum\c@framenumber<\inserttotalframenumber%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]\usebeamerfont{footline}
+ \pgfmathsetmacro{\focus@pbar@progress}%
+ {(\paperwidth-\focus@pbar@leftoffset-\focus@pbar@rightoffset)*(\insertframenumber/\inserttotalframenumber)}
+
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\the\focus@pbar@leftoffset,\the\focus@pbar@height);
+
+ \fill[footline.bg] (\the\focus@pbar@leftoffset,0) rectangle ++(\focus@pbar@progress pt,\the\focus@pbar@height)
+ ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=east, text=footline.fg] {\strut\insertframenumber};
+
+ \fill[footline.bg] (\paperwidth,0) rectangle ++(-\the\focus@pbar@rightoffset,\the\focus@pbar@height)
+ ++(0,{-0.5*\the\focus@pbar@height}) node[anchor=west, text=footline.fg] {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \else%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+
+ \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+ \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+ \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \fi%
+ \fi%
+ \fi%
+}
+
+% Full bar footline.
+\defbeamertemplate{footline}{fullbar}{%
+ % If not appendix.
+ \ifnum\mainend<0% From package appendixnumberbeamer.
+ %
+ \settowidth{\focus@pbar@leftoffset}{1}%
+ \addtolength{\focus@pbar@leftoffset}{1.5em}%
+ %
+ \settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
+ \addtolength{\focus@pbar@rightoffset}{1.5em}%
+ %
+ % If not title page.
+ \ifnum\c@framenumber>0%
+ \begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
+ \clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+ \fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
+
+ \node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
+ \node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
+ \node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
+ \end{tikzpicture}%
+ \fi%
+ \fi%
+}
+
+% Empty footline.
+\defbeamertemplate{footline}{none}{}
+
+\DeclareOptionBeamer{numbering}{\def\beamer@focus@numbering{#1}}
+\ExecuteOptionsBeamer{numbering=progressbar}
+\ProcessOptionsBeamer
+
+\def\beamer@focus@numberingprogressbar{progressbar}
+\def\beamer@focus@numberingfullbar{fullbar}
+\def\beamer@focus@numberingnone{none}
+
+
+% BACKGROUND CANVAS TEMPLATES. -------------------------------------------------
+\defbeamertemplate*{background canvas}{focus}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusplain}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+\defbeamertemplate{background canvas}{focusframe}{%
+ \begin{tikzpicture}
+ \clip (0,0) rectangle ++(\paperwidth,\paperheight);
+ \fill[frametitle.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
+ \end{tikzpicture}%
+}
+
+
+% HOOKS FOR CREATING FRAMES. ---------------------------------------------------
+\BeforeBeginEnvironment{frame}{%
+ \setbeamertemplate{background canvas}[focus]%
+ \setbeamertemplate{frametitle}[focus]%
+ %
+ % Reset footline height and determine it for the current slide.
+ \setlength{\focus@pbar@height}{0cm}%
+ \focus@calculatefootheight%
+ %
+ % If not appendix.
+ \ifnum\mainend<0 % From package appendixnumberbeamer.
+ \settoheight{\focus@pbar@height}{\usebeamerfont{footline}1234567890/}%
+ \addtolength{\focus@pbar@height}{6pt}%
+ %
+ \ifx\beamer@focus@numbering\beamer@focus@numberingprogressbar%
+ \setbeamertemplate{footline}[progressbar]%
+ \else%
+ \ifx\beamer@focus@numbering\beamer@focus@numberingfullbar%
+ \setbeamertemplate{footline}[fullbar]%
+ \fi%
+ \fi%
+ %
+ \focus@calculatefootheight%
+ \fi%
+}
+
+% Enable noframenumbering option.
+\define@key{beamerframe}{noframenumbering}[true]{%
+ \setbeamertemplate{footline}[none]%
+ \setlength{\focus@pbar@height}{0cm}%
+ \focus@calculatefootheight%
+ %
+ \addtocounter{framenumber}{-1}%
+}
+
+
+% Enable plain option.
+\define@key{beamerframe}{plain}[true]{%
+ \setbeamertemplate{background canvas}[focusplain]%
+ \setbeamertemplate{frametitle}[plain]%
+ %
+ \setbeamertemplate{footline}[none]%
+}
+
+
+% Full vertical centering
+% (from https://tex.stackexchange.com/questions/247826/beamer-full-vertical-centering).
+\define@key{beamerframe}{c}[true]{%
+ \beamer@frametopskip=0pt plus 1fill\relax%
+ \beamer@framebottomskip=0pt plus 1fill\relax%
+ \beamer@frametopskipautobreak=0pt plus 0.4\paperheight\relax%
+ \beamer@framebottomskipautobreak=0pt plus 0.6\paperheight\relax%
+ \def\beamer@initfirstlineunskip{}%
+}
+
+
+% Enable focus option.
+\providebool{focus@standout}
+\define@key{beamerframe}{focus}[true]{%
+ \booltrue{focus@standout}%
+ \begingroup%
+ \setkeys{beamerframe}{noframenumbering}%
+ \setbeamertemplate{background canvas}[focusframe]%
+ \setbeamertemplate{frametitle}[plain]%
+ %
+ \setkeys{beamerframe}{c}%
+ \centering%
+ \usebeamerfont{focusframe}%
+ \usebeamercolor[fg]{frametitle}%
+}
+
+\apptocmd{\beamer@reseteecodes}
+{%
+ \ifbool{focus@standout}%
+ {%
+ \endgroup%
+ \boolfalse{focus@standout}%
+ }{}%
+}{}{}
+
+
+% Recalculate the footline's size and refresh other parameters.
+% Partially copied from the definition of \beamer@calculateheadfoot.
+\def\focus@calculatefootheight{%
+ \footheight=\focus@pbar@height%
+ \advance\footheight by 4pt%
+ \sidebarheight=\paperheight%
+ \advance\sidebarheight by-\headheight%
+ \advance\sidebarheight by\headdp%
+ \advance\sidebarheight by-\footheight%
+ \advance\sidebarheight by 4pt%
+ \footskip=\footheight%
+ \textheight=\paperheight%
+ \advance\textheight by-\footheight%
+ \advance\textheight by-\headheight%
+ \@colht\textheight%
+ \@colroom\textheight%
+ \vsize\textheight%
+}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/beamerthemefocus.sty b/docs/workshop/4-passive-dns/beamerthemefocus.sty
new file mode 100644
index 0000000..f37394d
--- /dev/null
+++ b/docs/workshop/4-passive-dns/beamerthemefocus.sty
@@ -0,0 +1,60 @@
+% Copyright (C) 2018 Pasquale Claudio Africa.
+% 2018 Sebastian Friedl.
+%
+% This file is part of beamerthemefocus.
+%
+% beamerthemefocus is free software: you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation, either version 3 of the License, or
+% (at your option) any later version.
+%
+% beamerthemefocus is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with beamerthemefocus. If not, see .
+
+\NeedsTeXFormat{LaTeX2e}
+\ProvidesPackage{beamerthemefocus}[2018/08/09 v2.2 Focus Beamer theme]
+
+\mode
+
+
+% THEME OPTIONS. ---------------------------------------------------------------
+\DeclareOptionBeamer{numbering}{%
+ \PassOptionsToPackage{numbering=#1}{beamerouterthemefocus}
+}
+
+\newif\if@focus@loadfirafonts
+\@focus@loadfirafontstrue
+
+\DeclareOptionBeamer{nofirafonts}{\@focus@loadfirafontsfalse}
+\ProcessOptionsBeamer
+
+
+% LOAD EXTERNAL PACKAGES. ------------------------------------------------------
+\if@focus@loadfirafonts
+ \RequirePackage[T1]{fontenc}
+
+ \PassOptionsToPackage{type1}{FiraSans}
+ \PassOptionsToPackage{type1}{FiraMono}
+
+ \RequirePackage{FiraSans}
+ \RequirePackage{FiraMono}
+\fi
+
+\usecolortheme{focus}
+\usefonttheme{focus}
+\useinnertheme{focus}
+\useoutertheme{focus}
+
+\setbeamertemplate{navigation symbols}{}
+
+
+% SET MARGINS. -----------------------------------------------------------------
+\setbeamersize{text margin left=0.75cm, text margin right=0.75cm}
+\setlength{\leftmargini}{0.75cm}
+
+\mode
diff --git a/docs/workshop/4-passive-dns/d4-1.png b/docs/workshop/4-passive-dns/d4-1.png
new file mode 100644
index 0000000..d46c31e
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-1.png differ
diff --git a/docs/workshop/4-passive-dns/d4-2.png b/docs/workshop/4-passive-dns/d4-2.png
new file mode 100644
index 0000000..02c5efc
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-2.png differ
diff --git a/docs/workshop/4-passive-dns/d4-3.png b/docs/workshop/4-passive-dns/d4-3.png
new file mode 100644
index 0000000..68ffc11
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-3.png differ
diff --git a/docs/workshop/4-passive-dns/d4-4.png b/docs/workshop/4-passive-dns/d4-4.png
new file mode 100644
index 0000000..4c191d9
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-4.png differ
diff --git a/docs/workshop/4-passive-dns/d4-5.png b/docs/workshop/4-passive-dns/d4-5.png
new file mode 100644
index 0000000..556aea3
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-5.png differ
diff --git a/docs/workshop/4-passive-dns/d4-client.tex b/docs/workshop/4-passive-dns/d4-client.tex
new file mode 100644
index 0000000..0f9f146
--- /dev/null
+++ b/docs/workshop/4-passive-dns/d4-client.tex
@@ -0,0 +1,3 @@
+\begin{lstlisting}
+tcpdump -n -s0 -w - | ./d4 -c ./conf | socat - OPENSSL-CONNECT:$D4-SERVER-IP-ADDRESS:$PORT,verify=1
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/d4-introduction.pdf b/docs/workshop/4-passive-dns/d4-introduction.pdf
new file mode 100644
index 0000000..bf95219
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-introduction.pdf differ
diff --git a/docs/workshop/4-passive-dns/d4-introduction.tex b/docs/workshop/4-passive-dns/d4-introduction.tex
new file mode 100644
index 0000000..9440a44
--- /dev/null
+++ b/docs/workshop/4-passive-dns/d4-introduction.tex
@@ -0,0 +1,71 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\usepackage{tikz}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+\usepackage{transparent}
+\usepackage{fancyvrb}
+\usepackage{listings}
+\definecolor{main}{RGB}{47, 161, 219}
+%\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+\definecolor{textcolor}{RGB}{85, 87, 83}
+\title{Improving Passive DNS collection}
+\subtitle{with D4 Project}
+\author{Alexandre Dulaunoy}
+\titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}}
+\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
+\date{2019/03/29}
+
+\begin{document}
+ \begin{frame}
+ \maketitle
+ \end{frame}
+
+\begin{frame}
+ \frametitle{Problem statement}
+ \begin{itemize}
+ \item CIRCL (and other CSIRTs) have their own passive DNS\footnote{\url{https://www.circl.lu/services/passive-dns/}} collection mechanisms
+ \item Current {\bf collection models} are affected with DoH\footnote{DNS over HTTPS} and centralised DNS services
+ \item DNS answers collection is a tedious process
+ \item {\bf Sharing Passive DNS stream} between organisation is challenging due to privacy
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Potential Strategy}
+ \begin{itemize}
+ \item Improve {\bf Passive DNS collection diversity} by being closer to the source and limit impact of DoH (e.g. at the OS resolver level)
+ \item Increasing diversity and {\bf mixing models} before sharing/storing Passive DNS records
+ \item Simplify process and tools to install for {\bf Passive DNS collection by relying on D4 sensors} instead of custom mechanisms
+ \item Provide a distributed infrastructure for mixing streams and filtering out the sharing to the validated partners
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{First release}
+ \begin{itemize}
+
+ \item analyzer-d4-passivedns\footnote{\url{https://github.com/D4-project/analyzer-d4-passivedns}} is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in passivedns CSV format\footnote{\url{https://github.com/gamelinux/passivedns}})
+ \item Ingest these into a {\bf Passive DNS server} which can be queried later to search for the Passive DNS records
+\item The lookup server (using on redis-compatible backend) is a Passive DNS REST server compliant to the Common Output Format\footnote{\url{https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-04}}
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{D4 Overview}
+ \includegraphics[scale=0.38]{d4-overview.pdf}
+\end{frame}
+
+\begin{frame}
+\frametitle{Get in touch if you want to join/support the project, host a passive dns sensor or contribute}
+\begin{itemize}
+\item Collaboration can include research partnership, sharing of collected streams or improving the software.
+\item Contact: info@circl.lu
+\item \url{https://github.com/D4-Project} - \url{https://twitter.com/d4_project}
+\end{itemize}
+\end{frame}
+
+
+\end{document}
diff --git a/docs/workshop/4-passive-dns/d4-logo.pdf b/docs/workshop/4-passive-dns/d4-logo.pdf
new file mode 100644
index 0000000..f6cfdbf
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-logo.pdf differ
diff --git a/docs/workshop/4-passive-dns/d4-overview.pdf b/docs/workshop/4-passive-dns/d4-overview.pdf
new file mode 100644
index 0000000..0e59253
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-overview.pdf differ
diff --git a/docs/workshop/4-passive-dns/d4-protocol-encapsulation.png b/docs/workshop/4-passive-dns/d4-protocol-encapsulation.png
new file mode 100644
index 0000000..ee5b74e
Binary files /dev/null and b/docs/workshop/4-passive-dns/d4-protocol-encapsulation.png differ
diff --git a/docs/workshop/4-passive-dns/flags.tex b/docs/workshop/4-passive-dns/flags.tex
new file mode 100644
index 0000000..cba7cd8
--- /dev/null
+++ b/docs/workshop/4-passive-dns/flags.tex
@@ -0,0 +1,12 @@
+\lstset{%
+ backgroundcolor=\color{gray!25},
+ basicstyle=\ttfamily,
+ breaklines=true,
+ columns=fullflexible
+}
+
+\begin{lstlisting}
+tshark -n -r capture-20170916110006.cap.gz -T fields -e frame.time_epoch -e ip.src -e tcp.flags
+1505552542.807286000 x.45.177.71 0x00000010
+1505552547.514922000 x.45.177.71 0x00000010
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/meta.tex b/docs/workshop/4-passive-dns/meta.tex
new file mode 100644
index 0000000..2c23946
--- /dev/null
+++ b/docs/workshop/4-passive-dns/meta.tex
@@ -0,0 +1,10 @@
+\begin{lstlisting}
+{
+ "type": "ja3-jl",
+ "encoding": "utf-8",
+ "tags": [
+ "tlp:white"
+ ],
+ "misp:org": "5b642239-4db4-4580-adf4-4ebd950d210f"
+}
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/pibs.tex b/docs/workshop/4-passive-dns/pibs.tex
new file mode 100644
index 0000000..43fc641
--- /dev/null
+++ b/docs/workshop/4-passive-dns/pibs.tex
@@ -0,0 +1,3 @@
+\begin{lstlisting}
+./pibs -b -r pcap_file.cap
+\end{lstlisting}
diff --git a/docs/workshop/4-passive-dns/server.notes b/docs/workshop/4-passive-dns/server.notes
new file mode 100644
index 0000000..28d1448
--- /dev/null
+++ b/docs/workshop/4-passive-dns/server.notes
@@ -0,0 +1,31 @@
+Welcome to the d4-core wiki!
+
+## Server
+
+- Support TLS connection
+- Unpack header
+- Verify client secret key (HMAC)
+- check blocklist
+- Filter by types
+ (Only accept one connection by type-UUID - except: type 254)
+- Discard incorrect data
+- Save data in a Redis Stream (unique for each session)
+
+## Worker Manager (one by type)
+
+- Check if a new session is created and valid data are saved in a Redis stream
+- Launch a new Worker for each session
+
+## Worker
+- Get data for a stream
+- Reconstruct data
+- Save data on disk (with file rotation)
+- Sava data in Redis. Create a queue for a D4-Analyzer
+
+## Flask server
+- Get Sensors status, errors and statistics
+- Get all connected sensors
+- Manage Sensors (stream size limit, secret key, ...)
+- Manage Accepted types
+- UUID/IP blocklist
+- Create Analyzer Queues
diff --git a/docs/workshop/4-passive-dns/tcpdump.tex b/docs/workshop/4-passive-dns/tcpdump.tex
new file mode 100644
index 0000000..53ea2ed
--- /dev/null
+++ b/docs/workshop/4-passive-dns/tcpdump.tex
@@ -0,0 +1,4 @@
+\begin{lstlisting}
+tcpdump -l -s 65535 -n -i vr0 -w - '( not port $PORT and not host $HOST )' | socat - OPENSSL-CONNECT:$COLLECTOR:$PORT,cert=/etc/openssl/client.pem,cafile=/etc/openssl/ca.crt,verify=1
+\end{lstlisting}
+