Original import of the FIRST 2015 slides
BIN
slides/first2015/FlyingPigHeader.png
Normal file
After Width: | Height: | Size: 205 KiB |
146
slides/first2015/Makefile
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
# Makefile for LaTeX files
|
||||||
|
|
||||||
|
# Original Makefile from http://www.math.psu.edu/elkin/math/497a/Makefile
|
||||||
|
|
||||||
|
# Please check http://www.acoustics.hut.fi/u/mairas/UltimateLatexMakefile
|
||||||
|
# for new versions.
|
||||||
|
|
||||||
|
# Copyright (c) 2005,2006 (in order of appearance):
|
||||||
|
# Matti Airas <Matti.Airas@hut.fi>
|
||||||
|
# Rainer Jung
|
||||||
|
# Antoine Chambert-Loir
|
||||||
|
# Timo Kiravuo
|
||||||
|
|
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining
|
||||||
|
# a copy of this software and associated documentation files (the
|
||||||
|
# "Software"), to deal in the Software without restriction, including
|
||||||
|
# without limitation the rights to use, copy, modify, merge, publish,
|
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to
|
||||||
|
# permit persons to whom the Software is furnished to do so, subject to
|
||||||
|
# the following conditions:
|
||||||
|
|
||||||
|
# The above copyright notice and this permission notice shall be
|
||||||
|
# included in all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||||
|
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||||
|
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||||
|
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||||
|
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
# $Id: Makefile,v 1.18 2006-06-19 10:58:11 mairas Exp $
|
||||||
|
|
||||||
|
LATEX = latex
|
||||||
|
BIBTEX = bibtex
|
||||||
|
MAKEINDEX = makeindex
|
||||||
|
XDVI = xdvi -gamma 4
|
||||||
|
DVIPS = dvips
|
||||||
|
DVIPDF = dvipdft
|
||||||
|
L2H = latex2html
|
||||||
|
GH = gv
|
||||||
|
|
||||||
|
RERUN = "(There were undefined references|Rerun to get (cross-references|the bars) right)"
|
||||||
|
RERUNBIB = "No file.*\.bbl|Citation.*undefined"
|
||||||
|
MAKEIDX = "^[^%]*\\makeindex"
|
||||||
|
MPRINT = "^[^%]*print"
|
||||||
|
USETHUMBS = "^[^%]*thumbpdf"
|
||||||
|
|
||||||
|
DATE=$(shell date +%Y-%m-%d)
|
||||||
|
|
||||||
|
COPY = if test -r $(<:%.tex=%.toc); then cp $(<:%.tex=%.toc) $(<:%.tex=%.toc.bak); fi
|
||||||
|
RM = rm -f
|
||||||
|
OUTDATED = echo "EPS-file is out-of-date!" && false
|
||||||
|
|
||||||
|
# These are OK
|
||||||
|
|
||||||
|
SRC := $(shell egrep -l '^[^%]*\\begin\{document\}' *.tex)
|
||||||
|
TRG = $(SRC:%.tex=%.dvi)
|
||||||
|
PSF = $(SRC:%.tex=%.ps)
|
||||||
|
PDF = $(SRC:%.tex=%.pdf)
|
||||||
|
|
||||||
|
# These are not
|
||||||
|
|
||||||
|
#BIBFILE := $(shell perl -ne '($$_)=/^[^%]*\\bibliography\{(.*?)\}/;@_=split /,/;foreach $$b (@_) {print "$$b.bib "}' $(SRC))
|
||||||
|
#DEP := $(shell perl -ne '($$_)=/^[^%]*\\include\{(.*?)\}/;@_=split /,/;foreach $$t (@_) {print "$$t.tex "}' $(SRC))
|
||||||
|
#EPSPICS := $(shell perl -ne '@foo=/^[^%]*\\(includegraphics|psfig)(\[.*?\])?\{(.*?)\}/g;if (defined($$foo[2])) { if ($$foo[2] =~ /.eps$$/) { print "$$foo[2] "; } else { print "$$foo[2].eps "; }}' $(SRC) $(DEP))
|
||||||
|
|
||||||
|
|
||||||
|
define run-latex
|
||||||
|
$(COPY);$(LATEX) $<
|
||||||
|
egrep $(MAKEIDX) $< && ($(MAKEINDEX) $(<:%.tex=%);$(COPY);$(LATEX) $<) >/dev/null; true
|
||||||
|
egrep -c $(RERUNBIB) $(<:%.tex=%.log) && ($(BIBTEX) $(<:%.tex=%);$(COPY);$(LATEX) $<) ; true
|
||||||
|
egrep $(RERUN) $(<:%.tex=%.log) && ($(COPY);$(LATEX) $<) >/dev/null; true
|
||||||
|
egrep $(RERUN) $(<:%.tex=%.log) && ($(COPY);$(LATEX) $<) >/dev/null; true
|
||||||
|
if cmp -s $(<:%.tex=%.toc) $(<:%.tex=%.toc.bak); then true ;else $(LATEX) $< ; fi
|
||||||
|
$(RM) $(<:%.tex=%.toc.bak)
|
||||||
|
# Display relevant warnings
|
||||||
|
egrep -i "(Reference|Citation).*undefined" $(<:%.tex=%.log) ; true
|
||||||
|
endef
|
||||||
|
|
||||||
|
define run-pdflatex
|
||||||
|
LATEX=pdflatex
|
||||||
|
@$(run-latex)
|
||||||
|
endef
|
||||||
|
|
||||||
|
define get_dependencies
|
||||||
|
deps=`perl -ne '($$_)=/^[^%]*\\\(?:include|input)\{(.*?)\}/;@_=split /,/;foreach $$t (@_) {print "$$t.tex "}' $<`
|
||||||
|
endef
|
||||||
|
|
||||||
|
define getbibs
|
||||||
|
bibs=`perl -ne '($$_)=/^[^%]*\\\bibliography\{(.*?)\}/;@_=split /,/;foreach $$b (@_) {print "$$b.bib "}' $< $$deps`
|
||||||
|
endef
|
||||||
|
|
||||||
|
#define geteps
|
||||||
|
# epses=`perl -ne '@foo=/^[^%]*\\\(includegraphics|psfig)(\[.*?\])?\{(.*?)\}/g;if (defined($$foo[2])) { if ($$foo[2] =~ /.eps$$/) { print "$$foo[2] "; } else { print "$$foo[2].eps "; }}' $< $$deps`
|
||||||
|
#endef
|
||||||
|
|
||||||
|
define manconf
|
||||||
|
mandeps=`if test -r $(basename $@).cnf ; then cat $(basename $@).cnf |tr -d '\n\r' ; fi`
|
||||||
|
endef
|
||||||
|
|
||||||
|
all : $(TRG)
|
||||||
|
|
||||||
|
.PHONY : all show clean ps pdf showps veryclean
|
||||||
|
|
||||||
|
clean :
|
||||||
|
-rm -f $(TRG) $(PSF) $(PDF) $(TRG:%.dvi=%.aux) $(TRG:%.dvi=%.bbl) $(TRG:%.dvi=%.blg) $(TRG:%.dvi=%.log) $(TRG:%.dvi=%.out) $(TRG:%.dvi=%.idx) $(TRG:%.dvi=%.ilg) $(TRG:%.dvi=%.ind) $(TRG:%.dvi=%.toc) $(TRG:%.dvi=%.d)
|
||||||
|
|
||||||
|
veryclean : clean
|
||||||
|
-rm -f *.log *.aux *.dvi *.bbl *.blg *.ilg *.toc *.lof *.lot *.idx *.ind *.ps *~ *.nav *.vrb *.snm *.synctex.gz *.toc.bak
|
||||||
|
|
||||||
|
# This is a rule to generate a file of prerequisites for a given .tex file
|
||||||
|
%.d : %.tex
|
||||||
|
$(get_dependencies) ; echo $$deps ; \
|
||||||
|
$(getbibs) ; echo $$bibs ; \
|
||||||
|
# $(geteps) ; echo $$epses ; \
|
||||||
|
$(manconf) ; echo $$mandeps ;\
|
||||||
|
echo "$*.dvi $@ : $< $$deps $$bibs $$mandeps" > $@
|
||||||
|
# echo "$*.dvi $@ : $< $$deps $$bibs $$epses $$mandeps" > $@
|
||||||
|
|
||||||
|
include $(SRC:.tex=.d)
|
||||||
|
|
||||||
|
# $(DEP) $(EPSPICS) $(BIBFILE)
|
||||||
|
$(TRG) : %.dvi : %.tex
|
||||||
|
@$(run-latex)
|
||||||
|
|
||||||
|
$(PSF) : %.ps : %.dvi
|
||||||
|
@$(DVIPS) $< -o $@
|
||||||
|
|
||||||
|
$(PDF) : %.pdf : %.dvi
|
||||||
|
@$(DVIPDF) -o $@ $<
|
||||||
|
# To use pdflatex, comment the two lines above and uncomment the lines below
|
||||||
|
#$(PDF) : %.pdf : %.tex
|
||||||
|
# @$(run-pdflatex)
|
||||||
|
|
||||||
|
|
||||||
|
show : $(TRG)
|
||||||
|
@for i in $(TRG) ; do $(XDVI) $$i & done
|
||||||
|
|
||||||
|
showps : $(PSF)
|
||||||
|
@for i in $(PSF) ; do $(GH) $$i & done
|
||||||
|
|
||||||
|
ps : $(PSF)
|
||||||
|
|
||||||
|
pdf : $(PDF)
|
30
slides/first2015/beamercolorthemechameleon.sty
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
% Copyright 2007 by Marco Barisione
|
||||||
|
%
|
||||||
|
% This file may be distributed and/or modified
|
||||||
|
%
|
||||||
|
% 1. under the LaTeX Project Public License and/or
|
||||||
|
% 2. under the GNU Public License.
|
||||||
|
|
||||||
|
\mode<presentation>
|
||||||
|
|
||||||
|
%\definecolor{chameleongreen1}{RGB}{129,138,143} %grey CIRCL
|
||||||
|
\definecolor{chameleongreen1}{RGB}{213,43,30}
|
||||||
|
\definecolor{chameleongreen2}{RGB}{213,43,30} %red CIRCL
|
||||||
|
\definecolor{chameleongreen3}{RGB}{30,30,30} %black CIRCL
|
||||||
|
\definecolor{chameleongreen4}{RGB}{129,138,143}
|
||||||
|
|
||||||
|
\setbeamercolor*{palette primary}{fg=white,bg=chameleongreen2}
|
||||||
|
\setbeamercolor*{palette secondary}{fg=white,bg=chameleongreen3}
|
||||||
|
\setbeamercolor*{palette tertiary}{fg=white,bg=chameleongreen4}
|
||||||
|
\setbeamercolor*{palette quaternary}{fg=white,bg=chameleongreen1}
|
||||||
|
|
||||||
|
\setbeamercolor*{titlelike}{bg=chameleongreen3}
|
||||||
|
\setbeamercolor*{frametitle}{bg=black,fg=black}
|
||||||
|
\setbeamercolor*{part title}{bg=black,fg=black}
|
||||||
|
\setbeamercolor*{item}{fg=chameleongreen3}
|
||||||
|
|
||||||
|
\setbeamercolor*{separation line}{}
|
||||||
|
\setbeamercolor*{fine separation line}{}
|
||||||
|
|
||||||
|
\mode
|
||||||
|
<all>
|
182
slides/first2015/beamerinnerthemefancy.sty
Normal file
|
@ -0,0 +1,182 @@
|
||||||
|
% Copyright 2007 by Marco Barisione
|
||||||
|
%
|
||||||
|
% This file may be distributed and/or modified
|
||||||
|
%
|
||||||
|
% 1. under the LaTeX Project Public License and/or
|
||||||
|
% 2. under the GNU Public License.
|
||||||
|
|
||||||
|
\mode<presentation>
|
||||||
|
|
||||||
|
% Use alternative title page style.
|
||||||
|
\DeclareOptionBeamer{alternativetitlepage}[true]{\def\beamer@fancy@alternativetitlepage{#1}}
|
||||||
|
|
||||||
|
% Logo to use in the alternative title page.
|
||||||
|
\def\beamer@fancy@titlepagelogo{}
|
||||||
|
\DeclareOptionBeamer{titlepagelogo}{\def\beamer@fancy@titlepagelogo{#1}}
|
||||||
|
|
||||||
|
% Bullet shape.
|
||||||
|
\DeclareOptionBeamer{bullet}{\def\beamer@fancy@bullet{#1}}
|
||||||
|
|
||||||
|
\ExecuteOptionsBeamer{alternativetitlepage=false,bullet=square}
|
||||||
|
\ProcessOptionsBeamer
|
||||||
|
|
||||||
|
% Colors.
|
||||||
|
\setbeamercolor*{lineup}{parent=palette primary}
|
||||||
|
\setbeamercolor*{linemid}{parent=palette secondary}
|
||||||
|
\setbeamercolor*{linebottom}{parent=palette tertiary}
|
||||||
|
\setbeamercolor*{title page header}{parent=palette quaternary}
|
||||||
|
|
||||||
|
% Lengths.
|
||||||
|
\newlength{\beamer@fancy@lineup}
|
||||||
|
\setlength{\beamer@fancy@lineup}{.025\paperheight}
|
||||||
|
\newlength{\beamer@fancy@linemid}
|
||||||
|
\setlength{\beamer@fancy@linemid}{.015\paperheight}
|
||||||
|
\newlength{\beamer@fancy@linebottom}
|
||||||
|
\setlength{\beamer@fancy@linebottom}{.01\paperheight}
|
||||||
|
|
||||||
|
% Margins.
|
||||||
|
\newlength{\beamer@fancy@normalmargin}
|
||||||
|
\setlength{\beamer@fancy@normalmargin}{.06\paperwidth}
|
||||||
|
\setbeamersize{text margin left=\beamer@fancy@normalmargin}
|
||||||
|
\setbeamersize{text margin right=\beamer@fancy@normalmargin}
|
||||||
|
\setlength\leftmargini{.6\beamer@fancy@normalmargin}
|
||||||
|
\setlength\leftmarginii{.6\beamer@fancy@normalmargin}
|
||||||
|
\setlength\leftmarginiii{.6\beamer@fancy@normalmargin}
|
||||||
|
|
||||||
|
% Normal title page.
|
||||||
|
\defbeamertemplate*{title page normal}{fancy theme}[1][]
|
||||||
|
{
|
||||||
|
\vbox{}
|
||||||
|
\vfill
|
||||||
|
\begin{centering}
|
||||||
|
\begin{beamercolorbox}[wd=\paperwidth,sep=8pt,center,#1]{title page header}
|
||||||
|
\usebeamerfont{title}\inserttitle\par%
|
||||||
|
\ifx\insertsubtitle\@empty%
|
||||||
|
\else%
|
||||||
|
\vskip0.25em%
|
||||||
|
{\usebeamerfont{subtitle}\usebeamercolor[fg]{subtitle}\insertsubtitle\par}%
|
||||||
|
\fi%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\vskip1em\par
|
||||||
|
\begin{beamercolorbox}[sep=8pt,center,#1]{author}
|
||||||
|
\usebeamerfont{author}\insertauthor
|
||||||
|
\end{beamercolorbox}
|
||||||
|
\begin{beamercolorbox}[sep=8pt,center,#1]{institute}
|
||||||
|
\usebeamerfont{institute}\insertinstitute
|
||||||
|
\end{beamercolorbox}
|
||||||
|
\begin{beamercolorbox}[sep=8pt,center,#1]{date}
|
||||||
|
\usebeamerfont{date}\insertdate
|
||||||
|
\end{beamercolorbox}\vskip0.5em
|
||||||
|
{\usebeamercolor[fg]{titlegraphic}\inserttitlegraphic\par}
|
||||||
|
\end{centering}
|
||||||
|
\vfill
|
||||||
|
}
|
||||||
|
|
||||||
|
% Alternative title page, you should use this in a frame with the [plain]
|
||||||
|
% option.
|
||||||
|
\defbeamertemplate*{title page alternative}{fancy theme}[1][]
|
||||||
|
{
|
||||||
|
{\parskip0pt\offinterlineskip%
|
||||||
|
\hbox{\hskip-\Gm@lmargin\hbox{\vbox{%
|
||||||
|
\@tempdima=\textwidth\textwidth=\paperwidth\hsize=\textwidth\def\\{,}\vbox{}\vskip-1.5ex%
|
||||||
|
% Title.
|
||||||
|
\begin{beamercolorbox}[wd=\paperwidth,ht=.4\paperheight,center,#1]{title page header}
|
||||||
|
\usebeamerfont{title}\inserttitle\par%
|
||||||
|
\ifx\insertsubtitle\@empty%
|
||||||
|
\else%
|
||||||
|
\vskip0.25em%
|
||||||
|
{\usebeamerfont{subtitle}\usebeamercolor[fg]{subtitle}\insertsubtitle\par}%
|
||||||
|
\fi%
|
||||||
|
\vspace{.125\paperheight}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\vbox{}\vskip-\beamer@fancy@lineup%
|
||||||
|
\vbox{}\vskip-\beamer@fancy@linemid%
|
||||||
|
% First line.
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=.2\paperwidth,ht=\beamer@fancy@lineup,dp=0pt]{}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\begin{beamercolorbox}[wd=.8\paperwidth,ht=\beamer@fancy@lineup,dp=0pt]{lineup}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
}%
|
||||||
|
\vbox{}\vskip0ex%
|
||||||
|
% Second line.
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=.1\paperwidth,ht=\beamer@fancy@linemid,dp=0pt]{}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\begin{beamercolorbox}[wd=.9\paperwidth,ht=\beamer@fancy@linemid,dp=0pt]{linemid}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
}%
|
||||||
|
% Third line.
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=.5\paperwidth,ht=\beamer@fancy@linebottom,dp=0pt]{}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\begin{beamercolorbox}[wd=.5\paperwidth,ht=\beamer@fancy@linebottom,dp=0pt]{linebottom}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
}%
|
||||||
|
\vskip0pt%
|
||||||
|
}}%
|
||||||
|
\hskip-\Gm@rmargin%
|
||||||
|
}}\hfil%
|
||||||
|
%
|
||||||
|
\begin{columns}
|
||||||
|
\ifx\beamer@fancy@titlepagelogo\@empty%
|
||||||
|
\column{\textwidth}
|
||||||
|
\else
|
||||||
|
\column{.5\textwidth}
|
||||||
|
% Logo.
|
||||||
|
\begin{centering}
|
||||||
|
\vbox{}\vfill
|
||||||
|
\includegraphics[height=.2\paperheight]{\beamer@fancy@titlepagelogo}
|
||||||
|
\vfill
|
||||||
|
\end{centering}
|
||||||
|
\column{.5\textwidth}
|
||||||
|
\fi
|
||||||
|
% Authors, institute and date
|
||||||
|
\vskip1em\par
|
||||||
|
\begin{beamercolorbox}[sep=8pt,center,#1]{author}
|
||||||
|
\usebeamerfont{author}\insertauthor
|
||||||
|
\end{beamercolorbox}
|
||||||
|
\begin{beamercolorbox}[sep=8pt,center,#1]{institute}
|
||||||
|
\usebeamerfont{institute}\insertinstitute
|
||||||
|
\end{beamercolorbox}
|
||||||
|
\begin{beamercolorbox}[sep=8pt,center,#1]{date}
|
||||||
|
\usebeamerfont{date}\insertdate
|
||||||
|
\end{beamercolorbox}\vskip0.5em
|
||||||
|
{\usebeamercolor[fg]{titlegraphic}\inserttitlegraphic\par}
|
||||||
|
\end{columns}
|
||||||
|
}
|
||||||
|
|
||||||
|
\defbeamertemplate*{title page}{fancy}[1][]
|
||||||
|
{
|
||||||
|
\def\beamer@fancy@truetext{true}%
|
||||||
|
\ifx\beamer@fancy@alternativetitlepage\beamer@fancy@truetext%
|
||||||
|
\usebeamertemplate{title page alternative}%
|
||||||
|
\else%
|
||||||
|
\usebeamertemplate{title page normal}%
|
||||||
|
\fi%
|
||||||
|
}
|
||||||
|
|
||||||
|
% Items.
|
||||||
|
\defbeamertemplate{itemize item}{squarealt}%
|
||||||
|
{\tiny\raise.5ex\hbox{\donotcoloroutermaths$\blacksquare$}}
|
||||||
|
\defbeamertemplate{itemize subitem}{squarealt}%
|
||||||
|
{\tiny\raise.4ex\hbox{\donotcoloroutermaths$\square$}}
|
||||||
|
\defbeamertemplate{itemize subsubitem}{squarealt}%
|
||||||
|
{\tiny\raise.3ex\hbox{\donotcoloroutermaths$\blacksquare$}}
|
||||||
|
|
||||||
|
\defbeamertemplate{itemize item}{circlealt}%
|
||||||
|
{\small\raise.2ex\hbox{\donotcoloroutermaths$\bullet$}}
|
||||||
|
\defbeamertemplate{itemize subitem}{circlealt}%
|
||||||
|
{\small\raise.1ex\hbox{\donotcoloroutermaths$\circ$}}
|
||||||
|
\defbeamertemplate{itemize subsubitem}{circlealt}%
|
||||||
|
{\scriptsize\raise.1ex\hbox{\donotcoloroutermaths$\bullet$}}
|
||||||
|
|
||||||
|
\def\circletext{circle}
|
||||||
|
\ifx\beamer@fancy@bullet\circletext
|
||||||
|
\setbeamertemplate{items}[circlealt]
|
||||||
|
\else
|
||||||
|
\setbeamertemplate{items}[squarealt]
|
||||||
|
\fi
|
||||||
|
|
||||||
|
\mode<all>
|
||||||
|
|
166
slides/first2015/beamerouterthemedecolines.sty
Normal file
|
@ -0,0 +1,166 @@
|
||||||
|
% Copyright 2007 by Marco Barisione
|
||||||
|
%
|
||||||
|
% This file may be distributed and/or modified
|
||||||
|
%
|
||||||
|
% 1. under the LaTeX Project Public License and/or
|
||||||
|
% 2. under the GNU Public License.
|
||||||
|
|
||||||
|
\mode<presentation>
|
||||||
|
|
||||||
|
% String used between the current page and the total page count.
|
||||||
|
\def\beamer@decolines@pageofpages{/}
|
||||||
|
\DeclareOptionBeamer{pageofpages}{\def\beamer@decolines@pageofpages{#1}}
|
||||||
|
|
||||||
|
% Show a line below the frame title.
|
||||||
|
\DeclareOptionBeamer{titleline}[true]{\def\beamer@decolines@titleline{#1}}
|
||||||
|
|
||||||
|
% Image used for the watermark.
|
||||||
|
\def\beamer@decolines@watermarkorig{}
|
||||||
|
\DeclareOptionBeamer{watermark}{\def\beamer@decolines@watermarkorig{#1}}
|
||||||
|
|
||||||
|
% Height of the watermark.
|
||||||
|
\def\beamer@decolines@watermarkheight{100px}
|
||||||
|
\DeclareOptionBeamer{watermarkheight}{\def\beamer@decolines@watermarkheight{#1}}
|
||||||
|
|
||||||
|
% The original image height is watermarkheightmult * watermarkheight.
|
||||||
|
\def\beamer@decolines@watermarkheightmult{1}
|
||||||
|
\DeclareOptionBeamer{watermarkheightmult}{\def\beamer@decolines@watermarkheightmult{#1}}
|
||||||
|
|
||||||
|
\ExecuteOptionsBeamer{titleline=false}
|
||||||
|
\ProcessOptionsBeamer
|
||||||
|
|
||||||
|
% Enable/disable the watermark.
|
||||||
|
\def\watermarkon{%
|
||||||
|
\def\beamer@decolines@watermark{\beamer@decolines@watermarkorig}%
|
||||||
|
}
|
||||||
|
\def\watermarkoff{\def\beamer@decolines@watermark{}}
|
||||||
|
|
||||||
|
% Initially enable the watermark.
|
||||||
|
\watermarkon
|
||||||
|
|
||||||
|
% Colors.
|
||||||
|
\setbeamercolor*{lineup}{parent=palette primary}
|
||||||
|
\setbeamercolor*{linemid}{parent=palette secondary}
|
||||||
|
\setbeamercolor*{linebottom}{parent=palette tertiary}
|
||||||
|
\setbeamercolor*{page header}{parent=titlelike}
|
||||||
|
|
||||||
|
% Lengths
|
||||||
|
\newlength{\headerheight}
|
||||||
|
\setlength{\headerheight}{.045\paperheight}
|
||||||
|
\newlength{\beamer@decolines@lineup}
|
||||||
|
\setlength{\beamer@decolines@lineup}{.025\paperheight}
|
||||||
|
\newlength{\beamer@decolines@linemid}
|
||||||
|
\setlength{\beamer@decolines@linemid}{.015\paperheight}
|
||||||
|
\newlength{\beamer@decolines@linebottom}
|
||||||
|
\setlength{\beamer@decolines@linebottom}{.01\paperheight}
|
||||||
|
|
||||||
|
% The height of the watermark part below the 3 bottom lines.
|
||||||
|
\newlength{\beamer@decolines@watermarkheightbottom}
|
||||||
|
\addtolength{\beamer@decolines@watermarkheightbottom}{\beamer@decolines@lineup}
|
||||||
|
\addtolength{\beamer@decolines@watermarkheightbottom}{\beamer@decolines@linemid}
|
||||||
|
\addtolength{\beamer@decolines@watermarkheightbottom}{\beamer@decolines@linebottom}
|
||||||
|
|
||||||
|
% The height of the watermark part over the 3 bottom lines before shrinking.
|
||||||
|
\newlength{\beamer@decolines@watermarkheightupperorig}
|
||||||
|
\setlength{\beamer@decolines@watermarkheightupperorig}{\beamer@decolines@watermarkheight}
|
||||||
|
\addtolength{\beamer@decolines@watermarkheightupperorig}{-\beamer@decolines@watermarkheightbottom}
|
||||||
|
\multiply\beamer@decolines@watermarkheightupperorig by \beamer@decolines@watermarkheightmult
|
||||||
|
|
||||||
|
% Footer.
|
||||||
|
\defbeamertemplate*{footline}{decolines theme}
|
||||||
|
{
|
||||||
|
\leavevmode%
|
||||||
|
% Page number.
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=.2\paperwidth,ht=0ex,dp=0ex,center]{}%
|
||||||
|
\usebeamerfont{palette primary}\insertframenumber{} \beamer@decolines@pageofpages{} \inserttotalframenumber%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\begin{beamercolorbox}[wd=.8\paperwidth,ht=0ex,dp=0ex]{}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
} %
|
||||||
|
% First line.
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=.2\paperwidth,ht=\beamer@decolines@lineup,dp=0pt]{}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\begin{beamercolorbox}[wd=.8\paperwidth,ht=\beamer@decolines@lineup,dp=0pt]{lineup}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
} %
|
||||||
|
% Second line.
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=\paperwidth,ht=\beamer@decolines@linemid,dp=0pt]{linemid}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
} %
|
||||||
|
% Third line.
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=.1\paperwidth,ht=\beamer@decolines@linebottom,dp=0pt]{}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\begin{beamercolorbox}[wd=.9\paperwidth,ht=\beamer@decolines@linebottom,dp=0pt]{linebottom}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
}%
|
||||||
|
% This seems to fix some alignment problems with the watermark. It has to be
|
||||||
|
% always applied if you do not want to see the footer moving up and down when
|
||||||
|
% moving from a page with watermark to a page without or vice versa.
|
||||||
|
\vskip-.5px%
|
||||||
|
% Watermark.
|
||||||
|
\if\beamer@decolines@watermark\@empty\else%
|
||||||
|
\vskip-\beamer@decolines@watermarkheightbottom%
|
||||||
|
\llap{\includegraphics[height=\beamer@decolines@watermarkheightbottom,clip=true,%
|
||||||
|
trim=0pt 0pt 0pt \beamer@decolines@watermarkheightupperorig]{\beamer@decolines@watermark}\hskip-\paperwidth}%
|
||||||
|
\fi%
|
||||||
|
}
|
||||||
|
|
||||||
|
\defbeamertemplate*{headline}{decolines theme}
|
||||||
|
{
|
||||||
|
\leavevmode%
|
||||||
|
\hbox{%
|
||||||
|
\begin{beamercolorbox}[wd=\paperwidth,ht=\headerheight,dp=0pt]{page header}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
} %
|
||||||
|
\vskip0pt%
|
||||||
|
}
|
||||||
|
|
||||||
|
\defbeamertemplate*{frametitle}{decolines theme}[1][left]
|
||||||
|
{
|
||||||
|
\ifbeamercolorempty[bg]{frametitle}{}{\nointerlineskip}%
|
||||||
|
\@tempdima=\textwidth%
|
||||||
|
\advance\@tempdima by\beamer@leftmargin%
|
||||||
|
\advance\@tempdima by\beamer@rightmargin%
|
||||||
|
\vbox{}\vskip-.5\beamer@leftmargin%
|
||||||
|
\begin{beamercolorbox}[sep=\beamer@leftmargin,#1,wd=\the\@tempdima]{}
|
||||||
|
\usebeamerfont{frametitle}\usebeamercolor[bg]{framesubtitle}%
|
||||||
|
\vbox{}\vskip0ex%
|
||||||
|
\if@tempswa\else\csname beamer@fte#1\endcsname\fi%
|
||||||
|
\strut\insertframetitle\strut\par%
|
||||||
|
{%
|
||||||
|
\ifx\insertframesubtitle\@empty%
|
||||||
|
\else%
|
||||||
|
{\usebeamerfont{framesubtitle}\usebeamercolor[bg]{framesubtitle}\insertframesubtitle\strut\par}%
|
||||||
|
\fi
|
||||||
|
}%
|
||||||
|
\vskip-1ex%
|
||||||
|
\if@tempswa\else\vskip-\beamer@leftmargin\fi
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\def\beamer@decolines@truetext{true}%
|
||||||
|
\ifx\beamer@decolines@titleline\beamer@decolines@truetext%
|
||||||
|
\vskip-.5\beamer@leftmargin%
|
||||||
|
\begin{beamercolorbox}[wd=\textwidth,ht=.1ex,dp=0ex]{linemid}%
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\fi
|
||||||
|
}
|
||||||
|
|
||||||
|
% Frame title continuations, default
|
||||||
|
\defbeamertemplate*{frametitle continuation}{decolines theme}{(\insertcontinuationcount)}
|
||||||
|
|
||||||
|
\defbeamertemplate*{sidebar right}{decolines theme}
|
||||||
|
{
|
||||||
|
\vskip.1\beamer@leftmargin%
|
||||||
|
\llap{\insertlogo\hskip.5\beamer@leftmargin}%
|
||||||
|
\vfill%
|
||||||
|
\if\beamer@decolines@watermark\@empty\else%
|
||||||
|
\llap{\includegraphics[height=\beamer@decolines@watermarkheight]{\beamer@decolines@watermark}}%
|
||||||
|
\vskip-\beamer@decolines@watermarkheightbottom%
|
||||||
|
\fi
|
||||||
|
}
|
||||||
|
|
||||||
|
\mode
|
||||||
|
<all>
|
28
slides/first2015/beamerthemeTorino.sty
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
% Copyright 2007 by Marco Barisione
|
||||||
|
%
|
||||||
|
% This file may be distributed and/or modified
|
||||||
|
%
|
||||||
|
% 1. under the LaTeX Project Public License and/or
|
||||||
|
% 2. under the GNU Public License.
|
||||||
|
|
||||||
|
\mode<presentation>
|
||||||
|
|
||||||
|
\DeclareOptionBeamer{alternativetitlepage}[true]{\PassOptionsToPackage{alternativetitlepage=#1}{beamerinnerthemefancy}}
|
||||||
|
\DeclareOptionBeamer{titlepagelogo}{\PassOptionsToPackage{titlepagelogo=#1}{beamerinnerthemefancy}}
|
||||||
|
\DeclareOptionBeamer{bullet}{\PassOptionsToPackage{bullet=#1}{beamerinnerthemefancy}}
|
||||||
|
\DeclareOptionBeamer{pageofpages}{\PassOptionsToPackage{pageofpages=#1}{beamerouterthemedecolines}}
|
||||||
|
\DeclareOptionBeamer{titleline}[true]{\PassOptionsToPackage{titleline=#1}{beamerouterthemedecolines}}
|
||||||
|
\DeclareOptionBeamer{watermark}{\PassOptionsToPackage{watermark=#1}{beamerouterthemedecolines}}
|
||||||
|
\DeclareOptionBeamer{watermarkheight}{\PassOptionsToPackage{watermarkheight=#1}{beamerouterthemedecolines}}
|
||||||
|
\DeclareOptionBeamer{watermarkheightmult}{\PassOptionsToPackage{watermarkheightmult=#1}{beamerouterthemedecolines}}
|
||||||
|
|
||||||
|
\ProcessOptionsBeamer
|
||||||
|
|
||||||
|
\useinnertheme{fancy}
|
||||||
|
\useoutertheme{decolines}
|
||||||
|
\usecolortheme{chameleon}
|
||||||
|
|
||||||
|
\setbeamertemplate{navigation symbols}{}
|
||||||
|
|
||||||
|
\mode
|
||||||
|
<all>
|
30
slides/first2015/circl-introduction.tex
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
\documentclass{beamer}
|
||||||
|
\usetheme[pageofpages=of,% String used between the current page and the
|
||||||
|
% total page count.
|
||||||
|
bullet=circle,% Use circles instead of squares for bullets.
|
||||||
|
titleline=true,% Show a line below the frame title.
|
||||||
|
alternativetitlepage=true,% Use the fancy title page.
|
||||||
|
titlepagelogo=logos2.png,% Logo for the first page.
|
||||||
|
% watermark=watermark-polito,% Watermark used in every page.
|
||||||
|
% watermarkheight=100px,% Height of the watermark.
|
||||||
|
% watermarkheightmult=4,% The watermark image is 4 times bigger
|
||||||
|
% than watermarkheight.
|
||||||
|
]{Torino}
|
||||||
|
|
||||||
|
\usepackage{listings}
|
||||||
|
\usepackage[utf8]{inputenc}
|
||||||
|
\usepackage{tikz}
|
||||||
|
\usetikzlibrary{positioning}
|
||||||
|
\usetikzlibrary{shapes,arrows}
|
||||||
|
|
||||||
|
|
||||||
|
\author{Alexandre Dulaunoy \\ @adulau \\ Eireann Leverett \\ @blackswanburst \\\emph{TLP:WHITE}}
|
||||||
|
\subtitle{Passive Detection and Reconnaissance Techniques, to Find, Track\\ and Attribute Vulnerable "Devices"}
|
||||||
|
\title{Passive SSL}
|
||||||
|
\institute{}
|
||||||
|
\date{\today}
|
||||||
|
|
||||||
|
\begin{document}
|
||||||
|
\include{content-passivessl}
|
||||||
|
\end{document}
|
||||||
|
|
BIN
slides/first2015/circl-logo.png
Normal file
After Width: | Height: | Size: 19 KiB |
323
slides/first2015/content-passivessl.tex
Normal file
|
@ -0,0 +1,323 @@
|
||||||
|
% DO NOT COMPILE THIS FILE DIRECTLY!
|
||||||
|
% This is included by the other .tex files.
|
||||||
|
|
||||||
|
\begin{frame}[t,plain]
|
||||||
|
\titlepage
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\colorlet{punct}{red!60!black}
|
||||||
|
\definecolor{background}{HTML}{EEEEEE}
|
||||||
|
\definecolor{delim}{RGB}{20,105,176}
|
||||||
|
\colorlet{numb}{magenta!60!black}
|
||||||
|
|
||||||
|
\lstdefinelanguage{brol}{
|
||||||
|
basicstyle=\normalfont\ttfamily,
|
||||||
|
numbers=left,
|
||||||
|
numberstyle=\scriptsize,
|
||||||
|
stepnumber=1,
|
||||||
|
numbersep=8pt,
|
||||||
|
showstringspaces=false,
|
||||||
|
breaklines=true,
|
||||||
|
frame=lines,
|
||||||
|
basicstyle=\tiny,
|
||||||
|
backgroundcolor=\color{background},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}[t, fragile]{Datasets used}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Eireann used Shodan stream of certificates (350k certificates in counting Bloomfilter).
|
||||||
|
\begin{itemize}
|
||||||
|
\item Thanks to John (Shodan) Matherly.
|
||||||
|
\end{itemize}
|
||||||
|
\item Alex used the CIRCL Passive SSL datasets (around 100 millions certificates).
|
||||||
|
\begin{itemize}
|
||||||
|
\item Thanks to GCHQ (for the idea).
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Problem statement}
|
||||||
|
CSIRT or LIRT or security analysts have recurring issues to:
|
||||||
|
\begin{itemize}
|
||||||
|
\item Find owners of IP addresses.
|
||||||
|
\item Detect usage of CIDR blocks.
|
||||||
|
\item Find vulnerable systems passively (and avoid intrusive scanning).
|
||||||
|
\begin{itemize}
|
||||||
|
\item Scale of potential impact.
|
||||||
|
\end{itemize}
|
||||||
|
\item Detect compromised services.
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Acknowlegement}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Thanks to GCHQ and the FLYING PIG program
|
||||||
|
\item and Edward Snowden for releasing the document.
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\includegraphics[scale=0.4]{FlyingPigHeader.png}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Double edge techniques that can be used for good or bad reasons.
|
||||||
|
\item Another opportunity to improve your threat modeling and your weak TLS knowledge.
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Passive SSL}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Replicating Passive DNS concepts into SSL/TLS.
|
||||||
|
\item Keeping a history of X.509 certificates seen per IP address.
|
||||||
|
\begin{itemize}
|
||||||
|
\item Usage over time of the X.509 certificates.
|
||||||
|
\end{itemize}
|
||||||
|
\item Providing a search ReST interface per IP address, CIDR block.
|
||||||
|
\item Tracing the use of CA and CRL/OCSP.
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Collecting X.509 Certificates - Internet Scanning}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Scan the Internet yourself (e.g. In a single scan of the IPv4 space, close to 50 millions certificates).
|
||||||
|
\item Which port to scan? protocol or service? pps?
|
||||||
|
\item How often? (e.g. weekly scan helps to determine the stability of an IP,Certificate tuple)
|
||||||
|
\item Cannot scan, you can reuse existing scanning data (e.g. \url{scans.io}).
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\usetikzlibrary{positioning}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Collecting X.509 Certificates - Passive DNS - SNI}
|
||||||
|
\begin{itemize}
|
||||||
|
\item On a single IPv4 address, you can have more than one certificate.
|
||||||
|
\begin{itemize}
|
||||||
|
\item Alternate SSL ports, multihomed systems
|
||||||
|
\item Other services: SSL-VPN, ESMTP, DTLS, IMAP, ...
|
||||||
|
\end{itemize}
|
||||||
|
\item How to scan IPv6 address space for X.509 Certificates.
|
||||||
|
\item Passive DNS used as a source for SNI (Server Name Indication) value or IPv6 addresses.
|
||||||
|
\end{itemize}
|
||||||
|
\tikzstyle{block} = [rectangle, draw, fill=green!20, text width=7em, text centered, rounded corners, minimum height=1.5em]
|
||||||
|
\tikzstyle{line} = [draw, -latex']
|
||||||
|
\begin{center}
|
||||||
|
\scalebox{0.6}{
|
||||||
|
\begin{tikzpicture}[scale=1, node distance = 1cm and 5mm, auto, edge from parent/.style={->,draw}, >=latex]
|
||||||
|
|
||||||
|
\node [block, fill=lightgray!20, text=red] (passivedns) {Passive DNS};
|
||||||
|
\node [block, right = of passivedns, fill=lightgray!20] (domainextraction) {record fetcher};
|
||||||
|
\node [block, below = of domainextraction] (Arecord) {IPv4 - 'A' records};
|
||||||
|
\draw [dotted] (domainextraction) -- (Arecord);
|
||||||
|
\node [block, below = of Arecord] (AAAArecord) {IPv6 - 'AAAA' records};
|
||||||
|
\draw [dotted] (Arecord) -- (AAAArecord);
|
||||||
|
\node [block, below = of AAAArecord] (MXrecord) {SMTP - 'MX' records};
|
||||||
|
\draw [dotted] (AAAArecord) -- (MXrecord);
|
||||||
|
\node [block, right = of MXrecord] (STARTTLS) {STARTTLS scanner};
|
||||||
|
\draw (passivedns) -- (domainextraction);
|
||||||
|
\node [block, right = of domainextraction, fill=lightgray!20] (scanner) {TLS scanner};
|
||||||
|
\draw (MXrecord) -- (STARTTLS);
|
||||||
|
\draw (domainextraction) -- (scanner);
|
||||||
|
\draw [dotted] (STARTTLS) -- (scanner);
|
||||||
|
\end{tikzpicture}}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Collecting X.509 Certificates - Network Interception}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Tapping a network interface where SSL/TLS handshakes are performed.
|
||||||
|
\item TCP reassembly is still hard and finding SSL/TLS handshakes is a complementary problem.
|
||||||
|
\item ssldump\footnote{\url{http://www.github.com/adulau/ssldump}}, Suricata, Moloch,...
|
||||||
|
\item If you collect SSL/TLS handshakes in your internal network, don't forget the impact of intercepting proxies.
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Collecting X.509 Certificates from Tor exit nodes}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Tor exit nodes traffic is an interesting source of alternative X.509 certificates (e.g. Tor circuits, XMPP sessions, TLS on non-standard ports).
|
||||||
|
\item A huge proportion of flows uses TLS which provides a good overview of the most active X.509 certificates (e.g. Google, .vk.com...).
|
||||||
|
\item Don't forget, not all the security researchers have good intention (e.g. FLYING PIG).
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Security Perspective of X.509 Certificates}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Subject Name and Issuer Name can provide a lot of details about the devices, issuers or the overall security practices.
|
||||||
|
\begin{itemize}
|
||||||
|
\item A lot of X.509 certificates are automatically generated without the users knowledge.
|
||||||
|
\item Detailed or sensitive information can leak in the X.509 certificate fields.
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\begin{lstlisting}[language=brol]
|
||||||
|
4fd64e325ec7a14ac2e34bb5cfed28fef24c3ffb,C=DE, ST=Bavaria, L=Ingolstadt, O=Kaspersky Lab GmbH, OU=Pre-Sales, CN=rdg.klab.it.cx/emailAddress=consulting@kaspersky.de
|
||||||
|
dc4a127eae8a47a8041a4ce7f1a214c3e6957cd6,C=RU, ST=Moscow, L=Moscow, O=Kaspersky Lab ZAO, OU=IT, CN=nordnetsync.anti-theft.kaspersky.com
|
||||||
|
8a9c839f2ff275c79a985ea84b89bc9fa404d010,C=RU, ST=Moscow, L=Moscow, O=Kaspersky Lab, OU=IT, CN=owa.kaspersky.com
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Key-size distribution}
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{ l | c}
|
||||||
|
Occurences&Key-size\\ \hline
|
||||||
|
181899&1024\\
|
||||||
|
143532&2048\\
|
||||||
|
4997&512\\
|
||||||
|
2845&4096\\
|
||||||
|
1467&3072\\
|
||||||
|
36&1023\\
|
||||||
|
33&256\\
|
||||||
|
30&2432\\
|
||||||
|
26&768\\
|
||||||
|
13&8192\\
|
||||||
|
11&2047\\
|
||||||
|
10&1536\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Key-size and Revocation}
|
||||||
|
\includegraphics[scale=0.23]{./images/expired.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{An Overview of Most Common Self-signed Certificates}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[scale=0.25]{./images/SelfSignedCloud.png}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\colorlet{punct}{red!60!black}
|
||||||
|
\definecolor{background}{HTML}{EEEEEE}
|
||||||
|
\definecolor{delim}{RGB}{20,105,176}
|
||||||
|
\colorlet{numb}{magenta!60!black}
|
||||||
|
|
||||||
|
\lstdefinelanguage{json}{
|
||||||
|
basicstyle=\normalfont\ttfamily,
|
||||||
|
numbers=left,
|
||||||
|
numberstyle=\scriptsize,
|
||||||
|
stepnumber=1,
|
||||||
|
numbersep=8pt,
|
||||||
|
showstringspaces=false,
|
||||||
|
breaklines=true,
|
||||||
|
frame=lines,
|
||||||
|
backgroundcolor=\color{background},
|
||||||
|
literate=
|
||||||
|
*{0}{{{\color{numb}0}}}{1}
|
||||||
|
{1}{{{\color{numb}1}}}{1}
|
||||||
|
{2}{{{\color{numb}2}}}{1}
|
||||||
|
{3}{{{\color{numb}3}}}{1}
|
||||||
|
{4}{{{\color{numb}4}}}{1}
|
||||||
|
{5}{{{\color{numb}5}}}{1}
|
||||||
|
{6}{{{\color{numb}6}}}{1}
|
||||||
|
{7}{{{\color{numb}7}}}{1}
|
||||||
|
{8}{{{\color{numb}8}}}{1}
|
||||||
|
{9}{{{\color{numb}9}}}{1}
|
||||||
|
{:}{{{\color{punct}{:}}}}{1}
|
||||||
|
{,}{{{\color{punct}{,}}}}{1}
|
||||||
|
{\{}{{{\color{delim}{\{}}}}{1}
|
||||||
|
{\}}{{{\color{delim}{\}}}}}{1}
|
||||||
|
{[}{{{\color{delim}{[}}}}{1}
|
||||||
|
{]}{{{\color{delim}{]}}}}{1},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Most Common Subject and Org Names in X.509}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[scale=0.20]{./images/SelfSigned.png}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Dyre malware and SSL fingerprint}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Dyre malware contains a list of static IP addresses to reach as C\&C. What kind of C\&C?
|
||||||
|
\end{itemize}
|
||||||
|
\begin{lstlisting}[language=json,firstnumber=1]
|
||||||
|
{"5.44.15.70": ["C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT/emailAddress=support@ubnt.com"]}
|
||||||
|
{"93.184.71.88": ["C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT/emailAddress=support@ubnt.com"]}
|
||||||
|
\end{lstlisting}
|
||||||
|
\begin{itemize}
|
||||||
|
\item The compromised Ubiquiti routers (with default password) were compromised to proxy SSL connections.
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\lstdefinelanguage{brol}{
|
||||||
|
basicstyle=\normalfont\ttfamily,
|
||||||
|
numbers=left,
|
||||||
|
numberstyle=\scriptsize,
|
||||||
|
stepnumber=1,
|
||||||
|
numbersep=8pt,
|
||||||
|
showstringspaces=false,
|
||||||
|
breaklines=true,
|
||||||
|
frame=lines,
|
||||||
|
basicstyle=\tiny,
|
||||||
|
backgroundcolor=\color{background},
|
||||||
|
}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{How to find user of a specific software?}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Who use MobileIron Mobile Device Management? More than 11000 certificates on a two-year period.
|
||||||
|
\end{itemize}
|
||||||
|
\begin{lstlisting}[language=brol]
|
||||||
|
c2ef4df6c7be287f78ae9178d65e8078f253cfb1,C=US, ST=California, L=Sunnyvale, O=MobileIron, OU=Support, CN=ActiveSyncProxyCA/emailAddress=support@mobileiron.com
|
||||||
|
5c10590f0e977c15805124ddc00f470383768b10,C=US, ST=California, L=Sunnyvale, O=MobileIron, OU=Support, CN=usslmmdmsecapp004.net.plm.eds.com/emailAddress=support@mobileiron.com
|
||||||
|
9ce9edf68ecbf59c746e0d3bbe6d98d72b65fed3,C=US, ST=California, L=Sunnyvale, O=MobileIron, OU=Support, CN=mbx-desat-otn.defdh.astrium.eads.net/emailAddress=support@mobileiron.com
|
||||||
|
b47ec8382624035448eebcf15a1cd402425ca661,C=US, ST=California, L=Sunnyvale, O=MobileIron, OU=Support, CN=ActiveSyncProxyCA/emailAddress=support@mobileiron.com
|
||||||
|
5190314e4590420e75a2e7b21c74b34255da0806,C=US, ST=California, L=Sunnyvale, O=MobileIron, OU=Support, CN=ats.patrizia.ag/emailAddress=support@mobileiron.com
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Detecting dynamic IP ranges?}
|
||||||
|
\begin{itemize}
|
||||||
|
\item SSL/TLS services are often running on dynamic IP ranges. Users use dynamic DNS. Dynamic ranges managed by ISP can be detected and associated users too.
|
||||||
|
\end{itemize}
|
||||||
|
\begin{lstlisting}[language=brol]
|
||||||
|
d53cc7380ed06c8b8ef0163952c9c534afad7ab8,CN=pino007.ath.cx
|
||||||
|
92bfef7362de7b381c723a2a352d54d82d49712a,CN=profinance.ath.cx
|
||||||
|
2cd0f2033c756222c976b631dba1a95a87aeadf9,CN=kschaub.ath.cx
|
||||||
|
c0de4fe83452046c0529b74f6081a39f82907746,CN=fferemote.ath.cx
|
||||||
|
b0d04a23ff6da2191d7b78f72352f1196802f61f,CN=hm01-server.Filmhotel.local, CN=localhost, CN=hm01-server, CN=companyweb, CN=filmhotel.ath.cx
|
||||||
|
a4b54adb780a5c9ea737399f9492f9f4dafc721d,CN=praxis-drciftci.ath.cx
|
||||||
|
77b89a57304256562ebfa42024fa9adeb304ad5a,CN=remote.mandk.ath.cx
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t,fragile]{Popcorn time}
|
||||||
|
\begin{lstlisting}[language=brol]
|
||||||
|
e4bd71c2e365b61b39d775ba43ef936a4fe9175c,C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=*.*
|
||||||
|
1fc3a857a14ca15d3c37fdb2c8b7e0de01e4f0fd,C=IL, ST=Tel Aviv, O=Visonic Ltd., CN=*.*
|
||||||
|
397b25c864131bc78aff25622296171d60843318,C=IE, ST=Dublin, O=Fuck SSL Cartels, CN=*.nosmo.me/emailAddress=nosmo@nosmo.me
|
||||||
|
\end{lstlisting}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item We can laugh at everything? Especially with this certificate proposed by 94.242.58.131
|
||||||
|
\end{itemize}
|
||||||
|
\begin{lstlisting}[language=brol]
|
||||||
|
06892001be0854570546b1e609d33a5510290e3b,C=US, ST=California, L=Mountain View, O=GeoTrust Inc., OU=GeoTrust Global CA, CN=*.*
|
||||||
|
|
||||||
|
Issuer: C=US, ST=California, L=Mountain View, O=GeoTrust Inc., OU=GeoTrust Global CA, CN=*.*
|
||||||
|
Validity
|
||||||
|
Not Before: May 19 09:54:04 2015 GMT
|
||||||
|
Not After : May 16 09:54:04 2025 GMT
|
||||||
|
Subject: C=US, ST=California, L=Mountain View, O=GeoTrust Inc., OU=GeoTrust Global CA, CN=*.*
|
||||||
|
|
||||||
|
\end{lstlisting}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}[t, fragile]{Conclusion}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Passive SSL helped us to get in contact with owners of vulnerable or abused systems.
|
||||||
|
\item Passive SSL is an ongoing project and you can request access if do incident handling or security research\footnote{\url{https://www.circl.lu/services/passive-ssl/}}.
|
||||||
|
\item Weird occurences in dataset lead to additional insights.
|
||||||
|
\item Analysing the same dataset with different eyes improved analysis.
|
||||||
|
\item Comparing different datasets can be independant verification of facts or proportion.
|
||||||
|
\item Information visualisation can be used as a navigation strategy before deep diving.
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[t, fragile]{Q\&A}
|
||||||
|
\begin{itemize}
|
||||||
|
\item @blackswanburst - eireann.leverett@cantab.net
|
||||||
|
\item @adulau - alexandre.dulaunoy@circl.lu
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
BIN
slides/first2015/first-passive-recon.pdf
Normal file
BIN
slides/first2015/images/CertificateExpiry.png
Normal file
After Width: | Height: | Size: 38 KiB |
BIN
slides/first2015/images/Duration1.png
Normal file
After Width: | Height: | Size: 21 KiB |
BIN
slides/first2015/images/Duration2.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
slides/first2015/images/ExpiredKeystrength.png
Normal file
After Width: | Height: | Size: 28 KiB |
BIN
slides/first2015/images/SSL-Expiry-2.png
Normal file
After Width: | Height: | Size: 97 KiB |
BIN
slides/first2015/images/SSL-Expiry.png
Normal file
After Width: | Height: | Size: 115 KiB |
BIN
slides/first2015/images/SelfSigned.png
Normal file
After Width: | Height: | Size: 82 KiB |
BIN
slides/first2015/images/SelfSignedCloud.png
Normal file
After Width: | Height: | Size: 189 KiB |
BIN
slides/first2015/images/TotalDateCount.png
Normal file
After Width: | Height: | Size: 15 KiB |
BIN
slides/first2015/images/TotalLegend.png
Normal file
After Width: | Height: | Size: 5.4 KiB |
BIN
slides/first2015/images/UniqueDateCount.png
Normal file
After Width: | Height: | Size: 15 KiB |
BIN
slides/first2015/images/UniqueLegend.png
Normal file
After Width: | Height: | Size: 5.4 KiB |
BIN
slides/first2015/images/expired.png
Normal file
After Width: | Height: | Size: 23 KiB |
BIN
slides/first2015/jbs-logo.gif
Normal file
After Width: | Height: | Size: 10 KiB |
BIN
slides/first2015/jbs-logo.png
Normal file
After Width: | Height: | Size: 8.7 KiB |
BIN
slides/first2015/logo-circl.pdf
Normal file
BIN
slides/first2015/logos.png
Normal file
After Width: | Height: | Size: 88 KiB |
BIN
slides/first2015/logos2.png
Normal file
After Width: | Height: | Size: 120 KiB |