D4 software stack - new version released
Following the Programming Methodology Framework aka PMF we choose to release D4 software component early, and often. All interested parties are invited to install and use these, and to report bugs on their respective Github repositories for further improvements.
- D4-core server:
- new kick functionality to remove sensor per UUID
- extended types is now supported by the D4 server (see Meta-Headers in architecture)
- many bugs fixed (following intensive use of existing new sensor such as Passive DNS and Passive SSL)
- statistics per sensor added to the UI
- various improvements including save JSON to disk and others depending of the type
- D4-core client:
- improvement to compile on older version of Linux + OpenBSD
- support for extended types (type 254)
- DNS resolution
- multiple bugs were fixed
- port of BGP Ranking to python 3.6
- ARDB back-end
Reads pcap files and identify potential DDOS related traffic such as backscatter.
- consumes pcap files, identifies potential backscatter and displays it on standard output
- writes potential DDOS traffic in pcap file
Extracts TLS certificates from pcap files or network interfaces, fingerprints TLS client/server interactions.
- extracts TLS certificates from pcap files or network interfaces
- fingerprints TLS client/server interactions with ja3/ja3s
- fingerprints TLS interactions with TLSH fuzzy hashing
- writes certificates in a folder
- exports in JSON to files, or stdout
Fetches TLS sessions generated by sensor-d4-tls-fingerprinting and massage the dataset to be usable by the forseen passivessl webservice.
- creates a Postgresql database that stores data about TLS sessions, certificates (and chains of certificates), public keys, and related fuzzyhashes provided by sensor-d4-tls-fingerprinting
- fetches TLS sessions from a d4-core server redis queue
- fetches TLS sessions from a folder containing their json descriptions
- expose chains of certificates as an ltree
- provides Postgres function to query sessions by TLSH fuzzy hash / threshold
Packs up d4-core server Virtual Machines.
- sets up a ready to use d4-core server
- packs up an Open Virtual Appliance for Virtual Box