threat mitigation – Mitre ATT&CK for ICS: how to get the list of assets?

I’am using the Mitre ATT&CK CTI for ICS and I need to get all the assets
shown in this page

How can I get them through their TAXII server?
Here is a little snippet of code interacting with the CTI.

from taxii2client.v20 import Server, ApiRoot, Collection
from stix2 import TAXIICollectionSource, Filter
from stix2.v20 import AttackPattern, Malware, CourseOfAction, IntrusionSet, Tool

# Instantiate server and get API Root
server = Server("")
api_root: ApiRoot = server.api_roots(0)

# Isolate each collection
pre_attack: Collection = next(filter(lambda c: c.title == "PRE-ATT&CK", api_root.collections), None)
enterprise_attack: Collection = next(filter(lambda c: c.title == "Enterprise ATT&CK", api_root.collections), None)
mobile_attack: Collection = next(filter(lambda c: c.title == "Mobile ATT&CK", api_root.collections), None)
ics_attack: Collection = next(filter(lambda c: c.title == "ICS ATT&CK", api_root.collections), None)

# Navigate ICS Collection
ics_source: TAXIICollectionSource = TAXIICollectionSource(ics_attack)

for value in ics_source.query():

threat mitigation – What is the difference between ATT&CK and CAPEC?

My question is on Cyber Threat Intelligence (CTI). I want to know the difference between Attack Patterns (as in MITRE CAPEC) and Tactics, Techniques and Procedures (as in MITRE ATT&CK). They both seem to describe the behaviour and modus operandi of the adversary, so what is the difference really?

What is the difference between Tactics, Techniques and Procedures in the first place? I have heard that techniques and tactics don’t belong to the same Threat Intelligence type. Technical CTI is at the same level as indicators of compromise (IoC) for example, whereas Tactical CTI refer to an higher analysis level, the “attack phase” (whatever it means). But then why do we only see “techniques” on MITRE ATT&CK webpage? Why is it called Tactics, Techniques and Procedures if there are only Techniques? And what are Procedures?

threat mitigation – Best material for a faraday enclosure

I am having an issue with someone directly below me compromising my machines by tracking me with RF signals. I am looking for the most efficient way to set up a faraday enclosure to prevent this from continuing to happen.

Initially I looked into using faraday fabric that is composed primarily of nickel and copper. However the attenuation rating was only 80-100dB even if multiple layers of the fabric are used. Since the RF transceiver can be placed within a foot of the fabric layer on my floor I did not think that this attenuation rating was sufficient.

My next thought was to use multiple layers of aluminum foil as the protective layer, but I have no idea what level of protection that would provide without implementing it first. Can someone provide advice regarding if this the most effective approach or if I should construct it using different materials?

sql injection mitigation by signed db entries?

In a php/mysql based system I work on, they recently found several SQL injection vulnerabilities. Those come from 3rd party plugins, and I must assume there are more to be discovered.

My major concern is elevation of privileges, as almost all data except user data and credentials come from external systems and are overwritten every few minutes.

With the understanding that this would tackle elevation scenarios only, and that there are many other strategies that should also be followed, please provide feedback if this mitigation strategy would work:

  1. Create a passphrase in a config file, let’s call it “admin-salt”.
  2. Normal users log-in by providing a password, that is then hashed with a db-stored per-user-random salt and compared to the hash in the db. Admin users on the other hand log in by providing a password, that is hashed both with the random user-salt and the aforementioned admin-salt.

Therefore, to create a new admin user, elevate a user or change an admin users password, the database.users.passwordhash field must be filled with knowledge of the secret admin-salt. This happens programatticly if the user is created or elevated via backend and by an authenticated admin, while an sql injection leaves an admin user with an incorrect password hash.

Additional question: In case that’s a viable approach and I didn’t miss something obvious, why is it not more common practice?

PhotonVPS – Los Angeles | Asia Optimized Network | 25GB HD, 500GB BW w/ DDoS Mitigation $9.95

PhotonVPS is pleased to offer our new Secure Cloud Website Hosting with Uptime Guarantee.

All services include the following:

– Tier 4 Datacenter in Downtown Los Angeles, CA & Dallas, TX
– Disaster Planning N+2 Setup (Hardware, Generators, AC, Routers, Switches, Staff!)
– In-house On-site Staff!
Free DDoS mitigation up to 2 Gbps!
– You can view our ASN here:
– BGP optimized by Noction Intelligent Routing
– 24x7x365 semi-managed support

Cloud Hosting Plans

Startup Website Hosting

  • 25GB Disk Space
  • 500GB Bandwidth
  • 1 IP
  • Free DDoS mitigation up to 2 Gbps!
  • $9.95
  • Order Now

Enterprise Website Hosting

  • 100GB Disk Space
  • 1TB Bandwidth
  • 1 IP
  • Free DDoS mitigation up to 6 Gbps!
  • $19.95
  • Order Now

Enterprise SSD Cloud Hosting with Enterprise Hardware!


Los Angeles, California (US West) Looking Glass:

Dallas, Texas (US Central) Looking Glass:

Chicago, Illinois (US Central) Looking Glass:

Ashburn, Virginia (US East) Looking Glass:

London, United Kingdom Looking Glass:

Amsterdam, Netherlands Looking Glass:

Barcelona, Spain Looking Glass:

Johannesburg, South Africa Looking Glass:

Mumbai, India Looking Glass:

Singapore Looking Glass:

Taipei, Taiwan Looking Glass:

Tokyo, Japan Looking Glass:

Seoul, South Korea Looking Glass:

Sydney, Australia Looking Glass:

Sao Paulo, Brazil Looking Glass:

Moscow, Russia Looking Glass:

– Lightning Speed Network!
– Fastest ROUTES to Asia!


Q: How long does it take to setup?
A: Setup is instant.

Q: Where are your servers located?
A: Los Angeles, California, Dallas, TX, Ashburn, VA, London, UK, Amsterdam, NL, Johannesburg, ZA, and Taipei, Taiwan!

Q: Are you a reseller or do you own your hardware?
A: We are not a reseller and we own all the server and routers.

Q: How long have you been in business?
A: PhotonVPS – Since 2008; Profuse Solutions – Since 1999

Q: Can you help transfer our data?
A: Typically we can do this as long as you have the data in a cPanel.

Q: What happens if I go over the monthly-allocated bandwidth?
A: Your cloud will be suspended until bandwidth resets or you’ll have to upgrade to a higher package.

Q: When does bandwidth reset then?
A: Bandwidth is reset on the 1st of each month.

Q: Do you allow adult content?
A: Yes, we allow legal adult content on our servers.

Q: Do you allow VPN & proxies on your server?
A: Yes, you we allow VPN & proxies on our servers.

Q: What methods do you accept for payment?
A: Currently we accept all Major Credit Cards, Paypal, and Alipay.

If you have any further questions or comments please contact us at sales (at)

Come join the PhotonVPS social networks!

█ Chicago Colocation w/ On-Premise DDoS Mitigation! | 1U: $49 | 10U: $249 | 20U: $399 | 42U: $499 █

Nexeon has been a premier server and colocation provider for the past decade. Since we’ve recently added capacity, we’re offering Chicago colocation at amazing rates! Take advantage before these deals are gone!


Chicago Colocation Specials:

Single Rackmount Server Colocation

  • 1U Space
  • 1 Amp @ 120V Power
  • 1Gbps Switch Port
  • 20TB Bandwidth
  • 2G DDoS-Defense™ Mitigation
  • /29 IPv4 (5 Usable IP’s) + IPv6
  • 24/7 Support Available
  • KVM over IP Available
  • Free initial racking and cabling
  • Free basic remote hands during business hours
  • BGP session available

Only $49 per month! To customize and order, email:

Single Midtower Server Colocation

  • Midtower Space
  • 2 Amp @ 120V Power
  • 1Gbps Switch Port
  • 20TB Bandwidth
  • 2G DDoS-Defense™ Mitigation
  • /29 IPv4 (5 Usable IP’s) + IPv6
  • 24/7 Support Available
  • KVM over IP Available
  • Free initial racking and cabling
  • Free basic remote hands during business hours
  • BGP session available

Only $125 per month! To customize and order, email:

10U Quarter Rack Colocation

  • 8A / 120V Usable Power
  • 1Gbps Uplink
  • 100Mbps Bandwidth (95th) or 30TB Bandwidth – your choice!
  • 2G DDoS-Defense™ Mitigation
  • /28 IPv4 (13 Usable IP’s) + IPv6
  • 24/7 Support Available
  • KVM over IP Available
  • Free initial racking and cabling
  • Free basic remote hands during business hours
  • BGP session available

Only $249 per month! To customize and order, email:

20U Half Rack Colocation

  • 16A / 120V Usable Power
  • 1Gbps Uplink
  • 200Mbps Bandwidth (95th) or 60TB Bandwidth – your choice!
  • 2G DDoS-Defense™ Mitigation
  • /27 IPv4 (29 Usable IP’s) + IPv6
  • 24/7 Support Available
  • KVM over IP Available
  • Free initial racking and cabling
  • Free basic remote hands during business hours
  • BGP session available

Only $399 per month! To customize and order, email:

42U Full Private Locking Cabinet

  • 20A / 120V Power, APC PDU Included ~1.9kW
  • 1Gbps Uplink
  • 300Mbps Bandwidth (95th) or 90TB Bandwidth – your choice!
  • 2G DDoS-Defense™ Mitigation
  • /26 IPv4 (61 Usable IP’s) + IPv6
  • 24/7 Support Available
  • KVM over IP Available
  • Free initial racking and cabling
  • Free basic remote hands during business hours
  • BGP session available
  • Data Center Access

Only $499 per month! To customize and order, email:

Basic remote hands include hotswapping hard drives and rebooting devices.

Need colocation in New York? Contact us at – many of the above specials can also be provided there.


Upgrades: (all prices are monthly unless otherwise noted)

Single Server Colocation Upgrades

  • 1U Space Increments: $25 $10
  • 1A/120V Power Increments: $25 $15
  • Upgrade to 100TB Bandwidth: $250 $50
  • Out-of-band Ethernet Drop: $20 $10
  • 10Gbps Switch Port: $199/month + $200 setup $49/month + $50 setup

Power Circuits (80% Usable)

  • 20A/120V Power Circuit with APC PDU: $235 $212
  • 30A/120V Power Circuit with APC PDU: $335 $302
  • 20A/208V Power Circuit with APC PDU: $405 $365
  • 30A/208V Power Circuit with APC PDU: $585 $527

Redundant (Secondary/”B Side”) Power Circuit: 60% of price of primary circuit


  • BGP Session: $50 FREE!
  • Out-of-band Ethernet Drop: $20 $10
  • 1Gbps Copper Uplink: $99 $49
  • 10Gbps Fiber Uplink: $199/month + $200 setup $99/month + $100 setup
  • Additional 100Mbps Bandwidth (95th percentile): $300 $50
  • Upgrade to 1Gbps Bandwidth (95th percentile): $2,000 $320
  • Upgrade to 10Gbps Bandwidth (95th percentile): $6,000 $3,000

For those of you running your own ASN, connect to the Chicago Internet Exchange and take advantage of direct peering with other networks, including Google, Akamai, Netflix, CloudFlare, HE, Verisign, and more! For a limited time, we can get you connected on a 1G port for only $90/MRC + $350/NRC. 10G/40G/100G options are also available.

DDoS Protection (true protection scrubbed on-site, not handed off to a third party)

  • 2Gbps DDoS-Defense™: Included with all plans, FREE!
  • 10Gbps DDoS-Defense™: $100 $50
  • 20Gbps DDoS-Defense™: $200 $100
  • 30Gbps DDoS-Defense™: $300 $150
  • Permanent IP Diversion: $50 $25
  • Enable Advanced Zone Control and Reporting Panel: $100 $50
    This upgrade gives you access to adjust your mitigation sensitivity, create separate profiles for different IP addresses, automatic victim notifications, scheduled reporting, and more! Screenshot:

For more information, check out



Test IPv4:

Test IPv6: 2602:ffc8:1::2

Distance from popular networks:


64 bytes from icmp_seq=1 ttl=62 time=1.03 ms
64 bytes from icmp_seq=2 ttl=62 time=1.05 ms


64 bytes from icmp_seq=1 ttl=125 time=1.22 ms
64 bytes from icmp_seq=2 ttl=125 time=1.29 ms


64 bytes from icmp_seq=1 ttl=62 time=1.86 ms
64 bytes from icmp_seq=2 ttl=62 time=1.92 ms


64 bytes from icmp_seq=1 ttl=62 time=1.09 ms
64 bytes from icmp_seq=2 ttl=62 time=1.07 ms

Oath / Yahoo

64 bytes from icmp_seq=1 ttl=63 time=1.47 ms
64 bytes from icmp_seq=2 ttl=63 time=1.49 ms

Hurricane Electric

64 bytes from icmp_seq=1 ttl=62 time=1.22 ms
64 bytes from icmp_seq=2 ttl=62 time=1.28 ms


Private cages and suites are also available.

To customize and order, email or send me a PM.

Don’t fall for the tricks of other cheap colocation services – there is a reason they are doing free months and less-than-sustainable pricing. Most will charge you for every small task, force you to purchase your own PDU’s ($600+), and more. We provide no-gimmick, easy to understand colocation services.

Equipment available for purchasing, financing, and LTO, from Atoms to E3’s to E5’s and beyond. Ask what we have in stock to get started, or contact us to build exactly what you require.

Nexeon Technologies is a TX registered corporation that has been in business for more than 9 years. Nexeon houses thousands of servers across its locations, each with on-site DDoS mitigation available.


Just a few thoughts by happy customers:

Quote Originally Posted by triadcool

My server was racked and ready to go within an hour of it being delivered which was pretty impressive based on my experiences.

I haven’t experienced any downtime whatsoever in the past 9 months and their ticket response times are usually pretty fast but I have used their chat system when I am being impatient when looking for an immediate response. Peering has been fantastic with connections between clients being very fast with low pings around the United States. I’ve had a few hard drive issues and their free hands on support were working on my server within 20 minutes of my ticket submissions. Charles has been fantastic to work with and has always been very friendly. Based on my experiences so far with Nexeon’s Support, Network and Price I can’t recommend them enough.

Happy Customer ^

Quote Originally Posted by MightWeb-Marcus

I’ve used their services for almost two years at this point. Charles and his team are pretty amazing people. My experience is mainly with their Chicago pop, which has some of the best networking performance I’ve seen to date in any data center we’ve been in. If reliability are what you’re looking for, go right ahead.

Quote Originally Posted by Ian_Dot-Tech

Currently use Nexeon for our colocation. Have had 1/4 rack with them for close to 1 year and have now upgraded to a full rack. Our plans in the future are to expand heavily with them. Overall, our experience with Nexeon has been amazing, their owner is very helpful and so is their staff. With the colocation we had, I don’t recall ever having an outage and our client who runs a large gaming network has been very happy with the uptime. They have been very helpful with part replacements and remote hands, would recommend them 100%.

Quote Originally Posted by mellow-h

Charles is probably one of the most friendliest guy available to work around. I have a better experience with their NY than the IL. I use multiple company for both central and west coast, while my east coast completely covered by Charles. He is a hard working man, I would recommend him. Good luck with your experience.

Quote Originally Posted by duplex

The team at Nexeon is a motivated, result-oriented group of professionals that is always a pleasure to work with. Their expertise made hosting our game infrastructure a breeze!

Quote Originally Posted by serverhosh

+1 For me as well.. I am hosting 6 Servers with them in last 2 months. He is very good and helpful guys around. I know the Paid offering support via Skype. But still he manage to support via skype and answer all of my Questions. Now I am planning to Extend my Location in Chicago with him..

Quote Originally Posted by hostingspirit

I thought I’d leave some feedback here, since we are already live @chicago using Nexeon.

Charles is indeed the kind of professional I like to work with. He’s very helpful and always available, and so far I am very pleased with his support.

Regarding service, so far network is working flawlessly, so no downtime so far, even though we have only been online for a few weeks.

There have been two setup related issues, but to me they were not significant. Nonetheless, I believe I should mention them.

1 – We were scheduled for a transfer on a Saturday, but the day before Charles told me the final colocation space was not yet available. He provided a temporary space to rack the servers, and we are still to schedule the move to the final resting place but haven’t moved yet.

2 – I also bought a R1Soft backup service and it took about a week or two to get the details for using the service, and for it to be fully operational.

On the other hand, there are also some extra points that Charles has earned:

1 – We had our servers in another datacenter, and were unsure about some shipping details and the time the shipping would take. Charles sent Nexeon courier to pick the servers up at their original location and take them to the chicago location. We paid for that, but they could have just said no.

All in all, so far I am very pleased with the result.

Quote Originally Posted by Mike-OpticHosting

Support – 10/10 – Talked with support guy for about 45 mins, easy to talk to, nice, and professional
Pricing- 10/10 – Can’t go wrong with a Dedi as cheap as $70
Website – 9/10 – Nice WHMCS integration, but just seemed a bit mislabeled, nothing major
Features 10/10 – Even upgraded me to windows 2008 server with almost no downtime

Will I buy from them again? Definitely!

Quote Originally Posted by sellmestuff

I’m generally pretty critical of my hosting providers as if I’m promised something I demand it and Server Deals/Nexeon has pretty much met our every demand. We run a VPS company and Chicago (Nexeon) is our most popular node. I believe this is due in part to their great network, low latency and great support.

I cannot tell you how many times I’ve emailed serverdeals at 3am ( Our clients tend to not file tickets during 9-5 and as a result we do not either ) Charles *always* responds, generally within 5 minutes, ALWAYS within 30. I am worried about Charles as I believe he may never sleep Vampire? We’ll see.

Quote Originally Posted by TorSnipe

I have to say instantdedis is awesome. Was hesitant at first but had a problem and made a ticket and got an answer about 10 minutes later. For the heavily discounted prices you pay the support and network is absolutely superb

Quote Originally Posted by CoderAndrew

Great pricing, always willing to make a deal, and fantastic support all day and night.

Quote Originally Posted by Edns

This is where they really shine since they really offer some of the best deals as far as dedicated servers go. We have some high traffic sites we run and we really like having 100mbps unmetered at a really good price without having to loose performance.


As mentioned above we are very happy with the network performance. During our peak times we push a lot of video to Europe and all over the US and have yet to have any complains.


Support is great. Very recently we had that server go down so I went in and submitted a ticket at 16:21 and got a reply that the server was being reboot at 16:25. Literately that fast and was very thankful that we didn’t have that much downtime. The server went down because we had a surge of traffic and apache didn’t do to good of a job handling it. But everything as far as hardware goes has been very reliable.

If you are looking for a good deal on a dedicated servers definitely check them out they will take care of you.

Quote Originally Posted by holyearth

Hi Guys,

I’m also a long time customer of Charles / ServerDeals (since September 2011). I was not asked to write this review but I thought I would add to this thread. I have multiple dedicated boxes with ServerDeals and my service has been excellent. Uptime is 99.9% – Pricing is excellent – Support tickets are answered very quickly. What more can one ask for?

A+ for ServerDeals – definitely one of the good hosting companies in the biz!

Quote Originally Posted by dominum

My server performed well without a hitch and I never experienced any downtime. None that I can remember. For this I will rate them 10 of 10.

Do take note that their servers were semi-managed but in spite of such, it was like a managed service.

There was one time when I lousily installed openvz and my server went in to a kernel panic. Dominic responded in less than 5 minutes literally and my server was back up and running. For me, that was a big plus because rarely can you find a host that will actually spend the time to fix a problem that was caused by a client especially in a semi-managed server. Even on some software related things, Dominic was also very accomodating. It was like I can bug him 24/7 for any issues I can encountered. I know, if it were other hosts, they will simply upsell me. It never happened here. For this, I will rate their support as 10/10.

Performance-wise, my server with them was really responsive. Technically, I do not know how to substantiate this but on my applications, it never failed. thus, I believe they deserve a 10 of 10 for this too!

Pricing, I must admit, there are other hosts with better prices than them but, based on my experience, even managed servers failed to provide enough support. The support I got from a couple of managed server hosts are not even half of what I got from Serverdeals. For a noob like me, their price is well-worth it. I will give them no less than 9 of 10 for this.

I purchased my fourth server from them now in their new location and I am very excited for it.

Catch these specials before they’re gone! These promotions are subject to change or expire at any time.

threat mitigation – does TLS 1.3 mitigate the BREACH vulnerability?

This article, under VIOLATION sums it up pretty well.

Break the goals HTTP compression, not TLS compression

That said, random record filling can be done at a higher encapsulation level and not on the TLS save itself. You don't want to hide the length of the record but the whole answer.

Here are the preventive measures mentioned in the post above,

  • Deactivate HTTP compression
  • Separate secrets from user input (these secrets can be considered a CSRF token)
  • Randomize secrets by request
  • Hide secrets (effectively randomize by XORing with random secret per request)
  • Protect pages from CSRF
  • Hide length (by adding a random number of bytes to responses)
  • Limit the request rate

firewalls – How smart ddos ​​mitigation systems (IDMS) mitigate denial of service attacks

There are many solutions, for example Akamai and Cloudflare, suggested strategies, devices or network architectures to mitigate DDOS attacks, but due to some basic concepts like limited bandwidth or some common / known vulnerabilities, there are no there is no simple and complete solution for this unique problem.

In this case, I am asking for the type of DDOS attack that has malicious intent behind it, not the kind that normally occurs when there are too many requests to a website, application or other similar cases.

Why is IDMS more effective at mitigating complex DDOS application layer attacks than IPS / Firewall?

threat mitigation – Can VPN hardware provide adequate isolation on a home network?

A properly configured VPN hardware box can provide adequate protection for the work PC against attacks from the local LAN in this configuration. It will also protect against attacks against the VPN tunnel from the Internet. It will also protect your local network against attacks from the working PC.

It does not protect against attacks that start after the VPN endpoint, i.e. from inside the workplace or from the Internet which is capable of reaching the VPN endpoint. Specifically, the VPN alone does not magically protect against malicious websites you visit on the work PC or malicious email. These threats are typically managed by certain security products located between the VPN endpoint and the Internet, but these products do not offer perfect protection.

Your VPN configuration will also not protect against physical access to the work PC by others.

denial of service – mitigation of DDOS attacks – sufficient to analyze only GET / POST requests?

I am developing a DOS attack recognition module for application layer requests.
The application has a backend composed of several APIs. They are all connected via an API gateway (developed in Nodejs). Each request is recorded in a database and another server (written in python-Flask) analyzes the number of GET / POST requests for every 20 seconds and calculates the entropy of incoming requests and blocks any suspicious IP address by depending on the entropy value.

My question is, In order to defend myself against DOS attacks, should I consider other types of TCP packets other than HTTP (ex: ICMP).

My backend APIs do not allow any user to continue without logging in. In this case, is it worth developing the DOS attack recognition module.