{
  "block": 70644380,
  "op": [
    "transfer",
    {
      "amount": "0.001 STEEM",
      "from": "steemegg",
      "memo": "Free Upvotes Await!!!, Vote @se-witness for one of your 30 witness votes. Once you do so, you will start accumulating free upvotes every 6 hours automatically.  Please check my latests posts for more info.  Thanks!",
      "to": "kevin-mn"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2022-12-26T23:58:00",
  "trx_id": "45c57ee800658276b481efbca29db3effa346b57",
  "trx_in_block": 16,
  "virtual_op": 0
}

{
  "block": 52504399,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "kevin-mn",
      "delegator": "steem",
      "vesting_shares": "0.000000 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-04-01T08:42:39",
  "trx_id": "cb3f6257dc787055ce6ea0746a58e0abbe3f44f0",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 52501867,
  "op": [
    "claim_reward_balance",
    {
      "account": "kevin-mn",
      "reward_sbd": "16.805 SBD",
      "reward_steem": "0.000 STEEM",
      "reward_vests": "186657.038651 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-04-01T06:34:51",
  "trx_id": "854bfb5300f9df2e915b164b32708a1875065793",
  "trx_in_block": 14,
  "virtual_op": 0
}

{
  "block": 51614325,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "kevin-mn",
      "delegator": "steem",
      "vesting_shares": "28418.811350 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-02-28T21:39:03",
  "trx_id": "ad1240cbe047d1281cb65097af945cd33e89cf3e",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 50349934,
  "op": [
    "author_reward",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-003",
      "sbd_payout": "4.135 SBD",
      "steem_payout": "0.000 STEEM",
      "vesting_payout": "44491.088655 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-15T10:50:00",
  "trx_id": "0000000000000000000000000000000000000000",
  "trx_in_block": 4294967295,
  "virtual_op": 3
}

{
  "block": 50299796,
  "op": [
    "author_reward",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-002",
      "sbd_payout": "4.184 SBD",
      "steem_payout": "0.000 STEEM",
      "vesting_payout": "46061.515068 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-13T16:34:09",
  "trx_id": "0000000000000000000000000000000000000000",
  "trx_in_block": 4294967295,
  "virtual_op": 5
}

{
  "block": 50290904,
  "op": [
    "author_reward",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-001",
      "sbd_payout": "4.173 SBD",
      "steem_payout": "0.000 STEEM",
      "vesting_payout": "45676.531548 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-13T09:04:21",
  "trx_id": "0000000000000000000000000000000000000000",
  "trx_in_block": 4294967295,
  "virtual_op": 4
}

{
  "block": 50257750,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-002",
      "voter": "hanculture",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-12T05:08:03",
  "trx_id": "a12396c95a9e45dd389978a7266773f90418d163",
  "trx_in_block": 11,
  "virtual_op": 0
}

{
  "block": 50230116,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-003",
      "voter": "booming03",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-11T05:50:39",
  "trx_id": "e05c91113509bb4363e04d0ae3ff81985573cfe1",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 50185348,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-003",
      "voter": "evrista",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-09T16:06:42",
  "trx_id": "5a23ad1e9bed975cbf2ac45b4190188ffad2ad2e",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 50172110,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-003",
      "voter": "wistan",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-09T04:56:57",
  "trx_id": "801aabddc3476f66f0103e49ffbea457cfcc85dd",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 50169855,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-003",
      "voter": "tremla",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-09T03:02:42",
  "trx_id": "3a66cacc7d4c1743a50356473d98aa5c8139fe16",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 50150617,
  "op": [
    "comment",
    {
      "author": "kevin-mn",
      "body": "Continuing from the previous post (https://steemit.com/hive-133802/@kevin-mn/pe-file-format-analysis-002), let's go!!!\n\n# IMAGE_OPTIONAL_HEADER structure\n\n![截屏2021-01-08下午5.24.32.png](https://cdn.steemitimages.com/DQmcW39j9hmrGP5kAUf3Vic35nkKAx9HUgHmAPswchJUgmK/%E6%88%AA%E5%B1%8F2021-01-08%E4%B8%8B%E5%8D%885.24.32.png)\n\nMagic: Flag word, common executable (010Bh), typically 0x010BH, or 0x020BH if 64-bit, and the value is 0x0107H if ROM image.\nMajorLinkerVersion: The linker major version number, the value is 0x0EH.\nMinorLinkerVersion: The linker minor version number, the value is 0x00H.\nSizeOfCode: The total size of all blocks containing code with the IMAGE_SCN_CNT_CODE attribute, which is an integer multiple of a value that is aligned upwards. Typically, most files have only one Code block, so this field matches the size of the .text block.\nSizeOfInitializedData: The total size of all initialized data blocks, the value is 0x000B4000H, this is the size of the block (excluding code segments) at compile time, generally this value is inaccurate.\nSizeOfUninitializedData: the total size of all uninitialized data blocks, the value is 0. These blocks are not specified at the beginning of the program, and the uninitialized data is usually in the .bss block.\nAddressOfEntryPoint: the program execution entry RVA, the value is 0x002B56D0H. In most executables, this address does not point directly to Main, WinMain or DllMain, but to the runtime library code which calls the above functions. For DLLs, this entry point is called during program initialization and shutdown, as well as during thread creation and destruction.\nBaseOfCode: The starting RVA of the code segment, the value is 0x00001000H, or usually 0x00001000H if generated with Microsoft's linker.\nBaseOfData: the starting RVA of the data segment, the value is 0x0031E000H, the data segment is usually at the end of memory, for different versions of Microsoft linker, this value is inconsistent, it does not appear in 64-bit executable files.\nImageBase: the default loading address of the program, the value is 0x00400000H, the loader tries to load the PE file in this address table, if the executable is loaded at this address, then the loader will skip the step of applying base address relocation.\nSectionAlignment: the block alignment size in memory, the value is 0x00001000H, the default alignment size is the page size of the target CPU, the minimum alignment size is one page 1000H (4KB), on IA-64 this value is 8KB. each block loading address must be an integer multiple of the value specified in this field.\nFileAlignment: The alignment size of the block within the PE file on disk, the value is 0x00000200H, for x86 executables this value is usually 200H or 1000H, this is to ensure that the block always starts from a sector of the disk, this value must be a power of 2, the minimum is 200H.\nMajorOpreatingSystemVersion: The major version number that requires the minimum version number of the operating system, this value is 0x0006H, this value does not seem to be useful.\nMinorOperatingSystemVersion: The minor version number of the minimum version number of the required operating system   \nMajorImageVersion: the major version number that can run on the operating system   \nMinorImageVersion: the minor version number that can run on the OS   \nMajorSubsystemVersion: the major version number of the lowest subsystem version required   \nMinorSubsystemVersion: the minor version number of the lowest subsystem version required   \nWin32VersionValue: a field that is not necessary, usually 0 if it is not used by virus  \nSizeOfImage: The total size of the image after it is loaded into memory, the value is 0x003D5000H, it refers to the size of the loaded file from ImageBase to the last block, the last block is rounded up according to its size.\nSizeOfHeaders: is the combined size of MS-DOS headers, PE headers, and block tables. The value is 0x00000400H.\nCheckSum: check sum, the CheckSumMappedFile function in IMAGEHLP.DLL can calculate this value, the general EXE file can be 0, but some kernel mode drivers and system DLLs must have a check sum.\nSubsystem: An enumeration value that indicates the subsystem expected by the executable file, this value is only important for EXEs. The value is 0x0003H.\nDllCharacteristics: when the DllMain() function is called, default is 0.\nSizeOfStackReserve: the size of the stack reserved for the thread in the EXE file, it only commits a part of it at first and only commits the rest when necessary.\nSizeOfStackCommit: in the EXE file, the amount of memory that is delegated to the stack at the beginning, the default value is 4KB.\nSizeHeapReserve: In the EXE file, the memory reserved for the default heap of the process, the default value is 1MB, but in current Windows, the heap value can grow beyond this value without user intervention.\nSizeOfHeapCommit: the memory size delegated to the heap in the EXE file, the default value is 4KB.\nLoaderFlag: related to debugging, default is 0.\nNumberOfRvaAndSizes: the number of items in the data directory table, the value of this field is 16.\nDataDirectory[16]: data directory table, consisting of several IMAGE_DATA_DIRECTORY structures, pointing to input tables, output tables, resources and other data.",
      "json_metadata": "{\"tags\":[\"pe\"],\"image\":[\"https://cdn.steemitimages.com/DQmcW39j9hmrGP5kAUf3Vic35nkKAx9HUgHmAPswchJUgmK/%E6%88%AA%E5%B1%8F2021-01-08%E4%B8%8B%E5%8D%885.24.32.png\"],\"links\":[\"https://steemit.com/hive-133802/@kevin-mn/pe-file-format-analysis-002\"],\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "hive-133802",
      "permlink": "pe-file-format-analysis-003",
      "title": "PE file format analysis (003)"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-08T10:50:00",
  "trx_id": "dd069356fed70a957f8bd55e7797b30b86969247",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 50148358,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-002",
      "voter": "kevin-mn",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-08T08:55:39",
  "trx_id": "41ef4590541f6fed634c60281dd6158856ab1b1b",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 50129593,
  "op": [
    "author_reward",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "sbd_payout": "4.313 SBD",
      "steem_payout": "0.000 STEEM",
      "vesting_payout": "50427.903380 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-07T17:06:33",
  "trx_id": "0000000000000000000000000000000000000000",
  "trx_in_block": 4294967295,
  "virtual_op": 3
}

{
  "block": 50119557,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-001",
      "voter": "booming03",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-07T08:38:12",
  "trx_id": "0538abe8756e13630e7ff3dfe380a57a864ed20c",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 50119549,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-002",
      "voter": "booming03",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-07T08:37:48",
  "trx_id": "4b7aa6cfabcea7afd61a9ac0ddae0709b277943e",
  "trx_in_block": 3,
  "virtual_op": 0
}

{
  "block": 50104274,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-001",
      "voter": "postyj",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T19:45:42",
  "trx_id": "f98d6c157632d9f6eea51ca47d44caf455f01a31",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 50104271,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-002",
      "voter": "postyj",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T19:45:33",
  "trx_id": "3c8b3023117e5b0ff928691801dee968c475a6a8",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 50101556,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "voter": "gusto84",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T17:28:09",
  "trx_id": "939777aa332f22df7209b4bf34beb984741a50c4",
  "trx_in_block": 6,
  "virtual_op": 0
}

{
  "block": 50100486,
  "op": [
    "comment",
    {
      "author": "kevin-mn",
      "body": "Continuing from the previous post (https://steemit.com/hive-133802/@kevin-mn/pe-file-format-analysis-001), let's get started!!!\n# IMAGE_FILE_HEADER structure\n\n![截屏2021-01-07上午12.04.07.png](https://cdn.steemitimages.com/DQmSCLudURzCHgaQjbKy8KR5gwKLKrXgREpmZ3Hfr6NGCRE/%E6%88%AA%E5%B1%8F2021-01-07%E4%B8%8A%E5%8D%8812.04.07.png)\n\n# Machine: \n(important) Machine model, each CPU has a unique Machine code indicating which CPU can execute --> 4C 01 for Intel 386 or successor processors and their compatible processors.\nThe Machine field can take one of the following values to specify the CPU type. The image file can only run on the specified processor or on a system that can emulate the specified processor.\n\nValue Description\n0x0 For any type of processor\n0x1d3 Matsushita AM33 processor\n0x8664 x64 processor\n0x1c0 ARM small tail processor\n0xebc EFI bytecode processors\n0x14c Intel 386 or successor processors and their compatible processors\n0x200 Intel Itanium processor\n0x9041 Mitsubishi M32R small-tailed processor\n0x266 MIPS16 processor\n0x366 MIPS processor with FPU\n0x466 MIPS16 processor with FPU\n0x1f0 PowerPC small-tailed processor\n0x1f1 PowerPC processor with symbol point support\n0x166 MIPS small-tailed processor\n0x1a2 Hitachi SH3 processor\n0x1a3 Hitachi SH3 DSP processor\n0x1a6 Hitachi SH4 processor\n0x1a6 Hitachi SH5 processor\n0x1c2 Thumb processor\n0x169 MIPS Small Tail WCE v2 processor\n\n# NumberOfSections: \n(Important) refers to the number of blocks in the PE file, (also known as section area) number, that is, the number of items in the section table -> 00 04 -> 4, the value must be greater than 0, and when the number of defined sections does not match the actual, a runtime error will occur.\n\n# TimeDateStamp: \nthe creation time of the PE file, generally with connectors to fill in.\nPointerToSymbolTable: the offset position of the COFF symbol table. This field is only useful for COFF debugging information.\n\n# NumberOfSymbols:\n the number of symbols in the COFF symbol table. This value and the previous one are 0 in the RELEASE version of the program, the number of symbols in the symbol table -> 00 00 00 00\n\n# SizeOfOptionalHeader: \n(important) refers to the size of IMAGE_OPTIONAL_HEADER structure (number of bytes): 32-bit default E0H, 64-bit default F0H (can be modified). are not the same, so the size needs to be specified in SizeOfOptionalHeader.'\n\n# Characteristics: \n(important) describe the file attributes, each bit in binary represents a different attribute eg-> 0F 01; single attribute (only 1 bit is 1): \\#define IMAGE_FILE_DLL 0x2000 File is a DLL.\nCombined attribute (multiple bit is 1, single attribute or operation):0X010F Executable file\n\nThe Characteristics field contains the flags for the attributes of the image file. The following bolded ones are the commonly used attributes. The following values are currently defined (from low to high).\n\nPosition Description\n0 It indicates that this file does not contain base address relocation information and therefore must be loaded to its preferred base address. If the base address is not available, the loader will report an error.\n1 It indicates that this image file is legal. It seems a bit redundant, but it cannot be missing.\n2 Reserved, must be 0.\n3 Reserved, must be 0.\n4 Reserved, must be 0.\n5 The application can handle addresses larger than 2GB.\n6 Reserved, must be 0.\n7 Reserved, must be 0.\n8 Machine type is based on a 32-bit architecture.\n9 Debug information has been removed from this image file.\n10 If this image file is on removable media, fully load it and copy it to the swap file. It is hardly necessary\n11 If this image file is on network media, fully load it and copy it to the swap file. Hardly used\n12 This image file is a system file, not a user program.\n13 This image file is a dynamic link library (DLL).\n14 This file can only be run on single processor machines.\n15 Reserved, must be 0.\n\n# eg:\n![截屏2021-01-07上午12.23.25.png](https://cdn.steemitimages.com/DQmcr1hnSZgS4HjVfqNmJ2i7tHshUpA2hybrw3xyLomfBEE/%E6%88%AA%E5%B1%8F2021-01-07%E4%B8%8A%E5%8D%8812.23.25.png)\n\nIn the next chapter we continue with the IMAGE_OPTIONAL_HEADER structure.\nTo be continued。。。",
      "json_metadata": "{\"tags\":[\"pe\",\"define\"],\"image\":[\"https://cdn.steemitimages.com/DQmSCLudURzCHgaQjbKy8KR5gwKLKrXgREpmZ3Hfr6NGCRE/%E6%88%AA%E5%B1%8F2021-01-07%E4%B8%8A%E5%8D%8812.04.07.png\",\"https://cdn.steemitimages.com/DQmcr1hnSZgS4HjVfqNmJ2i7tHshUpA2hybrw3xyLomfBEE/%E6%88%AA%E5%B1%8F2021-01-07%E4%B8%8A%E5%8D%8812.23.25.png\"],\"links\":[\"https://steemit.com/hive-133802/@kevin-mn/pe-file-format-analysis-001\"],\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "hive-133802",
      "permlink": "pe-file-format-analysis-002",
      "title": "PE file format analysis (002)"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T16:34:09",
  "trx_id": "0ad63013d9384d594bf82f982211b9ce7c0ab8f5",
  "trx_in_block": 3,
  "virtual_op": 0
}

{
  "block": 50091770,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "pe-file-format-analysis-001",
      "voter": "fuli",
      "weight": 8000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T09:13:15",
  "trx_id": "7c58f624123b5ea5a96a61ba15121fb0a60ffb8f",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 50091594,
  "op": [
    "comment",
    {
      "author": "kevin-mn",
      "body": "I recently researched the PE file side of things and found that the PE format is worth summarizing for everyone, so let's get go！！！\n\n# Concept\nPE file is the general name of executable program files in Windows operating system, PE is the abbreviation of Portable Execute, meaning \"portable, executable\", which means a file can be run in multiple operating systems, common ones are DLL, EXE, OCX, SYS, etc. are PE files.\n# File Structure\n![截屏2021-01-05下午7.37.01.png](https://cdn.steemitimages.com/DQmQLbzh6yEmHH18NvjcgGB5F8rUC9pJNMGjVruD1uZmr5q/%E6%88%AA%E5%B1%8F2021-01-05%E4%B8%8B%E5%8D%887.37.01.png)\n\n# DOS HEADER\n\n![截屏2021-01-06上午11.34.49.png](https://cdn.steemitimages.com/DQmXgobL2bHEei8P3mcQy1FG12pNZpX49C7GrwnPknEbnmn/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8A%E5%8D%8811.34.49.png)\nThe above figure shows the prototype of IMAGE_DOS_HEADER structure, which is located at the top of the PE header and is the starting part of the PE file. The structure is defined in the winnt.h header file, which defines the structure prototype of the PE header and section area. the form of the IMAGE_DOS_HEADER structure is determined and its size is constant, totaling 64 bytes (offset in the PE file is 0h to 40h).\nIMAGE_DOS_HEADER structure, 32-bit / 64 for the system we live to focus on two members: e_magic (the first) and e_lfanew (the last)\n\ne_magic: IMAGE_DOS_HEADER structure initially 2 bytes for 4D5A, the comment content is the signature, 4D5A corresponding to the character MZ, so what exactly does MZ mean? MZ is the acronym of Mark Zbikowski, who is one of the designers of the DOS system. In the PE file China it is like seeing Mark Zbikowski himself when you find MZ. \n\n![截屏2021-01-06下午4.57.18.png](https://cdn.steemitimages.com/DQmYJYZMHSZSmeu3caFiPQVNa1JQgVdHeU3kKJEEzeRQMDk/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8B%E5%8D%884.57.18.png)\n\ne_lfanew: located at the end of the structure, it is a LONG type variable with a size of 4 bytes. Offset relative to the beginning of the file, used to find the PE header;\n\n# DOS Stub Program\nImmediately after the IMAGE_DOS_HEADER structure is the DOS Stub Program, which is not a structure but, as the name implies, a program. The DOS Stub Program is a small program, so its length is not fixed. So, how do you know where he ends? This can be known based on the value of the e_lfanew member variable. Since the e_lfanew value is the start offset of the IMAGE_NT_HEADER structure and follows immediately after the DOS Stub Program, you know where the DOS Stub Program ends as long as you have the e_lfanew value.\n\n\n![截屏2021-01-06下午5.00.40.png](https://cdn.steemitimages.com/DQmeeBfzcyc5kJMg9bPYSeVMnhLyDTsNZA5PhRrFiAMEsyP/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8B%E5%8D%885.00.40.png)\n# IMAGE_NT_HEADER\n\nThe first member of the NT header is \"PE\\0\\0\" (0X50 0X45 0X00 0X00 four-byte signature), and the next two members are the standard PE header (_IMAGE_FILE_HEADER) and the optional PE header (_IMAGE_OPTIONAL_HEADER).\n\n![截屏2021-01-06下午5.03.04.png](https://cdn.steemitimages.com/DQmP6YrpHx5LioRr3jgxD782CZUiKTNAjwvQLmQjzgfJ77r/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8B%E5%8D%885.03.04.png)\n\nTo be continued。。。",
      "json_metadata": "{\"tags\":[\"pe\"],\"image\":[\"https://cdn.steemitimages.com/DQmQLbzh6yEmHH18NvjcgGB5F8rUC9pJNMGjVruD1uZmr5q/%E6%88%AA%E5%B1%8F2021-01-05%E4%B8%8B%E5%8D%887.37.01.png\",\"https://cdn.steemitimages.com/DQmXgobL2bHEei8P3mcQy1FG12pNZpX49C7GrwnPknEbnmn/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8A%E5%8D%8811.34.49.png\",\"https://cdn.steemitimages.com/DQmYJYZMHSZSmeu3caFiPQVNa1JQgVdHeU3kKJEEzeRQMDk/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8B%E5%8D%884.57.18.png\",\"https://cdn.steemitimages.com/DQmeeBfzcyc5kJMg9bPYSeVMnhLyDTsNZA5PhRrFiAMEsyP/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8B%E5%8D%885.00.40.png\",\"https://cdn.steemitimages.com/DQmP6YrpHx5LioRr3jgxD782CZUiKTNAjwvQLmQjzgfJ77r/%E6%88%AA%E5%B1%8F2021-01-06%E4%B8%8B%E5%8D%885.03.04.png\"],\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "hive-133802",
      "permlink": "pe-file-format-analysis-001",
      "title": "PE file format analysis (001)"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T09:04:21",
  "trx_id": "bb0705e10896dbca7c6378e02c207873f9ca3e32",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 50088713,
  "op": [
    "custom_json",
    {
      "id": "community",
      "json": "[\"subscribe\",{\"community\":\"hive-133802\"}]",
      "required_auths": [],
      "required_posting_auths": [
        "kevin-mn"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T06:38:24",
  "trx_id": "6d1e5417144b00e75e76de5c4e73e2f185441c33",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 50088706,
  "op": [
    "custom_json",
    {
      "id": "community",
      "json": "[\"subscribe\",{\"community\":\"hive-133802\"}]",
      "required_auths": [],
      "required_posting_auths": [
        "kevin-mn"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-06T06:38:03",
  "trx_id": "9f17b8d89545699ba304e804dc72502a53fe9bce",
  "trx_in_block": 2,
  "virtual_op": 0
}

{
  "block": 50028002,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "voter": "worldpeace1024",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-04T03:27:42",
  "trx_id": "b0de6a3ecfd8ee509642492bc51f5a0d1c330693",
  "trx_in_block": 7,
  "virtual_op": 0
}

{
  "block": 50028000,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "voter": "booming03",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-04T03:27:36",
  "trx_id": "b88d828c73274d0aebb0cca2283cab07d0557710",
  "trx_in_block": 6,
  "virtual_op": 0
}

{
  "block": 49970928,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "voter": "sulius",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-02T03:20:57",
  "trx_id": "2e25ba6f4e506c5b6efaf0e1b59b1ce8679ee454",
  "trx_in_block": 9,
  "virtual_op": 0
}

{
  "block": 49945012,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "voter": "poidserv",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-01-01T05:29:45",
  "trx_id": "3128c16c1fe447772e954172a66801021db1fac2",
  "trx_in_block": 9,
  "virtual_op": 0
}

{
  "block": 49931432,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "voter": "chrisdwyer",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-31T18:02:45",
  "trx_id": "65eafc951855704d4bc025d0043b2e0c0e27b922",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 49930368,
  "op": [
    "comment",
    {
      "author": "bzd",
      "body": "Very good sharing！！",
      "json_metadata": "{\"app\":\"steemit/0.2\"}",
      "parent_author": "kevin-mn",
      "parent_permlink": "introduction-of-mitre-and-att-and-ck",
      "permlink": "qm7rmu",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-31T17:08:57",
  "trx_id": "982ebc67db12b3120c946415ba9080ae9fdc0867",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 49930326,
  "op": [
    "vote",
    {
      "author": "kevin-mn",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "voter": "kevin-mn",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-31T17:06:48",
  "trx_id": "a521101410c747da47ccc4a198dd8b487b24acd9",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 49930321,
  "op": [
    "comment",
    {
      "author": "kevin-mn",
      "body": "Recently, I came across ATT&CK because of my research on security attack and defense technologies, and I don't know much about it, so I want to understand the origin of the concept first.\n\nHa ha, without further ado, let's go！！！\n\n# MITRE: \nMITRE is a U.S. government-funded research organization that was spun off from MIT in 1958 and has been involved in many commercial and top-secret projects. These include the development of the FAA Air Traffic Control System and the AWACS Airborne Radar System. MITRE has engaged in numerous cybersecurity practices with funding from the National Institute of Standards and Technology (NIST).\n\n# MITRE ATT&CK：\nMITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.\n\nATT&CK is most visually represented as a matrix, and in simple terms, ATT&CK is the \"Counter Tactics, Techniques, and Common Sense\" framework provided by MITRE. As follows：\n![截屏2021-01-01上午12.54.34.png](https://cdn.steemitimages.com/DQmTRXgSSjsUQCsDC3HRQSjkr1vR7zjbU5TGWdvz1E8pJK6/%E6%88%AA%E5%B1%8F2021-01-01%E4%B8%8A%E5%8D%8812.54.34.png)\n\nThe 11 tactic categories within ATT&CK for Enterprise were derived from the later stages (exploit, control, maintain, and execute) of a seven-stage Cyber Attack Lifecycle[1] (first articulated by Lockheed Martin as the Cyber Kill Chain®[2]). This provides a deeper level of granularity in describing what can occur during an intrusion.\n![截屏2021-01-01上午12.43.21.png](https://cdn.steemitimages.com/DQmdndK1tSnS7e6menZ8PyJQdofmvxovTDLwEoDEoGexXDH/%E6%88%AA%E5%B1%8F2021-01-01%E4%B8%8A%E5%8D%8812.43.21.png)\n\nTactics, techniques and procedures  (TTP)  are documented in tabular form as the MITRE ATT&CK Enterprise Matrix.\n\n\"Tactics\" is the name of the column heading and is the general category in which an attacker uses a particular technique.\n\nThe \"Technique\" appears in each box under the \"Tactics\" column heading and shows how the attacker accomplished a tactic. the ATT&CK matrix assigns a number to each technique, such as T1063 or T1519.\n\nThe \"Processes\" can be accessed through the links in the Techniques box. They show how an attacker performs a technique. Processes provide a more detailed description of how an attacker (or even an attack group) can implement a particular technique in the wild.\n\nMITRE ATT&CK is great because all of the tactics, techniques, and procedures (TTPs) are based on what has been observed by actual attack groups in the real world. Many of these organizations use the same techniques. It's almost as if the hacker groups have their own script when attacking systems and they use that script to quickly gain productivity from new members. When you target an attacker's TTP, you are targeting their behavior.\n\nHa ha, To be continued。。。",
      "json_metadata": "{\"tags\":[\"att-ck\",\"security\"],\"image\":[\"https://cdn.steemitimages.com/DQmTRXgSSjsUQCsDC3HRQSjkr1vR7zjbU5TGWdvz1E8pJK6/%E6%88%AA%E5%B1%8F2021-01-01%E4%B8%8A%E5%8D%8812.54.34.png\",\"https://cdn.steemitimages.com/DQmdndK1tSnS7e6menZ8PyJQdofmvxovTDLwEoDEoGexXDH/%E6%88%AA%E5%B1%8F2021-01-01%E4%B8%8A%E5%8D%8812.43.21.png\"],\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "att-ck",
      "permlink": "introduction-of-mitre-and-att-and-ck",
      "title": "Introduction of MITRE and ATT&CK"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-31T17:06:33",
  "trx_id": "e521dac2103599b8a71312dfe1f50c6a77fabdaa",
  "trx_in_block": 7,
  "virtual_op": 0
}

{
  "block": 49896378,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "kevin-mn",
      "delegator": "steem",
      "vesting_shares": "28608.549389 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-30T12:29:06",
  "trx_id": "aa96e9361725542d6049b510c0fe6fb2dcd24527",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 49894303,
  "op": [
    "transfer",
    {
      "amount": "0.001 STEEM",
      "from": "executive-board",
      "memo": "❗ Hello kevin-mn, welcome to the STEEM ecosystem. The Executive Board hereby invites you to https://discord.gg/KyBbmhh where you will get some insider infos on how you will earn the most coins. It's easy, just follow the instructions. Warm regards, The Executive Board.",
      "to": "kevin-mn"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-30T10:44:06",
  "trx_id": "6839f7623b1ffc52aa9532a573ec283f66aaf460",
  "trx_in_block": 2,
  "virtual_op": 0
}

{
  "block": 49894275,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "kevin-mn",
      "delegator": "steem",
      "vesting_shares": "30300.000000 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-30T10:42:42",
  "trx_id": "7d9858b185568f1ecc9b616a584ea2c578f2c159",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 49894275,
  "op": [
    "create_claimed_account",
    {
      "active": {
        "account_auths": [],
        "key_auths": [
          [
            "STM7xdwGDJa335BHqReUVoJUXKZfHuVN7KAdeQU9UudGoUpz61DbC",
            1
          ]
        ],
        "weight_threshold": 1
      },
      "creator": "steem",
      "extensions": [],
      "json_metadata": "{}",
      "memo_key": "STM7yxMbw5TE7C3dACiyZTxkAPXYQ5XL5HwAtQMkn5QiioYHBrZmx",
      "new_account_name": "kevin-mn",
      "owner": {
        "account_auths": [],
        "key_auths": [
          [
            "STM85e7qyWGxGJBDVBFKbfMoxwkt3rUy3cjRcWHPw8b49gp9qd2WM",
            1
          ]
        ],
        "weight_threshold": 1
      },
      "posting": {
        "account_auths": [],
        "key_auths": [
          [
            "STM6SC1sWAnMg8iUWJvEwys2iHvuS2K7a9PSPLwsBVUNQCZ6Fogbc",
            1
          ]
        ],
        "weight_threshold": 1
      }
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-30T10:42:42",
  "trx_id": "7d9858b185568f1ecc9b616a584ea2c578f2c159",
  "trx_in_block": 1,
  "virtual_op": 0
}