{
  "block": 106150742,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "7021.468311 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2026-05-18T06:21:30",
  "trx_id": "33dd824e354a5bb4824345d2c2a7561a68c70d69",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 106005445,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "4309.257906 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2026-05-13T04:40:39",
  "trx_id": "6de912a43aa7d78b0599f7fe01430562a30652c7",
  "trx_in_block": 2,
  "virtual_op": 0
}

{
  "block": 105518223,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "7033.984067 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2026-04-26T05:33:06",
  "trx_id": "27798ff08c6c803e2a19cfeca4ecac74bf72f010",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 102871508,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "4350.804725 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2026-01-24T00:14:39",
  "trx_id": "4f189680e53d42aae88280f34a72377367feadfc",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 91317718,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "4515.023922 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2024-12-17T19:24:30",
  "trx_id": "9ec9d8bc55e83b4fbc8461bfb89eeeed18bf60a5",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 79871865,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "4684.157454 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2023-11-14T11:05:36",
  "trx_id": "ea88a524be849516137865eaf24440cc256c9b09",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 78362976,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "7621.066240 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2023-09-22T10:29:03",
  "trx_id": "ed883e47b73c449ddc76d8825e7ef82bed079753",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 69120697,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "7843.117678 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2022-11-03T17:55:45",
  "trx_id": "92299065addf58d0766adb4eda2e0d7940ef1cfb",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 60823940,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "8063.225279 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2022-01-17T23:07:21",
  "trx_id": "4c171b757811c4bcc68fbb8349ec2d19934381cc",
  "trx_in_block": 48,
  "virtual_op": 0
}

{
  "block": 54614257,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "8247.419567 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2021-06-14T06:17:57",
  "trx_id": "47c160da32bafe5e999875f964026fe95dffce38",
  "trx_in_block": 9,
  "virtual_op": 0
}

{
  "block": 49361518,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "8434.841541 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-11T16:30:06",
  "trx_id": "f42d53a78c9e3f7c1ac3cfbbe427b3ce0b2cfd5c",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 49213037,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "1912.543513 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-06T10:05:45",
  "trx_id": "4bccae7cf9d1e4f14ad1e26549c10589c0c5f109",
  "trx_in_block": 3,
  "virtual_op": 0
}

{
  "block": 49196601,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "8441.049395 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-12-05T20:07:54",
  "trx_id": "18120b7ba850b9255d7f462f5f84bae86407995d",
  "trx_in_block": 57,
  "virtual_op": 0
}

{
  "block": 48270916,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "1920.017158 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-11-03T02:46:39",
  "trx_id": "b6a54bad1210188910303a1409e59e085e5be7df",
  "trx_in_block": 3,
  "virtual_op": 0
}

{
  "block": 43223369,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "8643.854754 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-05-09T11:08:54",
  "trx_id": "93711f75ddb48d05335cb31f220cbb82c4154cb2",
  "trx_in_block": 18,
  "virtual_op": 0
}

{
  "block": 43200423,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "1953.311140 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-05-08T15:33:42",
  "trx_id": "ceb7736611fe20192e1ac60bba860b377653fc5e",
  "trx_in_block": 18,
  "virtual_op": 0
}

{
  "block": 42569174,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "8656.742202 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2020-04-16T03:18:45",
  "trx_id": "2a4a9638cf80548c9a87d8b66a276369ebda82e0",
  "trx_in_block": 46,
  "virtual_op": 0
}

{
  "block": 33776472,
  "op": [
    "comment",
    {
      "author": "steemitboard",
      "body": "Congratulations @sh4rk! You received a personal award!\n\n<table><tr><td>https://steemitimages.com/70x70/http://steemitboard.com/@sh4rk/birthday2.png</td><td>Happy Birthday! - You are on the Steem blockchain for 2 years!</td></tr></table>\n\n<sub>_You can view [your badges on your Steem Board](https://steemitboard.com/@sh4rk) and compare to others on the [Steem Ranking](https://steemitboard.com/ranking/index.php?name=sh4rk)_</sub>\n\n\n###### [Vote for @Steemitboard as a witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1) to get one more award and increased upvotes!",
      "json_metadata": "{\"image\":[\"https://steemitboard.com/img/notify.png\"]}",
      "parent_author": "sh4rk",
      "parent_permlink": "all-you-need-to-know-about-passwords",
      "permlink": "steemitboard-notify-sh4rk-20190613t232823000z",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2019-06-13T23:28:24",
  "trx_id": "59ac361f78d5e6bed2d00c4a40033325f058f884",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 32852118,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "8852.359015 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2019-05-12T20:25:51",
  "trx_id": "3c6ff699d5543e11173e9857605309a20d90b323",
  "trx_in_block": 27,
  "virtual_op": 0
}

{
  "block": 22497587,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "9051.874107 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2018-05-17T02:44:21",
  "trx_id": "0f60fa96e502ac2c9d428b2b2afc3bd476c3aa53",
  "trx_in_block": 53,
  "virtual_op": 0
}

{
  "block": 18820254,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "29602.962056 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2018-01-09T07:12:54",
  "trx_id": "22e43ec9d1f8ec9e88e705d100e1ea65d1e49407",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 14271457,
  "op": [
    "delegate_vesting_shares",
    {
      "delegatee": "sh4rk",
      "delegator": "steem",
      "vesting_shares": "29853.808505 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-08-04T05:19:00",
  "trx_id": "e402b6358f94b510bb662bf1210a26fc40ae7dbb",
  "trx_in_block": 9,
  "virtual_op": 0
}

{
  "block": 14080176,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "@@ -808,16 +808,96 @@\n /)%E2%80%9D ?!%0A%0A\n+https://www.deepdotweb.com/wp-content/uploads/2016/11/weakpasswords-150x150.png%0A\n %0AThis tu\n",
      "json_metadata": "{\"tags\":[\"technology\",\"security\",\"privacy\",\"hacking\",\"cryptocurrency\"],\"image\":[\"https://www.deepdotweb.com/wp-content/uploads/2016/11/weakpasswords-150x150.png\",\"https://cdn.pbrd.co/images/GD24Aqq.png\",\"https://cdn.pbrd.co/images/GD265Up.png\",\"https://cdn.pbrd.co/images/GD25oXz.png\",\"https://www.deepdotweb.com/wp-content/uploads/2016/11/word-image-20.png\",\"https://cdn.pbrd.co/images/GD25wGO.png\",\"https://www.deepdotweb.com/wp-content/uploads/2016/11/word-image-21.png\"],\"links\":[\"https://www.deepdotweb.com/2016/08/13/caliconnects-private-pgp-key-account-password-asshole209/\",\"https://www.deepdotweb.com/2014/02/22/twittor-launched-hacked-2-hours/\",\"https://www.deepdotweb.com/2014/01/29/cantina-marketplace-pwnd-admin-password-was-password1/\",\"https://www.deepdotweb.com/2016/11/12/need-know-passwords/\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "security",
      "permlink": "all-you-need-to-know-about-passwords",
      "title": "All You Need To Know About Passwords"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-28T13:48:00",
  "trx_id": "83a12e4e0eac3c1c588a3c2403b54c31c272c21c",
  "trx_in_block": 8,
  "virtual_op": 0
}

{
  "block": 14080144,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "all-you-need-to-know-about-passwords",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-28T13:46:24",
  "trx_id": "9ba7bdee3d22eb1c1c4ed23d3be4fda6e6fdfbfa",
  "trx_in_block": 22,
  "virtual_op": 0
}

{
  "block": 14080144,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "Choosing and managing passwords is the fundamental security measure in client’s control. Even if the application and it’s server is impenetrable, it means absolutely nothing if your password can be cracked by an average Joe.\nYou would think that all security conscious people would know how to protect themselves, but I frequently see cases like this:\nCaliConnect’s Private PGP Key & Account Password Was “[asshole209](https://www.deepdotweb.com/2016/08/13/caliconnects-private-pgp-key-account-password-asshole209/)”\nTwittor – Launched & Hacked in 2 Hours (Password was: [123123123](https://www.deepdotweb.com/2014/02/22/twittor-launched-hacked-2-hours/)…)\nCantina Marketplace PWND: Admin Password was: “[Password1](https://www.deepdotweb.com/2014/01/29/cantina-marketplace-pwnd-admin-password-was-password1/)” ?!\n\n\nThis tutorial contains explanations of password cracking when the server and client side are protected. These methods’ effectiveness highly depend on attacker’s processing power which we’ll analyze after attack methods.\nIf you just want to know easy way to be safe, jump to the ‘Easy way to manage strong passwords’.\n\n## Brute Force Attack\nBrute-force attack is a technique of enumerating all possible password candidates and checking each one. This is no elegant attacking method, but sometimes it’s all that’s needed. This attack is feasible only for very weak passwords.\n\n## Dictionary Attack\nDictionary attack is a variant of brute force attack in which the attacker gathers all information about targeted password(s) and creates a ‘dictionary’. Dictionary is a customized list of password candidates, typically including a list of most common passwords first, dictionary words that are frequently used and some combinations. Next, the dictionary often contains all those words with common prefixes and suffixes such as numbers and punctuation signs.\nDictionary attacks are relatively easy to defeat by choosing a password that is not a simple variant of a word found in any dictionary. Many password cracking tools have built-in dictionaries. This page contains information on most popular tools, their dictionaries and collections of leaked password for analysis in one place.\n\n\n## Rainbow Tables\nThis attack is used when attacker owns the password database. It’s worth mentioning here because the complexity of your password will protect you even if the server is compromised. Protection wise, it’s enough to know that a strong password will do the trick here as well.\n\nSkip this part if you just want to secure yourself without bothering with hashing, rainbow tables and salting.\nDatabases don’t contain plaintext passwords, but password hashes. Hash is the result of time-consuming function that obfuscates the input. When you enter your password, server calculates the hash of the entered value and compares it to the one stored in the database for the confirmation.\n\nVery simple hash function example: take number 4 as the input: square it (16), take natural log (2.7725), multiply by pi (8.7103) and take factorial (gamma function) -> 189843.119. Now ask your friend how is 189843.119 related to 4. Chances are, no one can figure it out. \n\nPassword hashes often look like this one: qiyh4XPJGsOZ2MEAyLkfWqeQ\nSo, when an attacker compromises the password database he won’t be able to figure out your password (or will he?, read on). Here’s when rainbow table comes in – it’s a pre-computed table of passwords and their hashes. Attacker then compares the rainbow table hashes to those in the database. If hashes match, the password is discovered. Here’s a short example:\n\nThis is what we can find in a database:\nhttps://cdn.pbrd.co/images/GD24Aqq.png\nLets try to find this hash in the rainbow table:\nhttps://cdn.pbrd.co/images/GD265Up.png\n\nThat’s why some servers ‘salt’ the hash by adding random value into the equation so the attacker can’t just download finished rainbow table, he needs to create a custom one for that salt and that requires a lot of time because hash functions are time-consuming. If different salt is used for each password, attacker needs to create a custom table for each password which is not feasible. Salt is stored next to the password, it’s no secret since it’s just making the attacker’s computer do a lot of ‘work’.\n\nThere’s only that much server side can do for you, it’s up to you to choose a strong password. If the attacker targets you specifically, he may create a rainbow table for your salt. It’s up to you to have a password that will not be in his table.\nI’m surprised how many sensitive web services allow having weak password.\n\n\n## Practical analysis of these attacks\n\nAnalyzed time represents offline attack speed, online attacks are much slower than this, but it’s logical to seek for a password strong enough for offline attacks because it’s the maximum speed and it’s just a few characters away.\nPassword complexity depends on 2 characteristics: length and number of different characters. For example, if you use 8 digit password (only numbers – 10 characters): _ _ _ _ _ _ _ _ each field can contain 10 different characters, so there are 10*10*10*10*10*10*10*10 = 108 possible combinations. If attacker has a Pentium 4D, 3.2 Ghz processor he can try 2 million passwords per second. That means the password can be broken in 108 / (2*106) = 50 seconds.\n\nFormula for the number of combinations the attacker need to try:\nA^B where: A – number of different possible characters\nB – password length\n\nIf password length is unknown, the attacker will usually try only the shortest ones. Let’s say he wants to try all 8,9,10 characters long passwords, the number of combinations is: A8 + A9 + A10 .\n\n\n## Exponential growth\n\nLuckily for us, password complexity rises exponentially when length increases. In the example above (only 10 digits) each extra character adds 10 times more possible combinations.\nHere’s a table for passwords that contain only lower-case letters from English alphabet and digits – 36 different characters (Combinations = 36 ^ length):\nhttps://cdn.pbrd.co/images/GD25oXz.png\n\nX axis – password length in for 36 charset (letters and numbers)\nY axis – days to crack\n\nhttps://www.deepdotweb.com/wp-content/uploads/2016/11/word-image-20.png\n\nBlue – Time in the first case was an experiment with previously mentioned Pentum 4D, 3.2 Ghz processor, affordable processing power for an individual.\nRed – Time in the second case represents someone that can use 5 000 such processors.\n\nWe can see length 12 is sweet, it’s even more safe if we expand the character set to uppercase and lowercase letters, numbers and punctuation signs. Number of possible characters is 126:\nhttps://cdn.pbrd.co/images/GD25wGO.png\n\nX axis – password length in 126 charset\nY axis – days to crack\n\nhttps://www.deepdotweb.com/wp-content/uploads/2016/11/word-image-21.png\n\nBlue – Time in the first case was an experiment with previously mentioned Pentum 4D, 3.2 Ghz processor, affordable processing power for an individual.\nRed – Time in the second case represents someone that can use 5 000 such processors.\n\n\n## Conclusion\nUsing only lowercase or only uppercase letters and numbers, you need 11 characters long password.\nIf you’re using both lowercase and uppercase letters, numbers and punctuation signs you need 8 characters long password.\nNeither should be predictable enough to be part of a dictionary attack list. I would recommend using 12 characters long password and wide charset.\n\n\n##Easy way to Manage Strong Passwords\nDifferent password should be used for each sensitive account because attackers often check all your accounts for password they compromised.\n\nPassword should be at least 12 characters long and include uppercase and lowercase letter, number and a punctuation sign. You can easily meet those requirements by rambling on the keyboard, but it would be difficult to remember passwords.\n\n\n## Password Manager\nPassword manager allows the user to use hundreds of different passwords, and only have to remember a single password, the one which opens the encrypted password database. Needless to say, this single password should be strong and well-protected (not recorded anywhere).\n\nMost password managers can automatically create strong passwords using a cryptographically secure random password generator, as well as calculating the entropy of the generated password. A good password manager will provide resistance against attacks such as key logging, clipboard logging and various other memory spying techniques.\n\nTo generate 1 strong password that’s easy to remember you can use a great source of entropy – your mind. Think of a sentence or two. Something like: ‘any sentence will do the trick, Just Make Sure It’s Over 12 Words’. Password would be: aswdtt,JMSIO12W (first letters in each word). You can remember the sentence easily and recreate the password later. Ideally, the sentence would include a sign and number.\nThere are many similar tricks out there if you don’t like this one.\n\n## Pattern\nSo you don’t like installing a manager? Think of a good pattern that will not be obvious. An example would be: pick 2 numbers: 6,7 and surround your password with 67 and shift+6 = &, shift+7 = /. Also, uppercase 6th and 7th letter. If your password right now is password -> 67passwORd&/ is easy to remember and strong. The word can be something you can remember for each site, but stay away from obvious like domain name.\n\nAvoid common letter-number substitutions like o – 0, I – 1. Here’s the same link once again, I highly recommend taking a look at common dictionaries and tools attackers may try to use against you. \n\nP.S. you can also follow me on https://www.deepdotweb.com/2016/11/12/need-know-passwords/",
      "json_metadata": "{\"tags\":[\"security\",\"privacy\",\"password\",\"hacking\",\"cryptocurrency\"],\"image\":[\"https://cdn.pbrd.co/images/GD24Aqq.png\",\"https://cdn.pbrd.co/images/GD265Up.png\",\"https://cdn.pbrd.co/images/GD25oXz.png\",\"https://www.deepdotweb.com/wp-content/uploads/2016/11/word-image-20.png\",\"https://cdn.pbrd.co/images/GD25wGO.png\",\"https://www.deepdotweb.com/wp-content/uploads/2016/11/word-image-21.png\"],\"links\":[\"https://www.deepdotweb.com/2016/08/13/caliconnects-private-pgp-key-account-password-asshole209/\",\"https://www.deepdotweb.com/2014/02/22/twittor-launched-hacked-2-hours/\",\"https://www.deepdotweb.com/2014/01/29/cantina-marketplace-pwnd-admin-password-was-password1/\",\"https://www.deepdotweb.com/2016/11/12/need-know-passwords/\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "security",
      "permlink": "all-you-need-to-know-about-passwords",
      "title": "All You Need To Know About Passwords"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-28T13:46:24",
  "trx_id": "9ba7bdee3d22eb1c1c4ed23d3be4fda6e6fdfbfa",
  "trx_in_block": 22,
  "virtual_op": 0
}

{
  "block": 14079973,
  "op": [
    "claim_reward_balance",
    {
      "account": "sh4rk",
      "reward_sbd": "0.047 SBD",
      "reward_steem": "0.000 STEEM",
      "reward_vests": "86.823940 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-28T13:37:48",
  "trx_id": "0a1d614356c5c4ee41dfafc25a386a46834e2a47",
  "trx_in_block": 17,
  "virtual_op": 0
}

{
  "block": 14019661,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "Usually, hackers use a lot of computers (or [toasters](https://www.deepdotweb.com/2016/11/06/analysis-record-ddos-attacks-mirai-iot-botnet/)) to take down a server by overwhelming it with traffic. However, the same goal can sometimes be achieved with a single computer. In this article, I’m going to analyze my favorite denial of service attack known as Slow Loris attack and python code implementation from github. I found and tested 2 python Slow Loris scripts from the same author – [advanced one](https://github.com/gkbrk/slowloris/blob/master/slowloris.py) which is ready for randomizing User Agent headers, proxies, SSL and other good stuff. However, [this code](https://gist.github.com/gkbrk/5de70f35e69343718431) is more appropriate to illustrate the idea behind the attack, and works just as well. It can be run on any operating system that supports python.\n\nThis article is for academic and entertainment purposes only. Please don’t use it maliciously.\n\n\n# Theory\n\nIn a clients-server HTTP connection, end of a HTTP packet is marked with 2 consecutive newline characters ([CRLF]). If those 2 characters never come, sending/receiving of the HTTP packet is not going to end. The idea in Slow Loris attack is to open as many concurrent HTTP requests and keep them alive infinitely (with minimum resources) to deplete the resources in the application layer on the server because it has to wait for every connection.\n\nWhile most servers such as Apache make use of a timeout to terminate incomplete HTTP requests – the timeout is set to 300 seconds by default and is re-set as soon as the client sends additional data. That’s why the attacker does send some data, but painfully slowly – hence the name.\n\nSlow Loris achieves DoS by starting many concurrent HTTP connections and sending a byte of data every 15 seconds. Of course, timing should be adjusted in relation to timeout on a specific server, but it’s often effective even with 15 seconds timeout. Because attacker’s computer sends only few bytes per 15 seconds per connection, some servers can go down while the attacker uses his internet as if nothing’s going on.\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image--1024x576.png\n\n\n# Affected Servers\n\nThis attack mostly affects apache webservers because of the fact that apache starts a new thread for each connection. That is the key factor that makes the difference of attack succeeding or not. Unless of course, someone implemented a mitigation for this type of attack.\nToday, about 50% of websites are hosted on apache servers. Along with some other servers, it makes it a very useful attack for a hacker to include in his arsenal.\n\nAlso, apache webservers can easily be found with Google’s search functionalities, e.g.\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-72.png\n\n\n# Python Implementation\n\nProgram gets the target server IP or DNS name as a command line argument. Here’s how it should look like (I set socket_count to 5 to avoid any trouble):\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image-1-1.png\n\nFirst, it opens a number of HTTP connections equal to socket_count (integer from 20th line) . Then, it starts an infinite while loop that keeps those connections alive by sending a random number (1 to 5000) each 15 seconds (specified in 58th line), resetting the timeout period. I highly recommend checking out github codes I linked, they're easy to understand and I sure learnt something by analysing them.\n\n# Conclusion\n\nI highly recommend testing your websites because it’s so easy. If it works, it’s going to take a few minutes to cause a DoS. If it doesn’t, try increasing the socket_count as much as your PC can handle. Also, don’t forget to optimize the timeout period. Depending on attacker’s bandwitdth, it may take more than 1 computer to take down some vulnerable sites.\nHopefully, this attack will get more attention and more people will start protecting their servers. Luckily, there are many tutorials that make securing against this type of attack pretty straightforward.\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-73.png\n\nP.S. you can also find my articles on deepdotweb: \nhttps://www.deepdotweb.com/2017/01/19/single-computer-dos-slow-loris-attack/",
      "json_metadata": "{\"tags\":[\"security\",\"hacking\",\"dos\",\"slowloris\",\"python\"],\"image\":[\"https://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image--1024x576.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-72.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image-1-1.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-73.png\"],\"links\":[\"https://www.deepdotweb.com/2016/11/06/analysis-record-ddos-attacks-mirai-iot-botnet/\",\"https://github.com/gkbrk/slowloris/blob/master/slowloris.py\",\"https://gist.github.com/gkbrk/5de70f35e69343718431\",\"https://www.deepdotweb.com/2017/01/19/single-computer-dos-slow-loris-attack/\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "hacking",
      "permlink": "single-computer-dos-slow-loris-attack",
      "title": "Single Computer DoS - Slow Loris attack"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:21:42",
  "trx_id": "a6e4c04deee3e3b152be2063586d03c7b36fc9a6",
  "trx_in_block": 25,
  "virtual_op": 0
}

{
  "block": 14019650,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "Usually, hackers use a lot of computers (or [toasters](https://www.deepdotweb.com/2016/11/06/analysis-record-ddos-attacks-mirai-iot-botnet/)) to take down a server by overwhelming it with traffic. However, the same goal can sometimes be achieved with a single computer. In this article, I’m going to analyze my favorite denial of service attack known as Slow Loris attack and python code implementation from github. I found and tested 2 python Slow Loris scripts from the same author – [advanced one](https://github.com/gkbrk/slowloris/blob/master/slowloris.py) which is ready for randomizing User Agent headers, proxies, SSL and other good stuff. However, [this code](https://gist.github.com/gkbrk/5de70f35e69343718431) is more appropriate to illustrate the idea behind the attack, and works just as well. It can be run on any operating system that supports python.\n\nThis article is for academic and entertainment purposes only. Please don’t use it maliciously.\n\n\n# Theory\n\nIn a clients-server HTTP connection, end of a HTTP packet is marked with 2 consecutive newline characters ([CRLF]). If those 2 characters never come, sending/receiving of the HTTP packet is not going to end. The idea in Slow Loris attack is to open as many concurrent HTTP requests and keep them alive infinitely (with minimum resources) to deplete the resources in the application layer on the server because it has to wait for every connection.\n\nWhile most servers such as Apache make use of a timeout to terminate incomplete HTTP requests – the timeout is set to 300 seconds by default and is re-set as soon as the client sends additional data. That’s why the attacker does send some data, but painfully slowly – hence the name.\n\nSlow Loris achieves DoS by starting many concurrent HTTP connections and sending a byte of data every 15 seconds. Of course, timing should be adjusted in relation to timeout on a specific server, but it’s often effective even with 15 seconds timeout. Because attacker’s computer sends only few bytes per 15 seconds per connection, some servers can go down while the attacker uses his internet as if nothing’s going on.\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image--1024x576.png\n\n\n# Affected Servers\n\nThis attack mostly affects apache webservers because of the fact that apache starts a new thread for each connection. That is the key factor that makes the difference of attack succeeding or not. Unless of course, someone implemented a mitigation for this type of attack.\nToday, about 50% of websites are hosted on apache servers. Along with some other servers, it makes it a very useful attack for a hacker to include in his arsenal.\n\nAlso, apache webservers can easily be found with Google’s search functionalities, e.g.\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-72.png\n\n\n# Python Implementation\n\nProgram gets the target server IP or DNS name as a command line argument. Here’s how it should look like (I set socket_count to 5 to avoid any trouble):\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image-1-1.png\n\nFirst, it opens a number of HTTP connections equal to socket_count (integer from 20th line) . Then, it starts an infinite while loop that keeps those connections alive by sending a random number (1 to 5000) each 15 seconds (specified in 58th line), resetting the timeout period. I highly recommend checking out github codes I linked, they're easy to understand and I sure learnt something by analysing them.\n\n# Conclusion\n\nI highly recommend testing your websites because it’s so easy. If it works, it’s going to take a few minutes to cause a DoS. If it doesn’t, try increasing the socket_count as much as your PC can handle. Also, don’t forget to optimize the timeout period. Depending on attacker’s bandwitdth, it may take more than 1 computer to take down some vulnerable sites.\nHopefully, this attack will get more attention and more people will start protecting their servers. Luckily, there are many tutorials that make securing against this type of attack pretty straightforward.\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-73.png\n\nP.S. you can also find my articles on deepdotweb: \nhttps://www.deepdotweb.com/2017/01/19/single-computer-dos-slow-loris-attack/",
      "json_metadata": "{\"tags\":[\"security\",\"dos\",\"hacking\",\"slowloris\",\"python\"],\"image\":[\"https://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image--1024x576.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-72.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image-1-1.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-73.png\"],\"links\":[\"https://www.deepdotweb.com/2016/11/06/analysis-record-ddos-attacks-mirai-iot-botnet/\",\"https://github.com/gkbrk/slowloris/blob/master/slowloris.py\",\"https://gist.github.com/gkbrk/5de70f35e69343718431\",\"https://www.deepdotweb.com/2017/01/19/single-computer-dos-slow-loris-attack/\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "hacking",
      "permlink": "single-computer-dos-slow-loris-attack",
      "title": "Single Computer DoS - Slow Loris attack"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:21:09",
  "trx_id": "d5170e13c240da7f2e43316493f54276702c624d",
  "trx_in_block": 14,
  "virtual_op": 0
}

{
  "block": 14019455,
  "op": [
    "vote",
    {
      "author": "pwnedu",
      "permlink": "how-do-i-learn-how-to-hack-hand-s-on-cybersecurity-experience",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:11:24",
  "trx_id": "1cad7b896d7f0545cf9593570e180996f34f4a33",
  "trx_in_block": 24,
  "virtual_op": 0
}

{
  "block": 14019380,
  "op": [
    "vote",
    {
      "author": "cheetah",
      "permlink": "cheetah-re-sh4rksingle-computer-dos-slow-loris-attack",
      "voter": "sh4rk",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:07:39",
  "trx_id": "3f7eef4c491491db16de24fb76b97b50d5c2ea54",
  "trx_in_block": 5,
  "virtual_op": 0
}

{
  "block": 14019356,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "single-computer-dos-slow-loris-attack",
      "voter": "kayaman",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:06:27",
  "trx_id": "d71426b2def16a610dd0595d0ccfe29196c6641c",
  "trx_in_block": 24,
  "virtual_op": 0
}

{
  "block": 14019352,
  "op": [
    "comment",
    {
      "author": "cheetah",
      "body": "Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:\nhttps://www.deepdotweb.com/2017/01/19/single-computer-dos-slow-loris-attack/",
      "json_metadata": "",
      "parent_author": "sh4rk",
      "parent_permlink": "single-computer-dos-slow-loris-attack",
      "permlink": "cheetah-re-sh4rksingle-computer-dos-slow-loris-attack",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:06:15",
  "trx_id": "c0cf958c4a907bc1309fa52c1be3bb5e06896f81",
  "trx_in_block": 7,
  "virtual_op": 0
}

{
  "block": 14019351,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "single-computer-dos-slow-loris-attack",
      "voter": "cheetah",
      "weight": 100
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:06:12",
  "trx_id": "d7bf7846851289d6089ad57eb18eb99a2701ccac",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 14019345,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "single-computer-dos-slow-loris-attack",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:05:54",
  "trx_id": "91b0431fc436a7c371212da85e40d14f989636c1",
  "trx_in_block": 19,
  "virtual_op": 0
}

{
  "block": 14019345,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "Usually, hackers use a lot of computers (or [toasters](https://www.deepdotweb.com/2016/11/06/analysis-record-ddos-attacks-mirai-iot-botnet/)) to take down a server by overwhelming it with traffic. However, the same goal can sometimes be achieved with a single computer. In this article, I’m going to analyze my favorite denial of service attack known as Slow Loris attack and python code implementation from github. I found and tested 2 python Slow Loris scripts from the same author – [advanced one](https://github.com/gkbrk/slowloris/blob/master/slowloris.py) which is ready for randomizing User Agent headers, proxies, SSL and other good stuff. However, [this code](https://gist.github.com/gkbrk/5de70f35e69343718431) is more appropriate to illustrate the idea behind the attack, and works just as well. It can be run on any operating system that supports python.\n\nThis article is for academic and entertainment purposes only. Please don’t use it maliciously.\n\n\n# Theory\n\nIn a clients-server HTTP connection, end of a HTTP packet is marked with 2 consecutive newline characters ([CRLF]). If those 2 characters never come, sending/receiving of the HTTP packet is not going to end. The idea in Slow Loris attack is to open as many concurrent HTTP requests and keep them alive infinitely (with minimum resources) to deplete the resources in the application layer on the server because it has to wait for every connection.\n\nWhile most servers such as Apache make use of a timeout to terminate incomplete HTTP requests – the timeout is set to 300 seconds by default and is re-set as soon as the client sends additional data. That’s why the attacker does send some data, but painfully slowly – hence the name.\n\nSlow Loris achieves DoS by starting many concurrent HTTP connections and sending a byte of data every 15 seconds. Of course, timing should be adjusted in relation to timeout on a specific server, but it’s often effective even with 15 seconds timeout. Because attacker’s computer sends only few bytes per 15 seconds per connection, some servers can go down while the attacker uses his internet as if nothing’s going on.\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image--1024x576.png\n\n\n# Affected Servers\n\nThis attack mostly affects apache webservers because of the fact that apache starts a new thread for each connection. That is the key factor that makes the difference of attack succeeding or not. Unless of course, someone implemented a mitigation for this type of attack.\nToday, about 50% of websites are hosted on apache servers. Along with some other servers, it makes it a very useful attack for a hacker to include in his arsenal.\n\nAlso, apache webservers can easily be found with Google’s search functionalities, e.g.\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-72.png\n\n\n# Python Implementation\n\nProgram gets the target server IP or DNS name as a command line argument. Here’s how it should look like (I set socket_count to 5 to avoid any trouble):\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image-1-1.png\n\nFirst, it opens a number of HTTP connections equal to socket_count (integer from 20th line) . Then, it starts an infinite while loop that keeps those connections alive by sending a random number (1 to 5000) each 15 seconds (specified in 58th line), resetting the timeout period. I highly recommend checking out github codes I linked, they're easy to understand and I sure learnt something by analysing them.\n\n# Conclusion\n\nI highly recommend testing your websites because it’s so easy. If it works, it’s going to take a few minutes to cause a DoS. If it doesn’t, try increasing the socket_count as much as your PC can handle. Also, don’t forget to optimize the timeout period. Depending on attacker’s bandwitdth, it may take more than 1 computer to take down some vulnerable sites.\nHopefully, this attack will get more attention and more people will start protecting their servers. Luckily, there are many tutorials that make securing against this type of attack pretty straightforward.\n\nhttps://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-73.png\n\nP.S. you can also find my articles on deepdotweb: \nhttps://www.deepdotweb.com/2017/01/19/single-computer-dos-slow-loris-attack/",
      "json_metadata": "{\"tags\":[\"hacking\",\"dos\",\"security\",\"slowloris\",\"python\"],\"image\":[\"https://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image--1024x576.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-72.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/inserting-image-1-1.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/01/word-image-73.png\"],\"links\":[\"https://www.deepdotweb.com/2016/11/06/analysis-record-ddos-attacks-mirai-iot-botnet/\",\"https://github.com/gkbrk/slowloris/blob/master/slowloris.py\",\"https://gist.github.com/gkbrk/5de70f35e69343718431\",\"https://www.deepdotweb.com/2017/01/19/single-computer-dos-slow-loris-attack/\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "hacking",
      "permlink": "single-computer-dos-slow-loris-attack",
      "title": "Single Computer DoS - Slow Loris attack"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-26T11:05:54",
  "trx_id": "91b0431fc436a7c371212da85e40d14f989636c1",
  "trx_in_block": 19,
  "virtual_op": 0
}

{
  "block": 13944671,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-23T20:49:12",
  "trx_id": "388f5ba1d7cf10c9e77f26e432413a48c2b5cc36",
  "trx_in_block": 23,
  "virtual_op": 0
}

{
  "block": 13944669,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "sh4rk",
      "weight": 0
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-23T20:49:06",
  "trx_id": "741902967a462b8f5ebff9861d280125332ac6be",
  "trx_in_block": 7,
  "virtual_op": 0
}

{
  "block": 13705266,
  "op": [
    "author_reward",
    {
      "author": "sh4rk",
      "permlink": "h1-7h3ya3",
      "sbd_payout": "0.047 SBD",
      "steem_payout": "0.000 STEEM",
      "vesting_payout": "86.823940 VESTS"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-15T13:10:09",
  "trx_id": "0000000000000000000000000000000000000000",
  "trx_in_block": 4294967295,
  "virtual_op": 14
}

{
  "block": 13675786,
  "op": [
    "comment",
    {
      "author": "kassie-vegas",
      "body": "Welcome to Steemit ! happy to have you here. Followed. **Follow me back** 😘",
      "json_metadata": "{\"tags\":[\"introduceyourself\"],\"app\":\"steemit/0.1\"}",
      "parent_author": "sh4rk",
      "parent_permlink": "h1-7h3ya3",
      "permlink": "re-sh4rk-h1-7h3ya3-20170714t123210055z",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-14T12:32:27",
  "trx_id": "21d19edd725572b85653fce54b7f3dfba496efcf",
  "trx_in_block": 9,
  "virtual_op": 0
}

{
  "block": 13594631,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "I'm thinking about developing a trading bot as well with a friend. Do you need more intelligent computing science students and programmers on the project? I have a lot of experience (for 21 year old) in both trading and programming. \n\nLet me know if you would like to discuss this further, btw both of us already have very good resume :)",
      "json_metadata": "{\"tags\":[\"bitcoin\"],\"app\":\"steemit/0.1\"}",
      "parent_author": "jordanlindsey",
      "parent_permlink": "steem-sbd-trading-bot-growth-hack-project-outline",
      "permlink": "re-jordanlindsey-steem-sbd-trading-bot-growth-hack-project-outline-20170711t165059653z",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:51:00",
  "trx_id": "2dd345687c6e45c2dd5a6ffc6ebd9892c6214fe7",
  "trx_in_block": 6,
  "virtual_op": 0
}

{
  "block": 13594519,
  "op": [
    "vote",
    {
      "author": "jordanlindsey",
      "permlink": "steem-sbd-trading-bot-growth-hack-project-outline",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:45:24",
  "trx_id": "e56b90e061afef8a2a52cf7a4f9dcaeae989fafc",
  "trx_in_block": 5,
  "virtual_op": 0
}

{
  "block": 13594445,
  "op": [
    "custom_json",
    {
      "id": "follow",
      "json": "[\"follow\",{\"follower\":\"sh4rk\",\"following\":\"jordanlindsey\",\"what\":[\"blog\"]}]",
      "required_auths": [],
      "required_posting_auths": [
        "sh4rk"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:41:42",
  "trx_id": "adc31d12b1b50ec0a24e82b1c40e827c540368f2",
  "trx_in_block": 2,
  "virtual_op": 0
}

{
  "block": 13594404,
  "op": [
    "custom_json",
    {
      "id": "follow",
      "json": "[\"follow\",{\"follower\":\"sh4rk\",\"following\":\"jordanlindsey\",\"what\":[\"blog\"]}]",
      "required_auths": [],
      "required_posting_auths": [
        "sh4rk"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:39:39",
  "trx_id": "b65fd5f52fb0f2e4c7f1bb86ea44a8536849da17",
  "trx_in_block": 24,
  "virtual_op": 0
}

{
  "block": 13594379,
  "op": [
    "transfer",
    {
      "amount": "0.001 SBD",
      "from": "jordanlindsey",
      "memo": "Please weigh in and add your insight, https://steemit.com/eos/@jordanlindsey/what-is-your-advice-on-buying-eos-eos-now-at-usd1-62",
      "to": "sh4rk"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:38:24",
  "trx_id": "00b2a2ce6414e3a8ba7ae279b0afec9bd75f9e01",
  "trx_in_block": 16,
  "virtual_op": 0
}

{
  "block": 13593781,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "ubg",
      "weight": 100
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:08:30",
  "trx_id": "f47995e19463b23b23364072a994deb272bf90ac",
  "trx_in_block": 19,
  "virtual_op": 0
}

{
  "block": 13593754,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "@@ -4030,16 +4030,125 @@\n ow me on\n+ deepdotweb, btw there are many extra links there (it's colossal pain in the posterior to add them all here):\n %0Ahttps:/\n",
      "json_metadata": "{\"tags\":[\"cryptocurrency\",\"bitcoin\",\"malware\",\"fun\",\"profit\"],\"image\":[\"https://steemitimages.com/DQmRh6hoNwoiN1aPFnjnXZbyKgcHGYaasAB2xUhjmN1J7jc/image.png\",\"https://steemitimages.com/DQmbWqwhMKobC11tBzasAhVonaKcwTfuGqF6unZGprx6eSf/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\",\"links\":[\"https://www.deepdotweb.com/2017/07/05/abusing-bitcoin-blockchain-for-fun-and-profit/\"]}",
      "parent_author": "",
      "parent_permlink": "cryptocurrency",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "title": "Abusing Bitcoin Blockchain for Fun and Profit"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:07:09",
  "trx_id": "f600248afc03d2add539bcfcf69b36df9707f6f9",
  "trx_in_block": 17,
  "virtual_op": 0
}

{
  "block": 13593710,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "alphacore",
      "weight": 10
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:04:57",
  "trx_id": "b3855577c342c9d6f912bae1f9eb3b67f014b22f",
  "trx_in_block": 27,
  "virtual_op": 0
}

{
  "block": 13593683,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "@@ -965,17 +965,17 @@\n Nakamoto\n-%E2%80%99\n+'\n s origin\n",
      "json_metadata": "{\"tags\":[\"cryptocurrency\",\"bitcoin\",\"malware\",\"fun\",\"profit\"],\"image\":[\"https://steemitimages.com/DQmRh6hoNwoiN1aPFnjnXZbyKgcHGYaasAB2xUhjmN1J7jc/image.png\",\"https://steemitimages.com/DQmbWqwhMKobC11tBzasAhVonaKcwTfuGqF6unZGprx6eSf/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\",\"links\":[\"https://www.deepdotweb.com/2017/07/05/abusing-bitcoin-blockchain-for-fun-and-profit/\"]}",
      "parent_author": "",
      "parent_permlink": "cryptocurrency",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "title": "Abusing Bitcoin Blockchain for Fun and Profit"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T16:03:36",
  "trx_id": "14be07d6a8a86da8ad4f863d393a46d9301b80d6",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 13593588,
  "op": [
    "vote",
    {
      "author": "cheetah",
      "permlink": "cheetah-re-sh4rkabusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "sh4rk",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:58:51",
  "trx_id": "da98297ddca5f4e8aeaf9db5f33ffdc0112bc3eb",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 13593481,
  "op": [
    "comment",
    {
      "author": "cheetah",
      "body": "Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:\nhttps://www.deepdotweb.com/2017/07/05/abusing-bitcoin-blockchain-for-fun-and-profit/",
      "json_metadata": "",
      "parent_author": "sh4rk",
      "parent_permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "permlink": "cheetah-re-sh4rkabusing-bitcoin-blockchain-for-fun-and-profit",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:53:30",
  "trx_id": "adddbfdb79300174780af72ddb026d5c51779dcb",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 13593479,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "cheetah",
      "weight": 100
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:53:24",
  "trx_id": "a848cf0fa6d76543327a1c73e27b10756002bc85",
  "trx_in_block": 5,
  "virtual_op": 0
}

{
  "block": 13593476,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "@@ -4119,13 +4119,4 @@\n fit/\n-#comments\n",
      "json_metadata": "{\"tags\":[\"cryptocurrency\",\"bitcoin\",\"malware\",\"fun\",\"profit\"],\"image\":[\"https://steemitimages.com/DQmRh6hoNwoiN1aPFnjnXZbyKgcHGYaasAB2xUhjmN1J7jc/image.png\",\"https://steemitimages.com/DQmbWqwhMKobC11tBzasAhVonaKcwTfuGqF6unZGprx6eSf/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\",\"links\":[\"https://www.deepdotweb.com/2017/07/05/abusing-bitcoin-blockchain-for-fun-and-profit/\"]}",
      "parent_author": "",
      "parent_permlink": "cryptocurrency",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "title": "Abusing Bitcoin Blockchain for Fun and Profit"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:53:15",
  "trx_id": "adcf88371e20def1d337f516358d1f916721e3aa",
  "trx_in_block": 21,
  "virtual_op": 0
}

{
  "block": 13593470,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "@@ -4003,8 +4003,129 @@\n hnology.\n+%0A%0AYou can also follow me on%0Ahttps://www.deepdotweb.com/2017/07/05/abusing-bitcoin-blockchain-for-fun-and-profit/#comments\n",
      "json_metadata": "{\"tags\":[\"cryptocurrency\",\"bitcoin\",\"malware\",\"fun\",\"profit\"],\"image\":[\"https://steemitimages.com/DQmRh6hoNwoiN1aPFnjnXZbyKgcHGYaasAB2xUhjmN1J7jc/image.png\",\"https://steemitimages.com/DQmbWqwhMKobC11tBzasAhVonaKcwTfuGqF6unZGprx6eSf/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\",\"links\":[\"https://www.deepdotweb.com/2017/07/05/abusing-bitcoin-blockchain-for-fun-and-profit/#comments\"]}",
      "parent_author": "",
      "parent_permlink": "cryptocurrency",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "title": "Abusing Bitcoin Blockchain for Fun and Profit"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:52:57",
  "trx_id": "7bc88bf79e7b465c470db100251da152e8658ded",
  "trx_in_block": 17,
  "virtual_op": 0
}

{
  "block": 13593444,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "epeakinfo",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:51:39",
  "trx_id": "02fa1414d45ec6254620d7de8282595a5eb27c73",
  "trx_in_block": 4,
  "virtual_op": 0
}

{
  "block": 13593441,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:51:30",
  "trx_id": "3bf2d541aaeb0af5241a94e2199a816ff3a93c10",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 13593441,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "Hackers don’t stop at ‘What is it used for?’ but always extend their curiosity to ‘What it can be used for?’ and that’s part of what differentiates hacker’s mindset from many others. With that in mind, today we will look at good ol’ blockchain.\n\nBecause it’s used for writing transactions, btc blockchain carries some properties you’re probably familiar with: public accessibility (anyone or anything can get the information from the blockchain), decentralization – meaning no authority can change confirmed blocks and last, but very important, you can write arbitrary data to the blockchain by making transactions! \n\nThis is what a transaction packet looks like:\n\n![](https://steemitimages.com/DQmRh6hoNwoiN1aPFnjnXZbyKgcHGYaasAB2xUhjmN1J7jc/image.png)\n\nFirst message ever written to the blockchain was by Satoshi Nakamoto himself:\n\n“The Times 03/Jan/2009 Chancellor on brink of second bailout for banks”.\n\nFor example, I love the fact that someone wrote Satoshi Nakamoto’s original whitepaper about bitcoin network to the blockchain. This transaction wrote the hex values that represent Nelson Mandela picture and his quote:\n\n![](https://steemitimages.com/DQmbWqwhMKobC11tBzasAhVonaKcwTfuGqF6unZGprx6eSf/image.png)\n\nSomeone did cross site scripting attack demo, although it is now fixed on blockchain.info, it used to work (maker on reddit). This is what he wrote to the blockchain:\n\nwindow.alert(“If this were an actual exploit, your mywallet would be empty.”) \n(in html scripts tag)\n\nThere are many other stuff written out there that is left for you to explore as it’s not the topic of this article. If you want to be the part of the blockchain without messing with the technicalities, use cryptgraffiti.info to add your own text or image to the blockchain.\n\nIllegitimate uses of blockchain\n\nSaving encoded data on the blockchain is as old as the blockchain itself and there were many cases of using mentioned properties for malicious purposes (there is a lot of encrypted data written). The fact that no one can take your message down makes it really tough Command & Control server for malware. Operators could store commands on the blockchain and authorities can’t take it down. One could argue that Tor’s hidden service is almost as difficult to take down, but Tor has had its flaws and hidden services have been taken down in the past which is not true for the bitcoin blockchain.\nFurthermore, malware can be nothing more than a program which explores the blockchain to find the encrypted payload and then load it into memory and execute it without touching the disk with it. This method is very troublesome for anti-virus solutions even with normal C&C servers. I’m not trying to say these are revolutionary ideas with insane benefits, but it has its advantages with the plus of being innovative and cool af.\n\nI wouldn’t mention this if it wasn’t already publicly available, but blockchain can be used for storing valuable illegal data such as 0days, stolen credit cards data, CP and more. The point is that you can encrypt such data with public keys and hold and sell only private keys so you don’t worry about losing such valuable data or getting caught with it. One could argue that it’s no different than having an encrypted hard drive and it is true for the most part, but it has some subtle benefits. E.g., local authorities could copy suspect’s encrypted hard drive and wait for a vulnerability in used encryption (many encryption algorithms in the past have proven to be flawed) or trick you (hack you, beat you) to get the key. On the other hand, having only transaction hash stored, authorities might never find out what the hash represents. Seemingly, you don’t have any encrypted data so you’re not suspicious at all – reminds me of steganography and cryptography relation.\n\nBlockchain technology is revolutionizing the world and has huge potential so it’s expected to be useful to criminals as well. Only time will tell what human creativity will yield in this fast developing technology.",
      "json_metadata": "{\"tags\":[\"cryptocurrency\",\"bitcoin\",\"malware\",\"fun\",\"profit\"],\"image\":[\"https://steemitimages.com/DQmRh6hoNwoiN1aPFnjnXZbyKgcHGYaasAB2xUhjmN1J7jc/image.png\",\"https://steemitimages.com/DQmbWqwhMKobC11tBzasAhVonaKcwTfuGqF6unZGprx6eSf/image.png\"],\"app\":\"steemit/0.1\",\"format\":\"markdown\"}",
      "parent_author": "",
      "parent_permlink": "cryptocurrency",
      "permlink": "abusing-bitcoin-blockchain-for-fun-and-profit",
      "title": "Abusing Bitcoin Blockchain for Fun and Profit"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-11T15:51:30",
  "trx_id": "3bf2d541aaeb0af5241a94e2199a816ff3a93c10",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 13569591,
  "op": [
    "custom_json",
    {
      "id": "follow",
      "json": "[\"follow\",{\"follower\":\"sh4rk\",\"following\":\"lukewearechange\",\"what\":[\"blog\"]}]",
      "required_auths": [],
      "required_posting_auths": [
        "sh4rk"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T19:58:33",
  "trx_id": "0a7ae3f372677f8866c662a25c7d084c4af8248e",
  "trx_in_block": 17,
  "virtual_op": 0
}

{
  "block": 13569584,
  "op": [
    "custom_json",
    {
      "id": "follow",
      "json": "[\"follow\",{\"follower\":\"sh4rk\",\"following\":\"ingenesist\",\"what\":[\"blog\"]}]",
      "required_auths": [],
      "required_posting_auths": [
        "sh4rk"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T19:58:12",
  "trx_id": "925dbbb6b36f0f38cecbdf713e1b1ccfa30c0a9b",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 13569582,
  "op": [
    "custom_json",
    {
      "id": "follow",
      "json": "[\"follow\",{\"follower\":\"sh4rk\",\"following\":\"fortified\",\"what\":[\"blog\"]}]",
      "required_auths": [],
      "required_posting_auths": [
        "sh4rk"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T19:58:06",
  "trx_id": "3dc3fd43ce5475086cc256b3a4d4aa39274a2656",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 13564662,
  "op": [
    "custom_json",
    {
      "id": "follow",
      "json": "[\"follow\",{\"follower\":\"sh4rk\",\"following\":\"digitalplayer\",\"what\":[]}]",
      "required_auths": [],
      "required_posting_auths": [
        "sh4rk"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T15:51:36",
  "trx_id": "b6cfed0490b684593620003840c5c3d718ec2447",
  "trx_in_block": 3,
  "virtual_op": 0
}

{
  "block": 13564647,
  "op": [
    "account_update",
    {
      "account": "sh4rk",
      "json_metadata": "{\"profile\":{\"profile_image\":\"https://preview.ibb.co/cp9Kua/20170709_184632.jpg\"}}",
      "memo_key": "STM7JQYSkPJBSRR9VjBfSrRKNMxiDrMCkuFsJwjtJwq2wY1wLQqDr"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T15:50:51",
  "trx_id": "df97cf264fe697b52b9ccc938f119a0792837555",
  "trx_in_block": 24,
  "virtual_op": 0
}

{
  "block": 13564637,
  "op": [
    "account_update",
    {
      "account": "sh4rk",
      "json_metadata": "{\"profile\":{\"profile_image\":\"https://ibb.co/knY17v\"}}",
      "memo_key": "STM7JQYSkPJBSRR9VjBfSrRKNMxiDrMCkuFsJwjtJwq2wY1wLQqDr"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T15:50:21",
  "trx_id": "0ba9a5f565f986a5f37a73d475fb767df8e656a3",
  "trx_in_block": 8,
  "virtual_op": 0
}

{
  "block": 13563460,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "@@ -6678,28 +6678,141 @@\n %3Cbr%3E%3C/p%3E%0A%3Cp%3E\n-%3Cbr%3E\n+A bit more formal version was also posted on https://www.deepdotweb.com/2017/06/23/fundamental-security-flaws-in-usb/\n %3C/p%3E%0A%3C/html%3E\n",
      "json_metadata": "{\"tags\":[\"hacking\",\"usb\",\"security\",\"prank\",\"hack\"],\"image\":[\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-37.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-38.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-40.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-41.png\"],\"links\":[\"https://hakshop.com/products/usb-rubber-ducky-deluxe\",\"https://hakshop.com/products/bash-bunny\",\"http://www.ebay.com/itm/Digispark-Kickstarter-ATTINY85-Arduino-General-Micro-USB-Development-Board-/142062832671?hash=item21139acc1f:g:2RUAAOSwAL9UdypA\",\"https://en.wikipedia.org/wiki/Samy_(computer_worm)\",\"https://samy.pl/poisontap/\",\"https://www.youtube.com/watch?v=Aatp5gCskvk&feature=youtu.be\",\"https://www.usbkill.com/\",\"https://github.com/brandonlw/Psychson\",\"http://www.urbandictionary.com/define.php?term=kangaroo%20position\",\"https://www.deepdotweb.com/2017/06/23/fundamental-security-flaws-in-usb/\"],\"app\":\"steemit/0.1\",\"format\":\"html\"}",
      "parent_author": "",
      "parent_permlink": "hacking",
      "permlink": "fundamental-security-flaws-in-usb",
      "title": "Fundamental security flaws in USB"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T14:51:27",
  "trx_id": "a36bde3daad35ca6079a7e347000fc47cb64bfff",
  "trx_in_block": 1,
  "virtual_op": 0
}

{
  "block": 13563403,
  "op": [
    "vote",
    {
      "author": "cheetah",
      "permlink": "cheetah-re-sh4rkfundamental-security-flaws-in-usb",
      "voter": "sh4rk",
      "weight": -10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T14:48:36",
  "trx_id": "160b3aebffa289d986f1edd66318eb5792888a1e",
  "trx_in_block": 6,
  "virtual_op": 0
}

{
  "block": 13563381,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "fundamental-security-flaws-in-usb",
      "voter": "lifespring",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T14:47:30",
  "trx_id": "05d2c8d7433adc58bdc9c47742a5d39180bd3abc",
  "trx_in_block": 0,
  "virtual_op": 0
}

{
  "block": 13563173,
  "op": [
    "comment",
    {
      "author": "cheetah",
      "body": "Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:\nhttps://www.deepdotweb.com/2017/06/23/fundamental-security-flaws-in-usb/",
      "json_metadata": "",
      "parent_author": "sh4rk",
      "parent_permlink": "fundamental-security-flaws-in-usb",
      "permlink": "cheetah-re-sh4rkfundamental-security-flaws-in-usb",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T14:37:06",
  "trx_id": "46bddd30ea0700504f80600d38249d8e8915b71a",
  "trx_in_block": 7,
  "virtual_op": 0
}

{
  "block": 13563171,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "fundamental-security-flaws-in-usb",
      "voter": "cheetah",
      "weight": 100
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T14:37:00",
  "trx_id": "bc47d8d2e25d742fdfee622018db517c67cbb2fa",
  "trx_in_block": 14,
  "virtual_op": 0
}

{
  "block": 13563144,
  "op": [
    "vote",
    {
      "author": "sh4rk",
      "permlink": "fundamental-security-flaws-in-usb",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T14:35:39",
  "trx_id": "593a20bb402b803e8e04916ba7f86c2cb0606a4b",
  "trx_in_block": 8,
  "virtual_op": 0
}

{
  "block": 13563144,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "<html>\n<p>USB or Universal Serial Bus was not designed with security in mind. Windows, Linux and OS X basically trust anything plugged in USB port. If a hacker has a very short, but private time with your laptop, this attack vector becomes very feasible. Before actual security threats, let's analyze how USB works in general.&nbsp;</p>\n<p>Every USB device has a controller chip and memory storage for firmware, both invisible to the user. Only mass storage is visible to the user. Following picture shows it on a flash drive.</p>\n<p><img src=\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-37.png\" width=\"687\" height=\"425\"/></p>\n<p>When USB device is plugged into the computer, the chip executes firmware code. On a legit flash drive, firmware is programmed to first register itself as some device (simply by sending a number, no questions asked) and load a driver to be installed. However, the firmware can be programmed to do a vast majority of stuff which makes a big range of possible USB attacks. Most devices are trusted by default – all user interaction needed for a keyboard is plugging it in.&nbsp;Also, it's worth noting that USB device can legitimately register as more than 1 type of device. It can also stop being 1 type and become another by deregistering.</p>\n<p><img src=\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-38.png\" width=\"690\" height=\"450\"/></p>\n<p>Also, each operating system can be identified because of configuration information that is sent back to the chip. This makes the USB globally a widespread security threat targeting all major operating systems.Here’s a partial list of realistic dangers, starting with the most popular and ending with the most badass.</p>\n<p><br></p>\n<p><strong>Human Interface Device (HID)</strong></p>\n<p>We’re talking about keyboards, mice and other devices that are controlled by the user. Keyboards work as soon as you plug them in, which is very attractive to hackers. You might’ve heard of<a href=\"https://hakshop.com/products/usb-rubber-ducky-deluxe\"> RubberDucky</a> or<a href=\"https://hakshop.com/products/bash-bunny\"> BashBunny</a>, devices that look like regular USB sticks, but they actually emulate pre-programmed keystrokes when plugged in, no questions asked. Such devices can download and execute a backdoor in 20 seconds. If you don’t like Ducky’s or Bunny’s price, I suggest using your Android phone or<a href=\"http://www.ebay.com/itm/Digispark-Kickstarter-ATTINY85-Arduino-General-Micro-USB-Development-Board-/142062832671?hash=item21139acc1f:g:2RUAAOSwAL9UdypA\"> Arduino Digispark </a>(less than $1.5). These are also awesome for pranking people in PC labs (or office or whatever), e.g. it can make the screen rotate around endlessly while playing 'never gonna give you up...' on youtube :D.&nbsp;</p>\n<p><img src=\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-40.png\" width=\"500\" height=\"497\"/></p>\n<p>If you lock your computer, those attacks are prevented, but following attack can do significant damage on a locked computer.</p>\n<p><br></p>\n<p><strong>Ethernet device</strong></p>\n<p>I love this attack! My <a href=\"https://en.wikipedia.org/wiki/Samy_(computer_worm)\">hero</a>‘s <a href=\"https://samy.pl/poisontap/\">PoisonTap</a> is RasperryPi Zero device ($5) which emulates an Ethernet device over USB. PoisonTap produces a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors. This type of attack works because computers automatically perform a DHCP request upon recognizing a new network card. Such a malicious device assigns an IP address to the computer and tells it that every single IP address in existence is inside of its local area network (you need to send a packet? I got you bro :D). From now on, when an infected computer sends a packet to any IP address, it will go through malicious USB-Ethernet device because LAN over WAN routing priority. From that point on, it is possible to poison a victim’s cache, DNS table, steal cookies and do more.&nbsp;</p>\n<p><img src=\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-41.png\" width=\"674\" height=\"416\"/></p>\n<p>Android phones seem to be the simplest tools to perform this attack by taking advantage of a USB-Ethernet service, possibly by “charging” your phone on someone’s computer. Check out the <a href=\"https://www.youtube.com/watch?v=Aatp5gCskvk&amp;feature=youtu.be\">demo</a> by Samy.</p>\n<p><br></p>\n<p><strong>Killer</strong></p>\n<p>Looks like a USB stick, but packs a few capacitors that charge through the USB port and then release the charge at 200+V with the goal of frying the motherboard. Some new computers, e.g. Apple Macbooks, have hardware mitigation for this type of attack, but most computers’ motherboards can be destroyed with a <a href=\"https://www.usbkill.com/\">USB Killer</a>. Not for pranking though.</p>\n<p><br></p>\n<p><strong>Infecting the World</strong></p>\n<p>This is a very time-consuming task, but reverse engineering the firmware is very powerful. Not only can we make our own rubber ducky out of regular flash drive (<a href=\"https://github.com/brandonlw/Psychson\">github</a>), we can also change the drivers that get installed on the connected computer. An unpleasant scenario goes like this – someone patches the firmware to install malicious drivers which turn the computer in a spreading point. Each (compatible) USB plugged into the infected computer gets “firmware update” and becomes a spreading stick, resembling STDs perfectly. Combining this idea with identifying the OS and choosing the right payload, every major operating system is at danger. I will write much more about this in a separate article. Luckily for us, wikileaks revealed how CIA put this idea to life with Brutal Kangaroo (not this <a href=\"http://www.urbandictionary.com/define.php?term=kangaroo%20position\">kangaroo</a>) and Drifting Deadline. Also, some folks at Blackhat conference also shared their ideas so stay tuned for that.</p>\n<p><br></p>\n<p><strong>How to secure yourself?</strong></p>\n<p>Most researchers talk about code signing and integrity protection for firmware updates but it’s not coming very soon. I recommend using software that disables your USB ports when you lock the screen so you can take your break without worries. As far as malicious firmware and drivers are concerned, there’s no feasible and easy patch so be careful what you insert into your port (reminds me of mother-daughter advice LOL). &nbsp;</p>\n<p><br></p>\n<p><br></p>\n</html>",
      "json_metadata": "{\"tags\":[\"hacking\",\"usb\",\"security\",\"prank\",\"hack\"],\"image\":[\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-37.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-38.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-40.png\",\"https://www.deepdotweb.com/wp-content/uploads/2017/06/word-image-41.png\"],\"links\":[\"https://hakshop.com/products/usb-rubber-ducky-deluxe\",\"https://hakshop.com/products/bash-bunny\",\"http://www.ebay.com/itm/Digispark-Kickstarter-ATTINY85-Arduino-General-Micro-USB-Development-Board-/142062832671?hash=item21139acc1f:g:2RUAAOSwAL9UdypA\",\"https://en.wikipedia.org/wiki/Samy_(computer_worm)\",\"https://samy.pl/poisontap/\",\"https://www.youtube.com/watch?v=Aatp5gCskvk&feature=youtu.be\",\"https://www.usbkill.com/\",\"https://github.com/brandonlw/Psychson\",\"http://www.urbandictionary.com/define.php?term=kangaroo%20position\"],\"app\":\"steemit/0.1\",\"format\":\"html\"}",
      "parent_author": "",
      "parent_permlink": "hacking",
      "permlink": "fundamental-security-flaws-in-usb",
      "title": "Fundamental security flaws in USB"
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-10T14:35:39",
  "trx_id": "593a20bb402b803e8e04916ba7f86c2cb0606a4b",
  "trx_in_block": 8,
  "virtual_op": 0
}

{
  "block": 13536923,
  "op": [
    "comment",
    {
      "author": "pwnedu",
      "body": "I agree. The first set of challenges is great for anyone wanting dive into linux.",
      "json_metadata": "{\"tags\":[\"hacking\"],\"app\":\"steemit/0.1\"}",
      "parent_author": "sh4rk",
      "parent_permlink": "re-pwnedu-how-do-i-learn-how-to-hack-hand-s-on-cybersecurity-experience-20170709t163707419z",
      "permlink": "re-sh4rk-re-pwnedu-how-do-i-learn-how-to-hack-hand-s-on-cybersecurity-experience-20170709t163946357z",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-09T16:39:48",
  "trx_id": "a2b76cd1154afc86cb0c1e61e2ebabfbb8655b4b",
  "trx_in_block": 5,
  "virtual_op": 0
}

{
  "block": 13536864,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "I recommend overthewire for newbies, thats the place i made a big step forward for sure.",
      "json_metadata": "{\"tags\":[\"hacking\"],\"app\":\"steemit/0.1\"}",
      "parent_author": "pwnedu",
      "parent_permlink": "how-do-i-learn-how-to-hack-hand-s-on-cybersecurity-experience",
      "permlink": "re-pwnedu-how-do-i-learn-how-to-hack-hand-s-on-cybersecurity-experience-20170709t163707419z",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-09T16:36:51",
  "trx_id": "6e61249c3f258bade981d56a7f47fd52f1a599b2",
  "trx_in_block": 18,
  "virtual_op": 0
}

{
  "block": 13529009,
  "op": [
    "custom_json",
    {
      "id": "follow",
      "json": "[\"follow\",{\"follower\":\"sh4rk\",\"following\":\"digitalplayer\",\"what\":[\"blog\"]}]",
      "required_auths": [],
      "required_posting_auths": [
        "sh4rk"
      ]
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-09T10:04:00",
  "trx_id": "1b5ba46aacd60e5225436e86193291a9b4ed1182",
  "trx_in_block": 3,
  "virtual_op": 0
}

{
  "block": 13528994,
  "op": [
    "comment",
    {
      "author": "sh4rk",
      "body": "@@ -39,6 +39,84 @@\n s me\n-..\n+, also I dont like the fact you lied to me (you're not in my followers list :P )\n",
      "json_metadata": "{\"tags\":[\"introduceyourself\"],\"app\":\"steemit/0.1\"}",
      "parent_author": "revealmoney",
      "parent_permlink": "re-sh4rk-h1-7h3ya3-20170708t141544238z",
      "permlink": "re-revealmoney-re-sh4rk-h1-7h3ya3-20170709t095503027z",
      "title": ""
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-09T10:03:15",
  "trx_id": "b7502f41671d0ab08c89629e54855697d795c5eb",
  "trx_in_block": 9,
  "virtual_op": 0
}

{
  "block": 13528855,
  "op": [
    "vote",
    {
      "author": "steemitboard",
      "permlink": "steemitboard-notify-sh4rk-20170708t151954000z",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-09T09:56:18",
  "trx_id": "0ed74d9e0905fd4efb151125630699fcdb52dee4",
  "trx_in_block": 7,
  "virtual_op": 0
}

{
  "block": 13528851,
  "op": [
    "vote",
    {
      "author": "steemitboard",
      "permlink": "steemitboard-notify-sh4rk-20170708t180924000z",
      "voter": "sh4rk",
      "weight": 10000
    }
  ],
  "op_in_trx": 0,
  "timestamp": "2017-07-09T09:56:06",
  "trx_id": "9cbaa5c4dfc4a70bc086c594a049e049cebd6d0c",
  "trx_in_block": 8,
  "virtual_op": 0
}