{"id":1485,"date":"2016-06-12T17:31:50","date_gmt":"2016-06-12T17:31:50","guid":{"rendered":"https:\/\/www.bsk-consulting.de\/?p=1485"},"modified":"2022-03-25T14:15:07","modified_gmt":"2022-03-25T13:15:07","slug":"ioc-scanning-compulsory-and-freestyle","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/","title":{"rendered":"Not All IOC Scanning Is the Same"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;section&#8221; _builder_version=&#8221;3.22&#8243;][et_pb_row admin_label=&#8221;row&#8221; _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text admin_label=&#8221;Text&#8221; _builder_version=&#8221;4.4.3&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;]In the recent months I had several talks with friends and coworkers about IOC scanning and how to integrate IOCs from threat intel feeds into our scanners or other products that our customers already use. People often tell me that EDR or client management product X already does IOC scanning and that we don&#8217;t need to check for these indicators a second time. Especially when it comes to network wide sweeps for traces of activity due to an ongoing incident I recommend scanning a second time with one of our scanners or a tool of similar quality.<br \/>\nThis blog post explains why.<br \/>\nPeople usually spend a fair amount of time on selecting threat intel feeds and interesting indicators for their scans. However when it comes to the actual application of these indicators they seem to be satisfied with the simplest form of checks.<br \/>\nEspecially when we look at C2 or Filename IOCs I can easily explain the difference between the &#8220;compulsory&#8221; and &#8220;freestyle&#8221; methods of IOC scanning.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1486\" src=\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg\" alt=\"IOC scanning automation\" width=\"300\" height=\"200\" \/><br \/>\nA plain &#8220;compulsory&#8221; filename IOC check would walk the disk or query a database looking for a certain filename, right?<br \/>\nHowever if you think about it for a second and ask yourself &#8220;where else could we check for that filename?&#8221; you&#8217;ll realize that the following elements could also contain the malicious filename:<\/p>\n<ul>\n<li>Eventlog entries (e.g. process starts, service installs with image path, access failures &#8230;)<\/li>\n<li>Log files (local Antivirus log file, access to file in web root > web server access log, backup errors, PowerShell history &#8230;)<\/li>\n<li>Registry (recently opened files, shell bags, service image path, other caches &#8230;)<\/li>\n<li>MFT (deleted entry)<\/li>\n<li>Archive content (packed in ZIP file)<\/li>\n<li>WMI (scripts &#8211; e.g. see <a href=\"https:\/\/github.com\/mattifestation\/WMI_Backdoor\" target=\"_blank\" rel=\"noopener noreferrer\">this PoC<\/a> by <a href=\"https:\/\/twitter.com\/mattifestation\" target=\"_blank\" rel=\"noopener noreferrer\">Matt Graeber)<\/a><\/li>\n<li>Crash dumps<\/li>\n<li>Windows Error Report (WER &#8211; file names and content)<\/li>\n<li>Free disk space (filename as content of batch files or other scripts, scheduled tasks &#8230;)<\/li>\n<\/ul>\n<p>Actually we often see that during lateral movement attackers access systems, run their tools remotely, copy the output, delete the output files and leave no file system traces behind. We use the locations that I mentioned above and others to detect them using their tools although all the files have been removed from disk. That&#8217;s the &#8220;freestyle&#8221; method.<br \/>\nThe same counts for the C2 IOCs. The &#8220;compulsory&#8221; plain method would check the system&#8217;s network connections. The &#8220;freestyle&#8221; method also includes checking for these C2 IOCs in the following locations:<\/p>\n<ul>\n<li>Process memory (C2 strings loaded and decrypted in process memory)<\/li>\n<li>Log files (web server access logs, Windows firewall log file, AV module log file &#8230;)<\/li>\n<li>Hosts file<\/li>\n<li>Files (in backdoor config files on disk)<\/li>\n<li>Registry (hard coded C2 server in registry key)<\/li>\n<\/ul>\n<p>I am sure that digital forensics experts would come up with other fruitful locations. It is just sad to see those great indicators feed into tools that do &#8220;IOC scanning&#8221; only to get another check mark in a product comparison table &#8211; aka the &#8220;compulsory&#8221; way.<\/p>\n<blockquote><p>If all you have is a hammer, everything looks like a nail.<\/p><\/blockquote>\n<p>So &#8211; the next time when someone tells you that their tool checks for IOCs on the endpoint, your question should be &#8220;How and where do you check for these IOCs?&#8221;.[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the recent months I had several talks with friends and coworkers about IOC scanning and how to integrate IOCs from threat intel feeds into our scanners or other products that our customers already use. People often tell me that EDR or client management product X already does IOC scanning and that we don&#8217;t need to check for these indicators a second time. Especially when it comes to network wide sweeps for traces of activity due to an ongoing incident I recommend scanning a second time with one of our scanners or a tool of similar quality. This blog post explains why. People usually spend a fair amount of time on selecting threat intel feeds and interesting indicators for their scans. However when it comes to the actual application of these indicators they seem to be satisfied with the simplest form of checks. Especially when we look at C2 or Filename IOCs I can easily explain the difference between the &#8220;compulsory&#8221; and &#8220;freestyle&#8221; methods of IOC scanning. A plain &#8220;compulsory&#8221; filename IOC check would walk the disk or query a database looking for a certain filename, right? However if you think about it for a second and ask yourself &#8220;where [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"In the recent months I had several talks with friends and coworkers about IOC scanning and how to integrate IOCs from threat intel feeds into our scanners or other products that our customers already use. People often tell me that EDR or client management product X already does IOC scanning and that we don't need to check for these indicators a second time. Especially when it comes to network wide sweeps for traces of activity due to an ongoing incident I recommend scanning a second time with one of our scanners or a tool of similar quality.\r\nThis blog post explains why.\r\nPeople usually spend a fair amount of time on selecting threat intel feeds and interesting indicators for their scans. However when it comes to the actual application of these indicators they seem to be satisfied with the simplest form of checks.\r\nEspecially when we look at C2 or Filename IOCs I can easily explain the difference between the \"compulsory\" and \"freestyle\" methods of IOC scanning.\r\n<a href=\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg\"><img class=\"alignnone size-full wp-image-1486\" src=\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg\" alt=\"IOC scanning automation\" width=\"300\" height=\"200\" \/><\/a>\r\nA plain \"compulsory\" filename IOC check would walk the disk or query a database looking for a certain filename, right?\r\nHowever if you think about it for a second and ask yourself \"where else could we check for that filename?\" you'll realize that the following elements could also contain the malicious filename:\r\n<ul>\r\n \t<li>Eventlog entries (e.g. process starts, service installs with image path, access failures ...)<\/li>\r\n \t<li>Log files (local Antivirus log file, access to file in web root > web server access log, backup errors, PowerShell history ...)<\/li>\r\n \t<li>Registry (recently opened files, shell bags, service image path, other caches ...)<\/li>\r\n \t<li>MFT (deleted entry)<\/li>\r\n \t<li>Archive content (packed in ZIP file)<\/li>\r\n \t<li>WMI (scripts - e.g. see <a href=\"https:\/\/github.com\/mattifestation\/WMI_Backdoor\" target=\"_blank\" rel=\"noopener noreferrer\">this PoC<\/a> by <a href=\"https:\/\/twitter.com\/mattifestation\" target=\"_blank\" rel=\"noopener noreferrer\">Matt Graeber)<\/a><\/li>\r\n\t<li>Crash dumps<\/li>\r\n\t<li>Windows Error Report (WER - file names and content)<\/li>\r\n\t<li>Free disk space (filename as content of batch files or other scripts, scheduled tasks ...)<\/li>\r\n<\/ul>\r\nActually we often see that during lateral movement attackers access systems, run their tools remotely, copy the output, delete the output files and leave no file system traces behind. We use the locations that I mentioned above and others to detect them using their tools although all the files have been removed from disk. That's the \"freestyle\" method.\r\nThe same counts for the C2 IOCs. The \"compulsory\" plain method would check the system's network connections. The \"freestyle\" method also includes checking for these C2 IOCs in the following locations:\r\n<ul>\r\n \t<li>Process memory (C2 strings loaded and decrypted in process memory)<\/li>\r\n \t<li>Log files (web server access logs, Windows firewall log file, AV module log file ...)<\/li>\r\n \t<li>Hosts file<\/li>\r\n \t<li>Files (in backdoor config files on disk)<\/li>\r\n \t<li>Registry (hard coded C2 server in registry key)<\/li>\r\n<\/ul>\r\nI am sure that digital forensics experts would come up with other fruitful locations. It is just sad to see those great indicators feed into tools that do \"IOC scanning\" only to get another check mark in a product comparison table - aka the \"compulsory\" way.\r\n<blockquote>If all you have is a hammer, everything looks like a nail.<\/blockquote>\r\nSo - the next time when someone tells you that their tool checks for IOCs on the endpoint, your question should be \"How and where do you check for these IOCs?\".\r\n","_et_gb_content_width":"","footnotes":""},"categories":[316,87],"tags":[543,544,219,545,546,547,118,548,463,117,7,279],"class_list":["post-1485","post","type-post","status-publish","format-standard","hentry","category-apt","category-security-monitoring","tag-c2-server","tag-edr","tag-filename","tag-indicator-of-compromise","tag-indicators-of-compromise","tag-ioc-scanning","tag-iocs","tag-mft","tag-registry","tag-scan","tag-scanner","tag-shim-cache"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Not All IOC Scanning Is the Same - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"Not All IOC Scanning Is the Same\",\"datePublished\":\"2016-06-12T17:31:50+00:00\",\"dateModified\":\"2022-03-25T13:15:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/\"},\"wordCount\":607,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg\",\"keywords\":[\"c2 server\",\"EDR\",\"filename\",\"indicator of compromise\",\"indicators of compromise\",\"IOC Scanning\",\"IOCs\",\"MFT\",\"registry\",\"scan\",\"scanner\",\"Shim Cache\"],\"articleSection\":[\"APT\",\"Security Monitoring\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/\",\"name\":\"Not All IOC Scanning Is the Same - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg\",\"datePublished\":\"2016-06-12T17:31:50+00:00\",\"dateModified\":\"2022-03-25T13:15:07+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg\",\"width\":300,\"height\":200},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Not All IOC Scanning Is the Same - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"Not All IOC Scanning Is the Same","datePublished":"2016-06-12T17:31:50+00:00","dateModified":"2022-03-25T13:15:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/"},"wordCount":607,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"image":{"@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage"},"thumbnailUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg","keywords":["c2 server","EDR","filename","indicator of compromise","indicators of compromise","IOC Scanning","IOCs","MFT","registry","scan","scanner","Shim Cache"],"articleSection":["APT","Security Monitoring"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/","url":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/","name":"Not All IOC Scanning Is the Same - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage"},"image":{"@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage"},"thumbnailUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg","datePublished":"2016-06-12T17:31:50+00:00","dateModified":"2022-03-25T13:15:07+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/2016\/06\/12\/ioc-scanning-compulsory-and-freestyle\/#primaryimage","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2016\/06\/7S5g5.jpg","width":300,"height":200},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/1485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=1485"}],"version-history":[{"count":3,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/1485\/revisions"}],"predecessor-version":[{"id":7463,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/1485\/revisions\/7463"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=1485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=1485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=1485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}