{"id":13498,"date":"2025-09-04T03:16:48","date_gmt":"2025-09-03T18:16:48","guid":{"rendered":"https:\/\/aireviewirush.com\/?p=13498"},"modified":"2025-09-04T03:16:48","modified_gmt":"2025-09-03T18:16:48","slug":"coaching-attendee-scanning-def-con","status":"publish","type":"post","link":"https:\/\/aireviewirush.com\/?p=13498","title":{"rendered":"Coaching Attendee Scanning Def Con"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-6a353ade5cfe4\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-6a353ade5cfe4\"  type=\"checkbox\" id=\"item-6a353ade5cfe4\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Background_The_Distinctive_Panorama_of_the_Black_Hat_NOC\" title=\"Background: The Distinctive Panorama of the Black Hat NOC\">Background: The Distinctive Panorama of the Black Hat NOC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Overview\" title=\"Overview\">Overview<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Investigation_Workflow_A_Multi-Device_Strategy_to_Speedy_Response\" title=\"Investigation Workflow: A Multi-Device Strategy to Speedy Response\">Investigation Workflow: A Multi-Device Strategy to Speedy Response<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Part_1_Assault_Triage_With_Cisco_XDR\" title=\"Part 1: Assault Triage With Cisco XDR\">Part 1: Assault Triage With Cisco XDR<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Part_2_Goal_Identification_With_Cisco_Umbrella\" title=\"Part 2: Goal Identification With Cisco Umbrella\">Part 2: Goal Identification With Cisco Umbrella<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Part_3_Visitors_Evaluation\" title=\"Part 3: Visitors Evaluation\">Part 3: Visitors Evaluation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Part_4_Perpetrator_Identification\" title=\"Part 4: Perpetrator Identification\">Part 4: Perpetrator Identification<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Potential_Dangers_Highlighted_by_the_Incident\" title=\"Potential Dangers Highlighted by the Incident\">Potential Dangers Highlighted by the Incident<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#Decision_and_Key_Takeaways_Implementing_Coverage_and_the_Worth_of_Swift_Motion\" title=\"Decision and Key Takeaways: Implementing Coverage and the Worth of Swift Motion\">Decision and Key Takeaways: Implementing Coverage and the Worth of Swift Motion<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/aireviewirush.com\/?p=13498\/#About_Black_Hat\" title=\"About Black Hat\">About Black Hat<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-f510a0b24f854e8a1560dbd4712b4a24\" id=\"h-background-the-unique-landscape-of-the-black-hat-noc\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Background_The_Distinctive_Panorama_of_the_Black_Hat_NOC\"><\/span>Background: The Distinctive Panorama of the Black Hat NOC<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Working the <a href=\"https:\/\/www.blackhat.com\/us-25\/noc.html\" target=\"_blank\" rel=\"noreferrer noopener\">Black Hat Safety and Community Operations Middle (NOC)<\/a> presents a singular set of challenges and expectations. In contrast to a typical company atmosphere the place any hacking exercise is instantly deemed malicious, the Black Hat convention is a nexus for cybersecurity analysis, coaching, and moral hacking. Consequently, we anticipate and even count on a major quantity of exercise that, in different contexts, can be thought of extremely suspicious or outright hostile. This consists of numerous types of scanning, exploitation makes an attempt, and different adversarial simulations, usually performed as a part of official trainings or impartial analysis.<\/p>\n<p>Including to this complexity is the Deliver Your Personal Gadget (BYOD) nature of the convention community. Attendees join a big selection of non-public gadgets, making conventional endpoint telemetry (like EDR options) a major problem for complete monitoring. As such, our main focus was on strong network-based telemetry for detection and risk looking.<\/p>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-da5409c1b2a9f9882c4ed6adbdd31c03\" id=\"h-overview\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Overview\"><\/span>Overview<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This writeup particulars a latest investigation throughout the Black Hat Safety and Community Operations Middle (SNOC), highlighting the crucial function of built-in safety instruments and early detection in mitigating potential threats, significantly when originating from inside a high-profile coaching atmosphere.<\/p>\n<p>On August 4, 2025, a Cisco XDR analytics alert flagged \u201cSuspected Port Abuse: Exterior \u2013 Exterior Port Scanner.\u201d The alert indicated an inner host from the \u201cDefending Enterprises \u2013 2025 Version\u201d coaching room was actively concentrating on an exterior IP tackle, which resolved to a website belonging to the Def Con cybersecurity convention. This exercise aligned with the MITRE ATT&amp;CK framework\u2019s Reconnaissance tactic (TA0043), particularly the Lively Scanning method (T1595).<\/p>\n<p class=\"has-text-align-center\"><iframe class=\"lazy lazy-hidden\" loading=\"lazy\" data-lazy-type=\"iframe\" data-src=\"https:\/\/players.brightcove.net\/1384193102001\/41XYD7gTx_default\/index.html?videoId=6378213920112\" allowfullscreen=\"\" webkitallowfullscreen=\"\" mozallowfullscreen=\"\" width=\"640\" height=\"360\"><\/iframe><noscript><iframe loading=\"lazy\" src=\"https:\/\/players.brightcove.net\/1384193102001\/41XYD7gTx_default\/index.html?videoId=6378213920112\" allowfullscreen=\"\" webkitallowfullscreen=\"\" mozallowfullscreen=\"\" width=\"640\" height=\"360\"><\/iframe><\/noscript><\/p>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-0d90e3aa69783eda69ec379ef8b308b4\" id=\"h-investigation-workflow-a-multi-tool-approach-to-rapid-response\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Investigation_Workflow_A_Multi-Device_Strategy_to_Speedy_Response\"><\/span>Investigation Workflow: A Multi-Device Strategy to Speedy Response<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-9a2383dbbd9e989bb9b8e2978eaa3141\" id=\"h-phase-1-attack-triage-with-cisco-xdr\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Part_1_Assault_Triage_With_Cisco_XDR\"><\/span>Part 1: Assault Triage With Cisco XDR<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The Cisco XDR analytics incident supplied the preliminary alert and connection flows, providing quick visibility into the suspicious community exercise. Detecting this on the reconnaissance part is essential, as early detection within the MITRE ATT&amp;CK chain considerably reduces the danger of an adversary progressing to extra impactful phases.<\/p>\n<p>We noticed a excessive confidence incident involving two IP addresses from an inner subnet connecting with a single exterior IP tackle. The related alert was labeled as a suspected port abuse by Cisco XDR.<\/p>\n<p>Cisco XDR\u2019s \u2018Examine\u2019 function then allowed us to additional drill down into and visualized the connection flows related to that exterior IP tackle. It additionally searched towards a number of risk intelligence sources for any popularity related to the observables. The exterior host was not discovered to have a malicious popularity.<\/p>\n<h3 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-31d6e4767432d848d6ff8b8fc83cd13f\" id=\"h-phase-2-target-identification-with-cisco-umbrella\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Part_2_Goal_Identification_With_Cisco_Umbrella\"><\/span>Part 2: Goal Identification With Cisco Umbrella<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>We used Cisco Umbrella (DNS resolver) to substantiate that the goal IP resolves to a single area. The area seems to be owned by Def Con and hosted in the USA, by Comcast. The direct affiliation with the Def Con Cybersecurity Convention instantly raised considerations about unauthorized reconnaissance towards one other main occasion\u2019s infrastructure.<\/p>\n<p>Cisco Umbrella good search lookup of the area confirmed that the area has a low threat and is classed beneath the \u201cHacking\/Conventions\u201d class. It was confirmed by Cisco Umbrella to belong to the Def Con conference.<\/p>\n<h3 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-4740f572fbb455bec4a1ec8ead4d1265\" id=\"h-phase-3-traffic-analysis\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Part_3_Visitors_Evaluation\"><\/span>Part 3: Visitors Evaluation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Inspecting the NetFlow visitors in XDR analytics offers us a direct perception that port scanning has probably occurred.<\/p>\n<p>Pivoting into Cisco Firepower Administration Console (FMC), we ran a report of the related visitors from the Cisco Firepower Administration Console.<\/p>\n<p>The report graphed the highest 100 vacation spot ports related to the visitors and painted a really clear image. It confirmed that the interior host was systematically scanning numerous ports on the exterior goal. Notably, we excluded frequent net ports like 80 and 443, which helped us keep away from  doubtlessly reliable visitors. Every port was scanned exactly 4 occasions, indicating a methodical, automated exercise, totally in keeping with a devoted port scan.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"752\" height=\"399\" data-lazy-type=\"image\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/09\/Cisco-FMC-Report-on-Top-100-Destination-Ports.webp\" alt=\"\" class=\"lazy lazy-hidden wp-image-477503\"><noscript><img loading=\"lazy\" decoding=\"async\" width=\"752\" height=\"399\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/09\/Cisco-FMC-Report-on-Top-100-Destination-Ports.webp\" alt=\"\" class=\"wp-image-477503\"><\/noscript><figcaption class=\"wp-element-caption\"><em>Fig. <em>1<\/em>: Cisco FMC report on high 100 vacation spot ports<\/em><\/figcaption><\/figure>\n<\/div>\n<p>For additional validation and quantification, we then queried Palo Alto Networks firewall logs in Splunk Enterprise Safety (ES). The Splunk question confirmed 3,626 scanning occasions between 2025\/08\/04 17:47:07 and 2025\/08\/04 18:20:29.<\/p>\n<p>Constant port counts additional validated automated scanning.<\/p>\n<h3 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-414b67f4dbd80a12bb51a540ea3b1700\" id=\"h-phase-4-culprit-identification\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Part_4_Perpetrator_Identification\"><\/span>Part 4: Perpetrator Identification<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Using our workforce\u2019s Slack Bot API, which is built-in with Palo Alto Cortex XSIAM, we had been capable of shortly determine the supply machine. This included its MAC tackle and hostname, and we pinpointed it as working instantly from the Black Hat coaching room, particularly \u2018Defending Enterprises \u2013 2025 Version\u2019:<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"446\" height=\"94\" data-lazy-type=\"image\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/09\/bhusa25_bh_training_room_mac.webp\" alt=\"\" class=\"lazy lazy-hidden wp-image-477504\"><noscript><img loading=\"lazy\" decoding=\"async\" width=\"446\" height=\"94\" src=\"https:\/\/storage.googleapis.com\/blogs-images-new\/ciscoblogs\/1\/2025\/09\/bhusa25_bh_training_room_mac.webp\" alt=\"\" class=\"wp-image-477504\"><\/noscript><\/figure>\n<\/div>\n<p>Lastly, we had been capable of seize the total PCAP of the visitors as further proof, utilizing our full packet seize software, Endace Imaginative and prescient. This investigation confirmed that the unauthorized scanning originated from a pupil in a coaching room. The offender was shortly recognized and instructed to stop the exercise. The incident was then closed, with continued monitoring of the coaching room and its contributors.<\/p>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-23e1708b7fd8f650f5e35975ea27bac5\" id=\"h-potential-risks-highlighted-by-the-incident\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Potential_Dangers_Highlighted_by_the_Incident\"><\/span>Potential Dangers Highlighted by the Incident<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul class=\"wp-block-list\">\n<li><strong>Reputational Injury: <\/strong>Such incidents can injury the popularity of Black Hat as a premier cybersecurity occasion, eroding belief amongst contributors, companions, and the broader safety group.<\/li>\n<li><strong>Facilitating illegal Exercise: <\/strong>Extra critically, if left unchecked, these actions may result in Black Hat infrastructure being leveraged for illegal exercise towards exterior third events, doubtlessly leading to authorized repercussions and extreme operational disruptions. Swift detection and remediation are important to uphold belief and stop such outcomes.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-3fb64e78a170b800fb0189102b5d3bfa\" id=\"h-resolution-and-key-takeaways-enforcing-policy-and-the-value-of-swift-action\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"Decision_and_Key_Takeaways_Implementing_Coverage_and_the_Worth_of_Swift_Motion\"><\/span>Decision and Key Takeaways: Implementing Coverage and the Worth of Swift Motion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The investigation confirmed unauthorized scanning originating by a pupil. Following this, the offender was shortly recognized and made to stop the exercise. The incident was closed, with continued monitoring of the coaching room.<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>The Criticality of Early Detection:<\/strong> This case exemplifies the worth of detecting adversarial exercise on the Reconnaissance part (TA0043) by way of strategies like Lively Scanning (T1595). By figuring out and addressing this habits early, we prevented potential escalation to extra damaging ways towards an exterior goal.<\/li>\n<li><strong>Built-in Tooling:<\/strong> The seamless integration of Cisco XDR, Cisco Umbrella, Cisco FMC, Splunk ES, Slack API integration, Endace Imaginative and prescient and Palo Alto Cortex XSIAM enabled speedy detection, detailed evaluation, and exact attribution.<\/li>\n<li><strong>Vigilance in Coaching Environments:<\/strong> Even in managed, instructional settings like Black Hat, steady monitoring and swift response are paramount. The dynamic nature of such environments necessitates strong safety controls to forestall misuse and preserve community integrity.<\/li>\n<li><strong>Coverage Enforcement:<\/strong> Clear communication and constant enforcement of community utilization insurance policies are important to handle expectations and stop unauthorized actions, whether or not intentional or experimental.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-601fc967ba8ffe470ed937faf32c2064\" id=\"h-about-black-hat\" style=\"font-style:normal;font-weight:400\"><span class=\"ez-toc-section\" id=\"About_Black_Hat\"><\/span>About Black Hat<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Black Hat is the cybersecurity business\u2019s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, improvement, and developments. Pushed by the wants of the group, Black Hat occasions showcase content material instantly from the group by Briefings shows, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and educational disciplines convene to collaborate, community, and focus on the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in the USA, Canada, Europe, Center East and Africa, and Asia. For extra data, please go to <a href=\"http:\/\/www.blackhat.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">the Black Hat web site<\/a>.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<p class=\"has-text-align-center\"><em>We\u2019d love to listen to what you suppose! Ask a query and keep related with Cisco Safety on social media.<\/em><\/p>\n<p class=\"has-text-align-center\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-cisco-green-color\">Cisco Safety Social Media<\/mark><\/strong><\/p>\n<p class=\"has-text-align-center\"><a href=\"https:\/\/www.linkedin.com\/showcase\/cisco-secure\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a><br \/><a href=\"https:\/\/www.facebook.com\/ciscosecure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Fb<\/a><br \/><a href=\"https:\/\/www.instagram.com\/Ciscosecurity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Instagram<\/a><br \/><a href=\"https:\/\/twitter.com\/CiscoSecure\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a><\/p>\n<p>Share:<\/p>\n<p>\n  \t<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><script async defer src=\"https:\/\/platform.instagram.com\/en_US\/embeds.js\"><\/script><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Background: The Distinctive Panorama of the Black Hat NOC Working the Black Hat Safety and Community Operations Middle (NOC) presents a singular set of challenges and expectations. In contrast to a typical company atmosphere the place any hacking exercise is instantly deemed malicious, the Black Hat convention is a nexus for cybersecurity analysis, coaching, and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13500,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-13498","post","type-post","status-publish","format-standard","has-post-thumbnail","category-cloud-computing"],"_links":{"self":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/13498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13498"}],"version-history":[{"count":1,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/13498\/revisions"}],"predecessor-version":[{"id":13499,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/13498\/revisions\/13499"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/media\/13500"}],"wp:attachment":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}