{"id":218165,"date":"2018-11-13T15:17:40","date_gmt":"2018-11-13T14:17:40","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=218165"},"modified":"2018-11-13T15:17:40","modified_gmt":"2018-11-13T14:17:40","slug":"azure-unsecure-development-practice-ftp-credentials-leakage","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/azure-unsecure-development-practice-ftp-credentials-leakage\/","title":{"rendered":"[Azure] Unsecure development practice: FTP credentials leakage"},"content":{"rendered":"

During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites<\/em><\/a> platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.<\/p>\n

According to our Cyber Threat Intelligence<\/em><\/a> cell, over a thousand access credentials are publicly available on GitHub<\/em><\/a>, Pastebin<\/em><\/a> and other code or file hosting services.<\/p>\n

Context<\/h2>\n

Tea Microsoft Azure Web Sites<\/em> service allows to generate and export a PublishSettings<\/em> configuration file that can be imported into PowerShell or Visual Studio, in order to facilitate the application administration in a continuous development logic. It allows these applications to make requests to the Azure API without manual authentication procedures. This file content is very critical because it contains some sensitive data, including FTP server access and MSDeploy<\/em> credentials.<\/p>\n

File obtaining<\/h2>\n

Tea PublishSettings<\/em> file can be downloaded from the Web application resource page on the Azure portal:<\/p>\n

\"\"<\/p>\n

Figure 1: How to download the PublishSettings file<\/p>\n<\/div>\n

 <\/p>\n

We then obtain a file named $siteName.PublishSettings<\/em> containing credentials which allow to access to the MSDeploy<\/em> deployment server (in orange) and the FTP server (in blue):<\/p>\n

\"\"<\/p>\n

Figure 2: poc-eval-****.PublishSettings file<\/p>\n<\/div>\n

 <\/p>\n

Compromise<\/h2>\n

We could notice that the PublishSettings<\/em> file is often added to the source code of the project so all the players in the development chain (development teams, cybersecurity auditor, quality engineers, etc.) will have it and be aware of its sensitive content. In the most critical cases, it is published on online services such as GitHub<\/em><\/a> or in the website directory (although Azure<\/em>, by default, forbids access to this file type from the browser), thus allowing an attacker to access and use the sensitive information stored there.<\/p>\n

Let us assume that we got the PublishSettings<\/em> file presented in the previous part. All we have to do is follow the publishUrl<\/em> links and enter the corresponding credentials.<\/p>\n

For example, we can connect to the FTP server and access the source code:<\/p>\n

\"\"<\/p>\n

Figure 3: FTP server connection<\/p>\n<\/div>\n

 <\/p>\n

We can also add or delete files. Below, we deleted index.html and added poc_ftp.html:<\/p>\n

\"\"<\/p>\n

Figure 4: FTP content editing\/removing<\/p>\n<\/div>\n

 <\/p>\n

The poc_ftp.html file is actually available on the Web application:<\/p>\n

\"\"<\/p>\n

Figure 5: Access to the poc_ftp.html file through a web browser<\/p>\n<\/div>\n

 <\/p>\n

It is possible to execute system commands by dropping a webshell:<\/p>\n

\"\"<\/p>\n

Figure 6: Windows commands execution<\/p>\n<\/div>\n

 <\/p>\n

Finally, we can access the application logs:<\/p>\n

\"\"<\/p>\n

Figure 7: Logs downloading<\/p>\n<\/div>\n

 <\/p>\n

 <\/p>\n

This log file contains the requests made to the Web server. Below we find the GET request we made to the server to access the poc_eval.html<\/em> file:<\/p>\n

\"\"<\/p>\n

Figure 8: Web server logs reading<\/p>\n<\/div>\n

 <\/p>\n

 <\/p>\n

Many other log files are stored on the FTP server: system logs that contain information about the operating system, application logs that contain the output of debug functions or extension logs displaying the name and version of installed plugins.<\/p>\n

Recommendations<\/h2>\n

As this file content is particularly sensitive and unencrypted, special attention should be paid to the permissions applied to it and the opportunities of being read by an illegitimate third party.<\/p>\n

Intrinsec recommends the following practices:<\/p>\n

    \n
  • Do not save the PublishSettings file in the project directory;<\/li>\n
  • Delete the file once it has been imported;<\/li>\n
  • Set up unit tests in the continuous integration chain to check the absence of PublishSettings files in published directories; ;<\/li>\n
  • Include this check in the tests performed by your vulnerability scanners;<\/li>\n
  • Consider a specific use case in detection strategies for the different stakeholders in the development chain;<\/li>\n
  • Monitor the leakage or exposure of such documents;<\/li>\n
  • Communicate with development teams on the good practices outlined above.<\/li>\n<\/ul>\n

     <\/p>","protected":false},"excerpt":{"rendered":"

    During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web [\u2026]<\/p>","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-218165","post","type-post","status-publish","format-standard","hentry","category-veille-securite"],"yoast_head":"\nIntrinsec - [Azure] Unsecure development practice: FTP credentials leakage<\/title>\n<meta name=\"description\" content=\"During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/azure-unsecure-development-practice-ftp-credentials-leakage\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"[Azure] Unsecure development practice: FTP credentials leakage\" \/>\n<meta property=\"og:description\" content=\"During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/azure-unsecure-development-practice-ftp-credentials-leakage\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-13T14:17:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2018\/05\/publishsettings_1.png\" \/>\n<meta name=\"author\" content=\"Adrien Bouteiller\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adrien Bouteiller\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/\"},\"author\":{\"name\":\"Adrien Bouteiller\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/f66452546f5761d26bb4c6dfa4d9d1e6\"},\"headline\":\"[Azure] Unsecure development practice: FTP credentials leakage\",\"datePublished\":\"2018-11-13T14:17:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/\"},\"wordCount\":626,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/publishsettings_1.png\",\"articleSection\":[\"Veille S\u00e9curit\u00e9\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/\",\"name\":\"Intrinsec - [Azure] Unsecure development practice: FTP credentials leakage\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/publishsettings_1.png\",\"datePublished\":\"2018-11-13T14:17:40+00:00\",\"description\":\"During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/publishsettings_1.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/publishsettings_1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-unsecure-development-practice-ftp-credentials-leakage\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"[Azure] Unsecure development practice: FTP credentials leakage\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/f66452546f5761d26bb4c6dfa4d9d1e6\",\"name\":\"Adrien Bouteiller\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"caption\":\"Adrien Bouteiller\"},\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/adrien-bouteiller\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Intrinsec - [Azure] Unsecure development practice: FTP credentials leakage","description":"During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/azure-unsecure-development-practice-ftp-credentials-leakage\/","og_locale":"en_US","og_type":"article","og_title":"[Azure] Unsecure development practice: FTP credentials leakage","og_description":"During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.","og_url":"https:\/\/www.intrinsec.com\/en\/azure-unsecure-development-practice-ftp-credentials-leakage\/","og_site_name":"INTRINSEC","article_published_time":"2018-11-13T14:17:40+00:00","og_image":[{"url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2018\/05\/publishsettings_1.png","type":"","width":"","height":""}],"author":"Adrien Bouteiller","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Adrien Bouteiller","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/"},"author":{"name":"Adrien Bouteiller","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/f66452546f5761d26bb4c6dfa4d9d1e6"},"headline":"[Azure] Unsecure development practice: FTP credentials leakage","datePublished":"2018-11-13T14:17:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/"},"wordCount":626,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2018\/05\/publishsettings_1.png","articleSection":["Veille S\u00e9curit\u00e9"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/","url":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/","name":"Intrinsec - [Azure] Unsecure development practice: FTP credentials leakage","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2018\/05\/publishsettings_1.png","datePublished":"2018-11-13T14:17:40+00:00","description":"During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#primaryimage","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2018\/05\/publishsettings_1.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2018\/05\/publishsettings_1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/azure-unsecure-development-practice-ftp-credentials-leakage\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"[Azure] Unsecure development practice: FTP credentials leakage"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/f66452546f5761d26bb4c6dfa4d9d1e6","name":"Adrien Bouteiller","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","caption":"Adrien Bouteiller"},"url":"https:\/\/www.intrinsec.com\/en\/author\/adrien-bouteiller\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/218165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=218165"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/218165\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=218165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=218165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=218165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}