\n<\/p>\n
### Introduction<\/p>\n
Over the years we have been fortunate to have been called upon to help with some challenging investigations. iPhone prize scams, ransomware attacks that weren’t, aiding the Steele Dossier case, and even a fraudulent \u20ac14 million transfer.<\/p>\n
Here we’ve picked out the most interesting ones, showing what our DFIR team can do, and continues to do, day in, day out\u2026<\/p>\n
### Claydon\u2019s fraud<\/p>\n
An elderly resident from a village near our HQ was targeted by fraudsters posing as her bank\u2019s fraud team. She contacted us when something felt \u201coff\u201d about their questions. Our investigation revealed a detail only her bank\u2019s fraud team could have known: the transaction number from a prior support call. This pointed to an insider leak. With our help, she challenged the bank, which refunded her entire savings.<\/p>\n
### BBC Rip Off Britain<\/p>\n
We assisted a victim featured on the BBC\u2019s One Show whose phone had been compromised. Using mobile forensics, we identified a malicious APK disguised as a photo editor. It captured keystrokes and screenshots, recording credentials as the victim logged into their bank. Our report led to a full refund and aired on national television, raising public awareness of mobile malware.<\/p>\n
### Panama Papers \/ Port of Antwerp<\/p>\n
Working with the investigative journalists behind the Panama Papers, we uncovered a smuggling operation using compromised port workers and automated systems at the Port of Antwerp. Our maritime expertise helped reveal how traffickers flagged containers for \u201crandom\u201d inspection diversion. Our findings contributed to multiple arrests and systemic changes in European port security.<\/p>\n
### The Steele Dossier<\/p>\n
During our forensic investigation for Orbis Business Intelligence, we analysed a set of encrypted laptops linked to the Steele Dossier. Among the deleted partitions, we recovered fragments of draft intelligence memos and encrypted comms between multiple intermediaries. Our evidence now forms part of the public record in the related legal proceedings.<\/p>\n
### \u20ac14 Million Theft \u2014 Madrid to Hong Kong<\/p>\n
An employee at a multinational firm in Madrid was manipulated over WhatsApp by an Organised Crime Group (OCG) posing as senior executives. Over four days, they orchestrated a \u20ac14 million transfer to Hong Kong. We were deployed to Madrid, where we forensically imaged the employee\u2019s devices. Our analysis proved they\u2019d been socially engineered using deepfake voice calls and spoofed emails, exonerating the staff member and aiding in Interpol\u2019s ongoing investigation.<\/p>\n
### Azerbijan\u2019s Arabian Ghost \u2013 The annual climate change conference that nearly didn\u2019t happen<\/p>\n
The hacker group “Arabian Ghost” claimed responsibility for cyberattacks targeting several Azerbaijani government websites and telecommunication sites (Critical National Infrastructure). PTP were flown in and worked over 3 weeks straight. These attacks were successfully neutralised without any disruptions to government information systems.<\/p>\n
### The University Prize Scam<\/p>\n
A student thought they\u2019d won an iPhone 13. In reality, they were handed a pre-compromised device by an attacker posing as university staff. After a suspicious call claiming to \u201cverify banking details\u201d, the victim lost a five-figure sum. Our investigation revealed spyware with call-forwarding and banking credential capture, likely installed via custom firmware on the device.<\/p>\n
### Fleet Management \u2013 BEC Investigation<\/p>\n
A phishing email led to a Business Email Compromise (BEC) at a vehicle leasing firm. We traced the attack to a fake Microsoft login page which harvested credentials. Our telemetry showed over 500 outbound spam messages attempted within one minute. Defender halted the spread, and we rebuilt their Azure policies with Conditional Access and OAuth protection to prevent recurrence.<\/p>\n
### The Billing System Breach<\/p>\n
A pair of aviation systems in the Caribbean went down simultaneously. The client suspected their vendor. Our network analysis showed outbound traffic to DigitalOcean IPs, and forensic artefacts proved a backdoor had been installed via a custom DLL update. This likely came from a compromised developer pipeline. We advised regulatory reporting and application rebuilding.<\/p>\n
### Apache Server C2 to Russia<\/p>\n
An on-prem Apache server was quietly beaconing out to a C2 server in Russia. Hidden in a deprecated file sharing service, we found a web shell disguised as a PDF generator. This server had evaded detection due to a WAF misconfiguration. We helped transition to CloudFlare, patch legacy systems, and perform a full compromise assessment.<\/p>\n
### Project Winter \u2014 Lynx Ransomware<\/p>\n
An extortion threat hit a large financial automation firm. The attackers presented proof pack material including screenshots and internal emails. We traced the entry to an outdated Ivanti VPN, correlated DNS to malware domains (like iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com), and observed 7zip activity linked to data staging. Our rapid response contained the threat, isolated infected servers, and confirmed that no critical data had been leaked \u2014 despite ominous warnings from the attackers.<\/p>\n
### The Forgotten Laptop \u2014HR Leak<\/p>\n
An ex-employee\u2019s account was left active for five months after termination. During that time, they remotely accessed the company\u2019s Google Workspace from an AWS-hosted IP, quietly exfiltrating over 2,800 sensitive HR documents. We pinpointed the activity window using Google audit logs and recovered evidence from a long-forgotten company laptop that was finally returned three weeks after we were engaged. HR processes were rebuilt from scratch post-incident.<\/p>\n
### The Curious Case of DT11349 \u2014 Malware Masquerade<\/p>\n
A graphic designer\u2019s desktop, was behaving oddly. We discovered code.exe sitting in C:\\Windows\\Tasks, a location requiring admin rights. The binary was masquerading as Visual Studio Code but had been used to tunnel traffic at 4 a.m. on a public holiday. Our timeline analysis showed log wiping, lateral movement, and persistence attempts via scheduled tasks. This was no ordinary infection \u2014 we believe it was a foothold by a red team gone rogue, or worse, a nation-state actor testing persistence techniques.<\/p>\n
### Midnight at the Data Centre \u2014 HR\u2019s Laptop Strikes Back<\/p>\n
We traced a suspicious connection from an HR staff laptop at 3 a.m., linking to multiple internal assets including the Active Directory controller. The user claimed to have been asleep. Forensics showed the system powered down at 16:52 and came back online during the window \u2014 a physical intrusion? Later, analysis uncovered signs of time stomping and spoofed hostnames. We recommended badge system and CCTV correlation. Client’s internal security team had missed the connection.<\/p>\n
### The Exchange Whisperer<\/p>\n
A critical Exchange server was found to be leaking Outlook Web Access data via IIS logs. We confirmed the attacker was using legitimate accounts at odd hours, scripting keep-alive requests and mimicking admin behaviour. A custom 7z archive operation was spotted during our CrowdStrike review, staging a full dump of internal mailboxes. We named the attacker internally “The Whisperer” for their quiet, methodical behaviour. The client quietly rearchitected their mail infrastructure.<\/p>\n
### The Ransomware That Never Was<\/p>\n
We isolated a server after it began compressing huge volumes of internal records using 7za.exe. All signs pointed to ransomware staging \u2014 except for one anomaly: no encryption ever took place. Our review revealed this was a panicked junior sysadmin, archiving data for a hardware swap using tools he’d downloaded without approval. Ironically, the containment response delayed the actual migration project by three weeks \u2014 but the team gained priceless incident response practice.<\/p>\n
### Phone, Malware, Action \u2014 Prize winner Setup<\/p>\n
In a case eerily reminiscent of a \u201cprize scam\u201d, a second victim reported receiving a phone \u201cwon\u201d through a social media competition. We imaged the iPhone and discovered an off-market configuration profile that silently installed a remote MDM profile. This granted the attacker root certificate access and complete visibility. Our report was passed to the NCSC. We suspect the devices were distributed via a Telegram-based fraud group running in eastern Europe.<\/p>\n
### Ghost in the VPN<\/p>\n
Multiple remote desktop sessions were traced back to what we thought were legitimate users. A deeper dive revealed VPN sessions initiated from residential IPs that had never been used before. Logs were missing for a 20-day period \u2014 later discovered to be linked to exploitation of a zero-day in a VPN vendor\u2019s client software. We helped the client rotate all access credentials and implement a certificate-based mutual auth system. The compromise might otherwise have persisted for months undetected.<\/p>\n
### The \u00a31 Million That Wasn\u2019t \u2014 Spoofed Invoice Recovery<\/p>\n
A UK supplier to a maritime transport firm narrowly avoided a \u00a31 million loss after receiving what looked like a routine invoice from their regular subcontractor. We were brought in just in time. Our analysis showed the attacker had sat in the firm\u2019s mailbox for weeks, watching and learning invoice formats, tone, and email threads. Thanks to a forensic header analysis and timestamp mismatches, we built a case that stopped the transaction hours before release. The bank credited our report as critical to the freeze order.<\/p>\n
### The Phantom Developer \u2014 Silent Saboteur<\/p>\n
Two custom applications for the Jamaican civil aviation authority failed simultaneously. Wireshark logs showed outbound traffic to DigitalOcean \u2014 a red flag. Our investigation revealed a DLL sideloaded into the billing software by a third-party developer. It wasn’t malware \u2014 it was surveillance. The intent was to keep a backdoor open while their contract negotiations dragged on. We advised termination and rolled out behavioural monitoring across all client apps.<\/p>\n
### Operation Piece Fifteen \u2014 The Code in the Tasks Folder<\/p>\n
We were called in after NCSC flagged suspicious activity on a workstation in a government organisation. We found code.exe running from C:\\Windows\\Tasks \u2014 a location that normally requires admin access. It was masquerading as Visual Studio Code but turned out to be a custom-built tunnelling utility. RDP sessions, log clearing, lateral movement to an Exchange server, and DNS beacons to fake update domains like iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com painted a picture of a well-planned breach. The attacker cleared their tracks so effectively that we suspect they had blue team experience.<\/p>\n
### The Ghost Employee \u2014 Google Drive Heist<\/p>\n
A terminated employee\u2019s account was left active for five months due to HR and IT misalignment. During this time, over 2,800 sensitive internal files were accessed via AWS-hosted infrastructure from the US. We reconstructed timelines using Google Workspace logs and built an evidentiary chain showing repeated credential use long after the employee\u2019s departure. No malware, no backdoors \u2014 just good old-fashioned failure of internal process and a very quiet data thief.<\/p>\n
### The Disappearing Logs and Extortion Threats<\/p>\n
A major financial services provider was warned of a potential data breach by the police. The attackers \u2014 believed to be the Lynx ransomware group \u2014 supplied screenshots and audio recordings of internal systems as part of a proof pack. When we were brought in, key VPN logs were missing. Our analysis revealed exploitation of an unpatched Ivanti Connect Secure appliance weeks earlier. The attackers had wiped logs and exfiltrated proof before triggering extortion. The client narrowly avoided a full-scale ransomware attack thanks to early detection and hard containment.<\/p>\n
### The Phisher Who Phoned It In \u2014 University Email Compromise<\/p>\n
A university staff member clicked a link claiming to contain a \u201csecure document.\u201d It redirected to a fake Microsoft login. Hours later, Microsoft Defender blocked the account as it attempted to send 500 phishing emails. We followed the trail through Microsoft 365 logs and found a forwarding rule routing emails to an obscure Gmail address. MFA hadn\u2019t been enforced for the user, despite holding Global Admin privileges. A lesson in assumptions \u2014 and why you don\u2019t wait for licensing to enforce security basics.<\/p>\n
### The Mislabelled Device \u2014 Forensics on the Wrong Host<\/p>\n
We were analysing an HR laptop suspected of being used in a breach. All indicators pointed to it \u2014 except when we dug into system logs, we found it had been powered off at the time of the attack. No matching user account, no RDP sessions, no registry changes. It turns out a hostname mapping error in the SIEM had misidentified the device. The real attacker was on a system three doors down, which we isolated just in time. SIEM misconfiguration can be just as dangerous as no SIEM at all.<\/p>\n
### The Billing Trojan<\/p>\n
A custom billing platform for an airspace regulator went dark on the same day a related personnel licensing system failed. Our forensic imaging showed both servers were communicating with the same external IPs, hosted on DigitalOcean \u2014 a telltale sign. Both apps had been developed by the same contractor, who had inserted call-home functionality disguised as DLL updates. The motive? Intellectual property protection \u2014 or so they claimed. We reported it as unauthorised remote access and helped the client rebuild from clean codebases.<\/p>\n
### The Archiver \u2014 False Alarm, Real Lessons<\/p>\n
A server flagged by CrowdStrike for ransomware-like activity turned out to be compressing files using 7za.exe \u2014 but not maliciously. It was a sysadmin archiving logs ahead of a planned migration, unaware his actions mimicked ransomware staging tactics. The incident highlighted a need for internal comms protocols during infrastructure changes. We turned the investigation into a tabletop exercise and used it to improve internal documentation, asset labelling, and EDR alert tuning.<\/p>\n
### The HR Honeypot \u2014 A Curious 3AM Link<\/p>\n
One of the strangest incidents began with an RDP session from an HR machine at 3:00 a.m. The user denied knowledge, and logs showed the device powered off before and after. We theorised a sleep\/wake attack via PXE boot or Wake-on-LAN misuse. Further inspection revealed the device had once been cloned by IT for imaging tests and had retained an old certificate chain. The real host was long decommissioned, but its digital ghost continued haunting the network \u2014 until we purged the orphaned asset completely.<\/p>\n
The post Our capabilities. A story about what we can achieve first appeared on Pen Test Partners.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Our capabilities. A story about what we can achieve Update ID PENTESTPARTNERS:915023CE903AF6DBBF3744A521BEE1ED Type pentestpartners Published 2025-05-27T05:17:06 Last Updated 2025-05-27T05:17:06…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,134,7,11,5],"class_list":["post-6004","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-pentestpartners","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Our capabilities. A story about what we can achieve - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6004\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Our capabilities. A story about what we can achieve - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Our capabilities. A story about what we can achieve Update ID PENTESTPARTNERS:915023CE903AF6DBBF3744A521BEE1ED Type pentestpartners Published 2025-05-27T05:17:06 Last Updated 2025-05-27T05:17:06...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6004\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-27T05:36:30+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6004#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6004\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Our capabilities. A story about what we can achieve\",\"datePublished\":\"2025-05-27T05:36:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6004\"},\"wordCount\":2277,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"pentestpartners\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6004#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6004\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6004\",\"name\":\"Our capabilities. A story about what we can achieve - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-27T05:36:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6004#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6004\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6004#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Our capabilities. A story about what we can achieve\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Our capabilities. A story about what we can achieve - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6004","og_locale":"en_US","og_type":"article","og_title":"Our capabilities. A story about what we can achieve - zero redgem","og_description":"Security Update News Update Information Title Our capabilities. A story about what we can achieve Update ID PENTESTPARTNERS:915023CE903AF6DBBF3744A521BEE1ED Type pentestpartners Published 2025-05-27T05:17:06 Last Updated 2025-05-27T05:17:06...","og_url":"https:\/\/zero.redgem.net\/?p=6004","og_site_name":"zero redgem","article_published_time":"2025-05-27T05:36:30+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6004#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6004"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Our capabilities. A story about what we can achieve","datePublished":"2025-05-27T05:36:30+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6004"},"wordCount":2277,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","pentestpartners","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6004#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6004","url":"https:\/\/zero.redgem.net\/?p=6004","name":"Our capabilities. A story about what we can achieve - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-27T05:36:30+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6004#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6004"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6004#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Our capabilities. A story about what we can achieve"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6004"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6004\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}