\nGartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native architectures, introducing new layers of complexity and risk. One often-overlooked but serious threat in these environments is the Cross-Service Confused Deputy Attack, which can expose critical services through unintended trust relationships among cloud components.<\/p>\n
Below, we\u2019ll explore how this attack can manifest in AWS services like AWS Elastic Load Balancing (ELB) logging configurations, analyze the underlying vulnerability, map it to relevant MITRE ATT&CK tactics, and outline comprehensive strategies for mitigation and prevention.<\/p>\n
## **Understanding Cross-Service Confused Deputy Attack**<\/p>\n
In cloud environments, services often interact across accounts and boundaries. Misconfigurations or overly permissive trust policies can expose systems to unauthorized access or unintended data flows.<\/p>\n
A **Cross-Service Confused Deputy Attack** occurs when a trusted service (the “deputy”) is tricked into performing actions on behalf of an untrusted principal, often due to misconfigured or insufficiently scoped permissions. This class of vulnerability is particularly insidious because the malicious action is executed by a trusted AWS service, bypassing basic access controls.<\/p>\n
One example of a Cross-Service Confused Deputy Attack involves CloudTrail, an AWS service that records all activity across an organization\u2019s AWS environment. These logs are important for regulatory audits and security assessments; however, the tool can also be exploited by attackers if permissions aren\u2019t carefully governed.<\/p>\n
CloudTrail’s logging feature can be used to write logs into a victim’s S3 bucket if the instance lacks account-specific condition keys. Because the service itself is authorized, AWS assumes the action is legitimate, even if a malicious actor initiated it.<\/p>\n
Key points to consider:<\/p>\n
* The attack abuses legitimate AWS service integrations.
* It often bypasses traditional permission boundaries.
* It can be hard to detect, as logs and actions are attributed to trusted services.<\/p>\n
Understanding this type of attack is vital for building secure cloud architectures that assume trust boundaries can be blurred, if not explicitly enforced.<\/p>\n
## **In-depth Example: AWS ELB and Logging to S3**<\/p>\n
Another common (and often overlooked) place this attack arises is AWS Elastic Load Balancing (ELB). Much like CloudTrail, AWS ELB can be configured to store access logs in Amazon S3 buckets for auditing and monitoring. This feature is particularly useful when aggregating logs from multiple services or accounts into a centralized audit account. To enable ELB logging, a specific bucket policy must be attached that permits the ELB service to write to the bucket. This process typically uses either a service principal (like logdelivery.elasticloadbalancing.amazonaws.com) or a region-specific AWS account ID.<\/p>\n
### **Example Bucket Policy (Service Principal)** :<\/p>\n
To understand where the risk lies, it’s helpful to look at how ELB logging permissions are typically configured. Here\u2019s a common bucket policy that allows the ELB service to write logs to an S3 bucket:<\/p>\n
<\/p>\n
## **Attack Analysis and Observation**<\/p>\n
While seemingly straightforward, the configuration above can introduce a **confused deputy problem**. The flaw lies in overly permissive bucket policies that do not restrict requests to originate from a specific AWS account. As a result, any AWS account could configure ELB to write logs to a bucket they do not own if they know the bucket name and the path structure.<\/p>\n
This makes it possible for malicious actors to abuse AWS ELB to deliver logs (and thus write data) to a victim’s S3 bucket, a textbook **Cross-Service Confused Deputy Attack**.<\/p>\n
## **Potential Attack Path**<\/p>\n
**STEP 1:** The victim sets up an S3 bucket for ELB logging with a generic bucket policy allowing logdelivery.elasticloadbalancing.amazonaws.com.<\/p>\n
**STEP 2:** An attacker using another AWS account configures their ELB to write logs to the victim’s bucket.<\/p>\n
**STEP 3:** AWS ELB service acts as a deputy and writes logs into the victim’s bucket under AWSLogs\/\/\u2026.<\/p>\n**STEP 4:** Data written by the attacker may include misleading or malicious content, polluting logs, or wasting storage.<\/p>\n
Source: AWS Documentation<\/p>\n
## **MITRE ATT &CK Framework Mapping**<\/p>\n
To help teams classify and respond to a Cross-Service Confused Deputy attack, we\u2019ve mapped them to relevant information in the MITRE ATT&CK Framework. These mappings provide additional context and support for detection and defense efforts:<\/p>\n
### T1530 \u2013 Data from Cloud Storage Object<\/p>\n
Even though this attack only writes to a victim\u2019s S3 bucket, if misconfigured, it may eventually allow read-back or manipulation of logs, which means attackers could hide their activity, mislead forensic investigations, or exfiltrate sensitive data.<\/p>\n
### T1190 \u2013 Exploit a Public-Facing Application<\/p>\n
If the attacker identifies a flaw in the ELB logging mechanism, it could be combined with public endpoints to trigger unexpected behavior.<\/p>\n
### T1560.001 \u2013 Archive Collected Data: Archive via Utility<\/p>\n
While not a direct match, if logs from multiple accounts are aggregated, an attacker may use this to exfiltrate or hide data in victim buckets.<\/p>\n
### T1659 \u2013 Content Injection<\/p>\n
Attackers can use the ELB logging mechanism to insert unauthorized or misleading log data into a victim\u2019s S3 bucket.<\/p>\n
## **Impact of Potential Attack**<\/p>\n
While the impact of a Cross-Service Confused Deputy Attack may seem limited, it can have far-reaching consequences. This subtle manipulation can undermine the business\u2019s security functions, increase operational expenses, and hinder the ability to meet compliance requirements.<\/p>\n
Potential negative outcomes include:<\/p>\n
* **Deceptive Logging:** Altering log integrity can hinder forensic analysis.
* **Storage Bloat:** The victim’s S3 storage may incur unexpected costs due to unauthorized or excessive log data.
* **Compliance Risks:** Undocumented log entries from unverified sources can lead to violations of regulatory or internal compliance standards.
* **Denial of Audit:** Loss of log fidelity can disrupt audits and incident response.<\/p>\n
## **Strategies for Defending Against Cross-Service Confused Deputy Attacks**<\/p>\n
Fortunately, effective defenses against Cross-Service Confused Deputy Attacks can be achieved with a multi-layer security strategy. By implementing granular user permissions policies, strong data protections, and company-wide security best practices, developers can safeguard critical assets.<\/p>\n
### **1\\. Secure Resource Policies and Identity and Access Management (IAM) Conditions**<\/p>\n
By prioritizing identity and access management best practices, you can control who can access and write logs to your S3 bucket.<\/p>\n
#### Use Strict Resource ARNs<\/p>\n
Always define precise Acquirer Reference Numbers (ARNs) in your bucket policy to narrow the allowed write path. This ensures only the intended logs are written and prevents abuse from other AWS accounts.<\/p>\n
Example: “arn:aws:s3:::my-bucket\/AWSLogs\/111122223333\/*”<\/p>\n
#### Enforce aws:SourceAccount Condition<\/p>\n
Add a condition to your bucket policy to validate that the request was initiated by your account, blocking unauthorized cross-account service interactions.<\/p>\n
Example: “Condition”: { “StringEquals”: { “aws:SourceAccount”: “111122223333” } }<\/p>\n
#### Apply the Least Privilege Principle<\/p>\n
Avoid using broad permissions, such as s3:* or wildcards, in Resource. Grant only the required s3:PutObject permission to the ELB service.<\/p>\n
<\/p>\n
### **2\\. Data Protection and Logging Integrity**<\/p>\n
Protecting the data logs and the storage container itself adds another layer of defense against Cross-Service Confused Deputy Attacks.<\/p>\n
#### Enable Encryption<\/p>\n
Use Amazon\u2019s server-side encryption, SSE-KMS, to encrypt log files at rest. Also, ensure that logs are transmitted securely via HTTPS.<\/p>\n
#### Use S3 Object Lock<\/p>\n
Activate Object Lock in compliance or governance mode to make log objects immutable, which protects against tampering or accidental deletion.<\/p>\n
#### Monitor Bucket Activity<\/p>\n
Leverage AWS CloudTrail, CloudWatch, and Amazon GuardDuty to monitor access patterns. Set alerts for unusual write attempts or unknown service principals.<\/p>\n
#### Enforce Secure S3 Defaults<\/p>\n
AWS provides settings to block overly permissive access by default. The following configuration checks help ensure your buckets are protected from common misconfigurations:<\/p>\n
* CID-59 Ensure Block new public bucket policies for a bucket is set to true.
* CID-379 Ensure S3 bucket must not allow WRITE permission for server access logs from everyone on the bucket.
* CID-60 Ensure that Block public and cross-account access if bucket has public policies for bucket is set to true.
* CID-61 Ensure block new public Access Control Lists (ACLs) and uploading public objects for a bucket is set to true.
* CID-63 Ensure Block new public bucket policies for an account is set to true.<\/p>\n
### **3\\. Preventive Controls and Operational Practices**<\/p>\n
By thoroughly documenting and testing your security controls, you can contribute to the organization\u2019s overall security hygiene.<\/p>\n
#### Test and Verify IAM Policies<\/p>\n
Use identity and access management tools, like AWS\u2019s IAM Access Analyzer, and policy simulators to detect overly permissive or misconfigured policies before they\u2019re deployed.<\/p>\n
#### Document and Automate Best Practices<\/p>\n
Embed secure configuration patterns into infrastructure-as-code (IaC) templates. Update internal documentation and onboarding materials so new team members follow these practices from day one.<\/p>\n
#### Audit Third-Party Integrations<\/p>\n
Review and validate IAM roles granted to third-party services to ensure they comply with internal security baselines and don\u2019t introduce escalation paths.<\/p>\n
#### Harden S3 Buckets for Logging Security<\/p>\n
To ensure the integrity of your logging infrastructure, enable the following security settings across your S3 buckets:<\/p>\n
* CID-57 Ensure S3 Bucket Policy is set to deny HTTP requests
* CID-67 Ensure all S3 buckets employ encryption-at-rest
* CID-47 Ensure access logging is enabled for S3 buckets<\/p>\n
## **Granularity and Precision: Secure by Design**<\/p>\n
Cross-Service Confused Deputy Attacks highlight the importance of granular IAM controls, policy precision, and cloud-native security best practices. AWS ELB\u2019s logging capability, while valuable, can become a vector for misuse if not properly secured. By enforcing condition keys, path restrictions, and vigilant monitoring, you can effectively mitigate these threats and ensure your likely growing cloud infrastructure remains secure and auditable.<\/p>\n
Understanding the nuance of service integrations and trust boundaries is key in today’s interconnected cloud environments. As always, secure by design is the best strategy for managing the associated risks.<\/p>\n
To learn more about preventing Cross-Service Confused Deputy Attacks, talk to a Qualys expert today.<\/p>\n
### References: <\/p>\n
AWS doc explaining attack\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks Update ID QUALYSBLOG:869870BD4BDC46B0417EC3DC9F22C7A1 Type qualysblog Published 2025-07-24T18:36:50 Last Updated 2025-07-24T18:36:50 Security…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,120,7,11,5],"class_list":["post-8899","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=8899\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks Update ID QUALYSBLOG:869870BD4BDC46B0417EC3DC9F22C7A1 Type qualysblog Published 2025-07-24T18:36:50 Last Updated 2025-07-24T18:36:50 Security...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=8899\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-24T15:41:59+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8899#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8899\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks\",\"datePublished\":\"2025-07-24T15:41:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8899\"},\"wordCount\":1658,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"qualysblog\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=8899#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8899\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8899\",\"name\":\"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-24T15:41:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8899#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=8899\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8899#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=8899","og_locale":"en_US","og_type":"article","og_title":"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks - zero redgem","og_description":"Security Update News Update Information Title Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks Update ID QUALYSBLOG:869870BD4BDC46B0417EC3DC9F22C7A1 Type qualysblog Published 2025-07-24T18:36:50 Last Updated 2025-07-24T18:36:50 Security...","og_url":"https:\/\/zero.redgem.net\/?p=8899","og_site_name":"zero redgem","article_published_time":"2025-07-24T15:41:59+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=8899#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=8899"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks","datePublished":"2025-07-24T15:41:59+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=8899"},"wordCount":1658,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","qualysblog","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=8899#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=8899","url":"https:\/\/zero.redgem.net\/?p=8899","name":"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-24T15:41:59+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=8899#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=8899"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=8899#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/8899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8899"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/8899\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}