{"id":3827,"date":"2026-06-24T07:03:51","date_gmt":"2026-06-24T07:03:51","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/"},"modified":"2026-06-24T07:03:51","modified_gmt":"2026-06-24T07:03:51","slug":"linux-process-name-masquerading-wed-jun-24th","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/","title":{"rendered":"Linux Process Name Masquerading, (Wed, Jun 24th)"},"content":{"rendered":"
\n

In a previous diary, I talked about stack strings[1<\/a>] with a practical example of them. Since my SEC670 class, I\u2019m even more interested\u00a0in malware obfuscation techniques. I had\u00a0a look at process names. When you list running processes on a computer, can you trust what you see? If you’re facing a rootkit, malicious processes can be simply hidden (the API calls or commands to list processed have been tampered). But a malicious process\u00a0can also mimic a non-suspicious name by masquerading their name. This technique (T1036 in the MITRE ATT&CK framework[2<\/a>]) has been used by attackers in many campaigns. A good example of the Velvet Ant Chinese group[3<\/a>]. The goal is to hide the \u201cmalware\u201d process name by replacing it with something\u00a0that won\u2019t attract the Security Analyst\u2019s eyes or defeat security controls.<\/p>\n

First of all, you need to remember that the process name can be stored in different locations:<\/p>\n

In \/proc\/<pid>\/comm: This file contains the process name (max 15 characters). This is what the default \u2018ps\u2019 and \u2018top\u2019 commands show. Example:<\/p>\n

\nremnux@remnux:~$ pgrep container\n855\nremnux@remnux:~$ cat \/proc\/855\/comm\ncontainerd<\/pre>\n
In \/proc\/<pid>\/cmdline: \u00a0We find the full command line (read: we see the argv array). This is used by the \u2018ps aux\u2019, \u2018pf -f\u2019 or \u2018pgrep -f\u2019 commands. Example:<\/p>\n
\nremnux@remnux:~$ ps aux|grep container\nroot         855  0.0  0.2 1719236 11684 ?       Ssl  May15  14:21 \/usr\/bin\/containerd\nremnux    130783  0.0  0.0   4092  2048 pts\/5    S+   14:26   0:00 grep --color=auto container\nremnux@remnux:~$ cat \/proc\/855\/cmdline\n\/usr\/bin\/containerd<\/pre>\n
To alter the process name in \u2018comm\u2019, you just have to call prctl[4<\/a>]:<\/p>\n
\nprctl(PR_SET_NAME)<\/pre>\n
To alter the process name in \u2018cmdline\u2019 but\u2026 there is a limitation in this case! argv[0] is a fixed-size buffer!. You can’t just point it somewhere else, because the kernel reports the original memory region. To bypass this constraint, you have to spill into the contiguous argv[1..n] \/ environ block.<\/p>\n
I wrote a quick PoC to demonstrate this:<\/p>\n
\n#include <stdio.h>\n#include <string.h>\n#include <unistd.h>\n#include <sys\/prctl.h>\n#include <linux\/prctl.h>\n\nextern char **environ;\n\n\/*\n * Overwrite the argv (and, if needed, environ) memory region so that\n * \/proc\/<pid>\/cmdline reports `new_name`.\n *\/\nstatic void set_cmdline(int argc, char **argv, const char *new_name)\n{\n    char  *start = argv[0];\n    char  *end   = argv[0];\n    int    i;\n\n    \/* Find the end of the contiguous argv + environ block. *\/\n    for (i = 0; i < argc; i++)\n        if (argv[i])\n            end = argv[i] + strlen(argv[i]) + 1; \/* +1 for the NUL *\/\n\n    for (i = 0; environ[i]; i++)\n        end = environ[i] + strlen(environ[i]) + 1;\n\n    size_t avail = (size_t)(end - start);\n\n    \/* Zero the whole region so leftover bytes don't leak into cmdline. *\/\n    memset(start, 0, avail);\n\n    \/* Copy in the new name, leaving room for a terminating NUL. *\/\n    size_t n = strlen(new_name);\n    if (n >= avail)\n        n = avail - 1;\n    memcpy(start, new_name, n);\n    start[n] = '\u0000';\n}\n\nint main(int argc, char **argv)\n{\n    const char *disguise = (argc > 1) ? argv[1] : \"[kworker\/0:1-events]\";\n\n    \/* Masquerade 'comm' *\/\n    if (prctl(PR_SET_NAME, \"kworker\/0:1\", 0, 0, 0) != 0)\n        perror(\"prctl(PR_SET_NAME)\");\n\n    \/* Masquerade 'cmdline' *\/\n    set_cmdline(argc, argv, disguise);\n\n    printf(\"PID %d now masquerading.n\", getpid());\n    printf(\"  ps      -> reads \/proc\/%d\/commn\", getpid());\n    printf(\"  ps aux  -> reads \/proc\/%d\/cmdlinen\", getpid());\n    printf(\"Press CTRL-C to quit.n\");\n    fflush(stdout);\n    for (;;)\n        pause();\n    return 0;\n}<\/pre>\n
Let\u2019s compile and execute it:<\/p>\n
\nremnux@remnux:~$ gcc -o ps-masquerade ps-masquerade.c\nremnux@remnux:~$ .\/ps-masquerade\nPID 130888 now masquerading.\n  ps          -> reads \/proc\/130888\/comm\n  ps aux      -> reads \/proc\/130888\/cmdline\nPress CTRL-C to quit.<\/pre>\n
Spawn another shell:<\/p>\n
\nremnux@remnux:~$ ps aux|grep kworker\/0\nroot          43  0.0  0.0      0     0 ?        I<   May15   0:07 [kworker\/0:1H-kblockd]\nroot         533  0.0  0.0      0     0 ?        I<   May15   0:00 [kworker\/0:2H-kblockd]\nroot      130203  0.0  0.0      0     0 ?        I    06:58   0:01 [kworker\/0:1-cgroup_destroy]\nroot      130627  0.0  0.0      0     0 ?        I    10:21   0:01 [kworker\/0:2-events]\nremnux    130888  0.0  0.0   2680  1408 pts\/5    S+   14:39   0:00 [kworker\/0:1-events]<\/span>\nremnux    130892  0.0  0.0   4092  2048 pts\/6    S+   14:40   0:00 grep --color=auto kworker\/0\nremnux@remnux:~$ cat \/proc\/130888\/comm\nkworker\/0:1\nremnux@remnux:~$ cat \/proc\/130888\/cmdline\n[kworker\/0:1-events]<\/pre>\n
And from a htop:<\/p>\n
\"\"<\/p>\n
A good news is that tools like Kunai[5<\/a>] (based\u00a0on eBPF) will catch the real command line but won’t be able to find back the exec name. This is a nice way to detect process name masquerading:<\/p>\n
\nroot@remnux:\/var\/log\/kunai# grep 130888 kunai.json | jq . | head -20\n{\n  \"data\": {\n    \"ancestors\": \"\/usr\/lib\/systemd\/systemd|\/usr\/sbin\/sshd|\/usr\/sbin\/sshd|\/usr\/sbin\/sshd|\/usr\/bin\/bash\",\n    \"parent_command_line\": \"-bash\",\n    \"parent_exe\": \"\/usr\/bin\/bash\",\n    \"command_line\": \".\/ps-masquerade\",\n    \"exe\": {\n      \"path\": \"\/home\/remnux\/ps-masquerade\",\n      \"md5\": \"\",\n      \"sha1\": \"\",\n      \"sha256\": \"\",\n      \"sha512\": \"\",\n      \"size\": 0,\n      \"error\": \"file not found\"<\/span>\n    }\n  },\n  [...]<\/pre>\n
What about Windows operating systems? It\u2019s a bit tricky because the kernel is involved. Process names are stored in the Process Environment Block (PEB) which can be modified by the process itself (in user land) The PEB holds ImagePathName and CommandLine as UNICODE_STRINGs. These are writable from within the process. Task Manager, WMI’s CommandLine, and a lot of tooling read from here.<\/p>\n
In kernel model, EPROCESS holds ImageFileName (a 15-char ASCII field like the Linux comm) and SeAuditProcessCreationInfo.ImageFileName (the full NT path). These are populated by the kernel from the image that was actually mapped, so from user mode you can’t simply rewrite them.<\/p>\n
[1] https:\/\/isc.sans.edu\/diary\/An+Example+of+Stack+String+in+High+Level+Language\/33008<\/a>
\n[2] https:\/\/attack.mitre.org\/techniques\/T1036\/<\/a>
\n[3] https:\/\/www.sygnia.co\/blog\/operation-highland-velvet-ant\/<\/a>
\n[4] https:\/\/man7.org\/linux\/man-pages\/man2\/prctl.2.html<\/a>
\n[5]\u00a0https:\/\/why.kunai.rocks<\/a><\/p>\n
Xavier Mertens (@xme)<\/b>
\nXameco
\nSenior ISC Handler – Freelance Cyber Security Consultant
\nPGP Key<\/a><\/p>\n
 (c) SANS Internet Storm Center. https:\/\/isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
In a previous diary, I talked about stack strings[1] with a practical example of them. Since my SEC670 class, I\u2019m even more interested\u00a0in malware obfuscation techniques. I had\u00a0a look at process names. When you list running processes on a computer, can you trust what you see? If you’re facing a rootkit, malicious processes can be […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-3827","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"\nLinux Process Name Masquerading, (Wed, Jun 24th) - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Linux Process Name Masquerading, (Wed, Jun 24th) - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"In a previous diary, I talked about stack strings[1] with a practical example of them. Since my SEC670 class, I\u2019m even more interested\u00a0in malware obfuscation techniques. I had\u00a0a look at process names. When you list running processes on a computer, can you trust what you see? If you’re facing a rootkit, malicious processes can be […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-24T07:03:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Linux Process Name Masquerading, (Wed, Jun 24th)\",\"datePublished\":\"2026-06-24T07:03:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/\"},\"wordCount\":520,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/\",\"name\":\"Linux Process Name Masquerading, (Wed, Jun 24th) - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png\",\"datePublished\":\"2026-06-24T07:03:51+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage\",\"url\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png\",\"contentUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Linux Process Name Masquerading, (Wed, Jun 24th)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Linux Process Name Masquerading, (Wed, Jun 24th) - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/","og_locale":"en_US","og_type":"article","og_title":"Linux Process Name Masquerading, (Wed, Jun 24th) - Imperative Business Ventures Limited","og_description":"In a previous diary, I talked about stack strings[1] with a practical example of them. Since my SEC670 class, I\u2019m even more interested\u00a0in malware obfuscation techniques. I had\u00a0a look at process names. When you list running processes on a computer, can you trust what you see? If you’re facing a rootkit, malicious processes can be […]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-06-24T07:03:51+00:00","og_image":[{"url":"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Linux Process Name Masquerading, (Wed, Jun 24th)","datePublished":"2026-06-24T07:03:51+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/"},"wordCount":520,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage"},"thumbnailUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png","keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/","name":"Linux Process Name Masquerading, (Wed, Jun 24th) - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage"},"thumbnailUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png","datePublished":"2026-06-24T07:03:51+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#primaryimage","url":"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png","contentUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260624-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/24\/linux-process-name-masquerading-wed-jun-24th\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Linux Process Name Masquerading, (Wed, Jun 24th)"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=3827"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3827\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=3827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=3827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=3827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}