Introduction Canarytokens have proved themselves over the last decade as an easy-to-deploy breach detection tool. Our free Canarytokens service has supported AWS API keys since 2017. The concept is straightforward: you sprinkle decoy API keys in your code repos / Lambda configurations / virtual machine disks; when the credentials are used by attackers, you’ll get an alert in your mailbox. They make an excellent (and simple) way to identify malicious actors inside your infrastructure, in the early stages of the …
Blog Posts
Like many in the industry, we are mentally preparing for the trip out to Las Vegas for the US’s crowning trio of big security conferences: BSidesLV, Black Hat USA, and DEF CON. Every year tens of thousands make the annual pilgrimage to the “Hacker Summer Camp” trifecta to see friends, learn from the smorgasbord of tasks and trainings, and share their knowledge far and wide. Each year we at the ThinkstScapes HQ find great content worth highlighting from these longstanding …
You’re moments away from finishing a feature you’ve been working on for the last two weeks when you get a Slack notification that the frontend test pipeline has failed for the 824th time that year. It’s the same handful of flaky tests that fail whenever there’s a half-moon. You make a note to fix these tests and get back to finishing that feature. We were in this situation and asked ourselves whether we enjoyed building and maintaining our frontend test …
[ This is a lightly edited internal post we’ve made public.] Last week we had booths at DevConf Joburg, and DevConf Cape Town. They’re two ZA events run by the same crew with the same speakers, two days and 1400kms apart. The organisers set a bar in ZA for putting on polished and well-run events. Where the average event is in an old venue with limited food and chaotic organisation, DevConf is punctual, classy, and efficient. Francois & Victor (Jhb), and Leighton …
At Thinkst, we build tools to make attackers’ lives harder and defenders’ lives easier. Our latest Canarytoken does exactly that—introducing the SAML IdP App Canarytoken (already available on canarytokens.org, but now available on customer Consoles too!) Where our Fake App Canarytokens for iOS and Android detect badness at the device level, SAML IdP App Canarytokens help at the identity level. Organisations rely on Single Sign-On (SSO) to manage authentication across their cloud applications. Attackers know this and target identity providers (IdPs) …
Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for Thinkst Canary to make sure the added value exceeds the inevitable cognitive complexity that new features (or new UX elements) bring. This post will dive into a recent Labs research effort that we ended up leaving on the cutting room floor. Background We are always on the …
TL;DR Our credit card Canarytokens are out of beta and flying to your consoles! We love these tokens because they provide a novel way to alert on a strong signal of badness. They also perfectly embody our concept of conspicuous deception. Conspicuous deception is our take that simply knowing that a credit card could be a Canarytoken adds risk to the process of stealing, selling, testing, and committing fraud on all cards. Now, fraudsters have to worry that testing or …
Cheap tchotchke, pushy salespeople and silly gimmicks. Vendor booths are often considered horrible wastes of time (and money). But we think they are great and keep recommending them to friends. It’s not because we throw money around either. We never raised capital, so even though we crossed $19m in ARR last year, we still watch our marketing spend judiciously. We don’t do airport ads and we don’t pay fancy analyst firms. (In fact, we still don’t do any outbound sales). …
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security and usability were necessary trade-offs. This was just the prevailing truth. One of the reasons we always promote hacker-led companies is because hackers delight in challenging accepted truths. We think this applies as much to product design as it does to smashing the stack. In a few months, …
In 2019, we created (and wrote about) our Skyball pyramid – a cute way to stack the super-bouncy balls we give away at conferences. This year we took it up a notch (thanks to Andrew bringing out SCR2!) Like the previous version, we can now make arbitrarily sized pyramids (which also allows us to shrink the base as we start to run out of balls). More importantly though.. Moar Birds! It’s tiny, but it’s one of those things we love. …