Blog Posts

Cloned Website Token and Reverse Proxies

Our Cloned Website Token has been available for a long time now, both on our public site as well as for our Canary customers. It’s helped users all over the world detect attacks early in the process. We wanted to take a moment and go over some of the details of this token: how it works, how to create and use one, and critically, how it fares against the new “Adversary-in-the-Middle” (AitM)-generation of phishing attacks.. The cloned website token

Continue Reading

CourtVision – Where’s my padel at?

Labs is the research arm of Thinkst but research has always been a key part of our company culture. All Thinksters are encouraged to work with Labs on longer term projects. These become that Thinkster’s “day job” for a while. (These are intended both for individual growth, and to stretch ourselves into new areas: They don’t have to be related to Canary or security). I took a brief hiatus from the engineering team to explore a computer vision project: CourtVision.

Continue Reading

Default behaviour sticks (And so do examples)

Introduction We spend huge amounts of time sweating the details of our products. We want to remove all the friction we can from using them and want to make sure we never leave our users confused. To get this right, we do a bunch of things: we use simple language, we make extensive use of context-sensitive help and where it’s needed, we nudge users with illustrative examples. Recently we bumped into something that made us rethink our use of examples. Background

Continue Reading

Meet “ZipPy”, a fast AI LLM text detector

Introduction Today we’re open-sourcing a research project from Labs, ZipPy, a very fast LLM text detection tool. Unless you’ve been living under a rock (without cellphone coverage), you’ve heard of how generative AI large language models (LLMs) are the “next big thing”. Hardly a day goes by without seeing a breathless article on how LLMs are either going to remake humanity, or bring upon its demise; this post is neither, while we think there are some neat applications for LLMs,

Continue Reading

Birds at (Tail)scale

This week we are super excited to release the latest addition to our lineup of Thinkst Canary platforms: Tailscale. Background We’ve always made sure that deploying Canaries is absurdly quick and painless. It’s why you can add a hardware Canary to your network just by plugging it in and why most customers end up re-thinking their detection roadmaps: We adore Tailscale: They have a first-rate team and their product is also widely loved for being startlingly simple to deploy.

Continue Reading welcomes Azure Login Certificate Token

Introduction The AWS API key Canarytoken is a perennial favourite on, and we’ve heard requests for a similar token for Azure. In this blog post, we introduce the Azure Login Certificate Token (aka the Azure Token) to Canarytokens.org1.  As with all tokens, you can sprinkle Azure tokens throughout your environment and receive high fidelity notifications whenever they’re used. Place one on your CTO’s laptop, or on every server in your fleet. When attackers breach that laptop, or servers, or

Continue Reading

Swipe right on our new credit card tokens!

Detect breaches with Canary credit cards! TL;DR; Today we’re releasing a new Canarytoken type: actual credit cards!  We recommend placing one anywhere you store payment information. If you ever get an alert on it, you know that that data-store has been compromised. Background Canaries generally aim to look like something an attacker would want to interact with. It’s why our mantra has always been that Canaries should look valuable (instead of just vulnerable). Historically, these have been network services, or

Continue Reading

Seasonal themes, delighting users & small UX touches

We’ve written before about the effort we put into UX choices in our app. We don’t consider problems solved just because we kicked out a feature in its general vicinity and we are super strong believers in “small things done well” This came to the fore again recently when we included a “seasonal theme” into customer Consoles and I figured it was worth a brief post to examine our thinking around (even) short-term UX. In our early days we’d give

Continue Reading

Company Lessons (from YouTubes “Hot Ones”)

 I recently discovered “Hot Ones” on YouTube. If you haven’t seen any of the episodes, you should (because they really are fantastic). This isn’t really a controversial opinion: their YouTube channel has 12 million subscribers and almost 2,6 billion views. The show has a few lessons that I think are worth noticing/stealing. I’ll discuss 3 of them here (even if they are kinda random). 1) Genuine Warmth One would expect the show to lean on a kinda gotcha-slapstick routine: we all laugh

Continue Reading

Sensitive Command Token – So much offense in my defense

Introduction: Many people have pointed out that there are a handful of commands that are overwhelmingly run by attackers on compromised hosts (and seldom ever by regular users/usage). Reliably alerting when a user on your code-sign server runs whoami.exe can mean the difference between catching a compromise in week-1 (before the attackers dig in) and learning about the attack on CNN. Introducing our new Sensitive Command Canarytoken. This quick/simple Canarytoken alerts you any time your chosen command is executed on

Continue Reading

Site Footer

Authored with 💚 by Thinkst