(Guest Post by @marasawr) Author’s note : international law is hard, and these remarks are extremely simplified. Thinkst recently published a thought piece on the theme of ‘A Geneva Convention, for software.‘[1] Haroon correctly anticipated that I’d be a wee bit crunchy about this particular ‘X for Y’ anti-pattern, but probably did not anticipate a serialised account of diplomatic derpitude around information and communications technologies (ICT) in international law over the past twenty years. Apparently there is a need for this, …
Year: 2017
The anti-pattern “X for Y” is a sketchy way to start any tech think piece, and with “cyber” stories guaranteeing eyeballs, you’re already tired of the many horrible articles predicting a “Digital Pearl Harbour” or “cyber Armageddon”. In this case however, we believe this article’s title fits and are going to run with it. (Ed’s note: So did all the other authors!) The past 10 years have made it clear that the internet, (both the software that both powers it …
This is the fourth post in a series highlighting bits from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here. Introduction In this blog post, we will introduce you to the newest member of our Canarytoken’s family, the Amazon Web Services API key token. This new Canarytoken allows you to sprinkle AWS API keys around and then notifies you when they are used. (If you stick around to the end, we will also …
This is the third post in a series highlighting bits from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here. Introduction In our BlackHat talk, “Fighting the Previous War“, we showed how attacks against cloud services and cloud-native companies are still in their nascent stages of evolution. The number of known attacks against AWS is small, which is at odds with the huge number (and complexity) of services available. It’s not a …
This post continues the series of highlights from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here. Introduction Before today’s public clouds, best practice was to store logs separately from the host that generated them. If the host was compromised, the logs stored off it would have a better chance of being preserved. At a cloud provider like AWS, a storage service within an account holds your activity logs. A sufficiently thorough …
This is the first post in a series highlighting bits from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here. Introduction In this post we’ll be looking at ways to compromise your developers that you probably aren’t defending against, by exploiting the plugins in their editors. We will therefore be exploring Atom, Atom plugins, how they work and the security shortfalls they expose.Targeting developers seems like a good idea (targeting sysadmins is so 2014). …
[Update: jump to the end of the page for the series index] Late July found Haroon and I sweating buckets inside an 8th storey Las Vegas hotel room. Our perspiration was due not to the malevolent heat outside but to the 189 slides we were building for BlackHat 2017. Modifications to the slidedeck continued until just before the talk, and we’re now posting a link to the final deck. Spoiler alert: it’s at the bottom of this post. A few years …
Heres a quick, informal guide to deploying birds. It isn’t a Canary user guide and should: be a fun read; be broadly applicable. One of Canary’s core benefits is that they are quick to deploy (Under 5 minutes from the moment you unbox them) but this guide should seed some ideas for using them to maximum effect. Grab the Guide Here (No registration, No Tracking Link, No Unnecessary Drama) If you have thoughts, comments, or ideas, hit us back at …
Our MS Word and PDF tokens are a great way to see if anyone is snooping through your documents. One simply places the document in an enticing location and waits. If the document is opened, a notification (containing useful information about the viewer) is sent to you. Both MS Word tokens and PDF tokens work by embedding a link to a resource in the tokened document. When the document is opened an attempt to fetch the resource is made. This …
Introducing our Python API Wrapper With our shiny new Python API wrapper, managing your deployed Canaries has never been simpler. With just a few simple lines of code you’ll be able to sort and store incident data, reboot all of your devices, create Canarytokens, and much more (Building URLs correctly and parsing JSON strings is for the birds…). So, how do you get started? Firstly you’ll need to install our package. You can grab it from a number of places: …