Introduction Canarytokens have proved themselves over the last decade as an easy-to-deploy breach detection tool. Our free Canarytokens service has supported AWS API keys since 2017. The concept is straightforward: you sprinkle decoy API keys in your code repos / Lambda configurations / virtual machine disks; when the credentials are used by attackers, you’ll get an alert in your mailbox. They make an excellent (and simple) way to identify malicious actors inside your infrastructure, in the early stages of the …
Author: Marco Slaviero
[ This is a lightly edited internal post we’ve made public.] Last week we had booths at DevConf Joburg, and DevConf Cape Town. They’re two ZA events run by the same crew with the same speakers, two days and 1400kms apart. The organisers set a bar in ZA for putting on polished and well-run events. Where the average event is in an old venue with limited food and chaotic organisation, DevConf is punctual, classy, and efficient. Francois & Victor (Jhb), and Leighton …
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security and usability were necessary trade-offs. This was just the prevailing truth. One of the reasons we always promote hacker-led companies is because hackers delight in challenging accepted truths. We think this applies as much to product design as it does to smashing the stack. In a few months, …
This is a short post describing how to debug Flask apps with the ever-useful rpdb, along with a few gotchas to be careful of. Our workhorse web backend is Flask+uWSGI, running on standalone EC2 instances. At the same time we rely on Twisted for several backend services. On occasion a Thinkster might need to debug one of these services on one of the EC2 instances. Due to our instance isolation strategy, it’s tricky to get fancy remote debugging running, such …
Would your rather observe an eclipse through a pair of new Ray-Bans, or a used Shade 12 welding helmet? Undoubtably the Aviators are more fashionable, but the permanent retinal damage sucks. Fetch the trusty welding helmet. We’ve made a number of security choices when building Canary that have held us in pretty good stead. These choices are interesting in that they don’t involve the purchase of security products, they don’t get lots of discussion in security engineering threads, and they …
Refreshing Canarytokens.org: a new interface, new functionality, and our security assessment results
Today, we’re excited to announce the launch of the revamped Canarytokens.org, our free Canarytokens service. When you visit the updated site, you’ll notice several key enhancements. First, the user interface has undergone a significant refresh. At Thinkst, we view code as a craft, and this philosophy guided us as we meticulously rebuilt the interface piece by piece. The result is an experience that is not only more intuitive but also more enjoyable to use. Second, we’ve expanded the management functionality …
At Thinkst Canary, we make the world’s easiest to deploy and manage honeypots. The high-level architecture for each customer is a web-based management dashboard (called the Console), plus the honeypots that the customer has deployed into their networks. We run the dashboard, customers run the honeypots. Our Console fleet is thousands of machines at this time, and this blogpost describes how we recently upgraded our fleet without any customer-noticeable downtime. Background: Canary Consoles Customers manage their honeypots, configure alerting, and …
Any Thinksters who have been in physical or virtual proximity to me over the last year have likely suffered at least one whinge session about “the Glorifier”. The especially fortunate have suffered several. I’m relieved to say that, at long last, the whinges are over. In this post, I’m going to walk through the travails of producing the Glorifier mostly as a cathartic exercise but extracting a few lessons from the experience. Our story is told in seven parts: Let’s …
The AWS API Key Canarytoken (paid and free) is a great way to detect attackers who have compromised your infrastructure. The full details are in a previous blogpost, but in short: You go to https://canarytokens.org and generate a set of valid AWS API credentials; Simply leave those in ~/.aws/config on a machine that’s important to you Done! If that machine is ever breached, the sort of attackers who keep you up at night will look for AWS API credentials, and …
Because we can One of our great pleasures and privileges at Thinkst is that every year we set aside a full week for pure hacking/building. The goals for our “Hackweek” are straightforward: build stuff while learning new things. Last week was the 2020 Hackweek work-from-home edition, and this post is a report on how it went. Now in its the fourth year, our Hackweek has come to serve as a kind of a capstone to our year, and folks start thinking …