A “Safety Net” for AWS Canarytokens

The AWS API Key Canarytoken (paid and free) is a great way to detect attackers who have compromised your infrastructure. The full details are in a previous blogpost, but in short:  You go to https://canarytokens.org and generate a set of valid AWS API credentials; Simply leave those in ~/.aws/config on a machine that’s important to you Done! If that machine is ever breached, the sort of attackers who keep you up at night will look for AWS API credentials, and

Continue Reading

Hackweek 2020

Because we can One of our great pleasures and privileges at Thinkst is that every year we set aside a full week for pure hacking/building. The goals for our “Hackweek” are straightforward: build stuff while learning new things. Last week was the 2020 Hackweek work-from-home edition, and this post is a report on how it went. Now in its the fourth year, our Hackweek has come to serve as a kind of a capstone to our year, and folks start thinking

Continue Reading

USENIX Security Symposium 2019

Thinkst in Santa Clara Last week Haroon and I found ourselves at the 28th USENIX Security Symposium in balmy Santa Clara. We made the trip from Vegas for Haroon’s invited talk at the main event, and I took the opportunity to present at one of the side workshops (HotSec). This is a short recap of our USENEX experience. Neither Haroon nor I have attended USENIX events previously, despite over 20 Black Hat USAs between the two of us. What’s worse, we

Continue Reading

Farseeing: a look at BeyondCorp

This is the third post in a series highlighting bits from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here. Introduction In our BlackHat talk, “Fighting the Previous War“, we showed how attacks against cloud services and cloud-native companies are still in their nascent stages of evolution. The number of known attacks against AWS is small, which is at odds with the huge number (and complexity) of services available. It’s not a

Continue Reading

BlackHat 2017 Series

[Update: jump to the end of the page for the series index] Late July found Haroon and I sweating buckets inside an 8th storey Las Vegas hotel room. Our perspiration was due not to the malevolent heat outside but to the 189 slides we were building for BlackHat 2017. Modifications to the slidedeck continued until just before the talk, and we’re now posting a link to the final deck. Spoiler alert: it’s at the bottom of this post. A few years

Continue Reading

Cloud Canary Beta

We are sorry that this blog has been so quiet lately. Our Canary product took off like a rocket and we’ve had our heads down giving it our all. This month we released version-2 with a bunch of new features. You really should check it out. Since almost day one, customers have been asking for virtual Canaries.  We generally prefer doing one thing really well over doing multiple things “kinda ok”, so we held off virtualising Canary for a long

Continue Reading

Introducing Consli, easy scheduling and feedback for conference organisers and attendees

The number of security conferences shows no signs of slowing down, feeding an ever-growing appetite for talks, presentations and content. If you’re anything like us, both attending and speaking at conferences is part and parcel of your job, even if it’s one event per year. In the absence of publication channels available in other disciplines such as good quality journals, security researchers have the option of blog posts, ezines such as Phrack, mailing lists or conferences. Many choose to go

Continue Reading

ThinkstScapes 2013-AH1: On the China report

The Mandiant APT1 report that was released a week ago has been causing some consternation, which makes it a ripe topic for our ThinkstScapes service. This morning, we issued an ad-hoc update to our customers containing our views of the APT1 report. In short, the data is interesting, but does not conclusively point to Unit 61938. There are too many open questions to justify the finger pointing. Take, for example, the markers released for the APT1 group. The report does

Continue Reading

The lamest hacks

A little while back, a colleague of a colleague approached me with a favour request that was hard to refuse (no, not that kind…) They had one of these external harddrives that supports on-drive encryption and, as you will have guessed, had forgotten the password. No more saved business docs, but also no more saved baby pics. “Could we have a look?”, they asked. A brief search online revealed companies who claim to be able to recover passwords for these

Continue Reading

Site Footer

Authored with 💚 by Thinkst