Author: Marco Slaviero

The AWS API Key Canarytoken (paid and free) is a great way to detect attackers who have compromised your infrastructure. The full details are in a previous blogpost, but in short:  You go to https://canarytokens.org and generate a set of valid AWS API credentials; Simply leave those in ~/.aws/config on a machine that’s important to you Done! If that machine is ever breached, the sort of attackers who keep you up at night will look for AWS API credentials, and …

Because we can One of our great pleasures and privileges at Thinkst is that every year we set aside a full week for pure hacking/building. The goals for our “Hackweek” are straightforward: build stuff while learning new things. Last week was the 2020 Hackweek work-from-home edition, and this post is a report on how it went. Now in its the fourth year, our Hackweek has come to serve as a kind of a capstone to our year, and folks start thinking …

Thinkst in Santa Clara Last week Haroon and I found ourselves at the 28th USENIX Security Symposium in balmy Santa Clara. We made the trip from Vegas for Haroon’s invited talk at the main event, and I took the opportunity to present at one of the side workshops (HotSec). This is a short recap of our USENEX experience. Neither Haroon nor I have attended USENIX events previously, despite over 20 Black Hat USAs between the two of us. What’s worse, we …

This is the third post in a series highlighting bits from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here. Introduction In our BlackHat talk, “Fighting the Previous War“, we showed how attacks against cloud services and cloud-native companies are still in their nascent stages of evolution. The number of known attacks against AWS is small, which is at odds with the huge number (and complexity) of services available. It’s not a …

[Update: jump to the end of the page for the series index] Late July found Haroon and I sweating buckets inside an 8th storey Las Vegas hotel room. Our perspiration was due not to the malevolent heat outside but to the 189 slides we were building for BlackHat 2017. Modifications to the slidedeck continued until just before the talk, and we’re now posting a link to the final deck. Spoiler alert: it’s at the bottom of this post. A few years …

We are sorry that this blog has been so quiet lately. Our Canary product took off like a rocket and we’ve had our heads down giving it our all. This month we released version-2 with a bunch of new features. You really should check it out. Since almost day one, customers have been asking for virtual Canaries.  We generally prefer doing one thing really well over doing multiple things “kinda ok”, so we held off virtualising Canary for a long …

The number of security conferences shows no signs of slowing down, feeding an ever-growing appetite for talks, presentations and content. If you’re anything like us, both attending and speaking at conferences is part and parcel of your job, even if it’s one event per year. In the absence of publication channels available in other disciplines such as good quality journals, security researchers have the option of blog posts, ezines such as Phrack, mailing lists or conferences. Many choose to go …