This is a short post describing how to debug Flask apps with the ever-useful rpdb, along with a few gotchas to be careful of. Our workhorse web backend is Flask+uWSGI, running on standalone EC2 instances. At the same time we rely on Twisted for several backend services. On occasion a Thinkster might need to debug one of these services on one of the EC2 instances. Due to our instance isolation strategy, it’s tricky to get fancy remote debugging running, such …
Blog Posts
If you’ve gotten a gift from us in the past few years, it would have shown up in a bag like this one: Here’s the story behind that bag… Carrying Our Values With Us One of our core Thinkst values is to “do well by doing good” (we actually have 4 of them). We donate to Open Source projects we use. We offer no-strings-attached bursaries to South African tertiary students. We support local charities who protect, uplift, and believe in …
We’re happy to announce our Canarytoken’s newest member: the Fake App Canarytoken. We’ve previously asked the question Would you know if your phone was hacked? and offered the Wireguard Canarytoken as a safeguard against it. But, as we install more apps on our phones, the attack surface (and incentive) for attackers continues to increase. From journalists having their field notes read, to CEOs and presidents having their phones hacked, or the more prevalent scourge of intimate partner violence, more and …
We’ve just released an update that allows VMWare birds to be pre-configured. This allows customers to deploy them trivially at scale. Our KB article explains how to make use of it, but this post goes deeper under the hood to explore how we made it happen. Automatically Configuring Linux VMs The de facto standard for configuring or customising Cloud virtual machines (e.g. at AWS, GCP, Azure, etc) is cloud-init. Cloud-init works by reading configuration data from datasources outside the VM, …
Every August, 1000s of people from all over the world consciously decide to brave the balmy 40C/100F+ desert to learn, share, and socialize at the trifecta of Hacker conferences. Whereas Black Hat and DEF CON attendees have been making the sojourn for decades, 2024 marks the 13th year since BSides Las Vegas was added to the mix, lovingly referred to as the “Hacker Summer Camp”. With such a overwhelming buffet of content, we thought it might help to share the …
We’ve previously discussed how Canarytokens can detect when your website has been cloned and used in phishing campaigns. We also released an Azure Entra ID Login token that can be used to detect this activity on your tenant’s Entra ID Login page. Today, we’re taking that concept a step further by introducing an automated response pipeline that detects phishing attempts, correlates which of your users fell victim to the attack and takes immediate action to minimise the impact of the …
Would your rather observe an eclipse through a pair of new Ray-Bans, or a used Shade 12 welding helmet? Undoubtably the Aviators are more fashionable, but the permanent retinal damage sucks. Fetch the trusty welding helmet. We’ve made a number of security choices when building Canary that have held us in pretty good stead. These choices are interesting in that they don’t involve the purchase of security products, they don’t get lots of discussion in security engineering threads, and they …
Refreshing Canarytokens.org: a new interface, new functionality, and our security assessment results
Today, we’re excited to announce the launch of the revamped Canarytokens.org, our free Canarytokens service. When you visit the updated site, you’ll notice several key enhancements. First, the user interface has undergone a significant refresh. At Thinkst, we view code as a craft, and this philosophy guided us as we meticulously rebuilt the interface piece by piece. The result is an experience that is not only more intuitive but also more enjoyable to use. Second, we’ve expanded the management functionality …
At Thinkst Canary, we make the world’s easiest to deploy and manage honeypots. The high-level architecture for each customer is a web-based management dashboard (called the Console), plus the honeypots that the customer has deployed into their networks. We run the dashboard, customers run the honeypots. Our Console fleet is thousands of machines at this time, and this blogpost describes how we recently upgraded our fleet without any customer-noticeable downtime. Background: Canary Consoles Customers manage their honeypots, configure alerting, and …
This is the second post in an ongoing series that examines documented/public breaches with a special focus on Canary and Canarytoken deployment. The posts do not intend to imply that we would have been a silver bullet and prevented the breach; rather, our approach has been to help detect breaches. These posts are primarily intended to give our customers and users ideas for possible deployment options. In this 2nd blog post, we’ll look at: Why do attackers like file shares? …