Last month we downed tools for a week as we hosted a private, on-site version of the well regarded “ARM Exploit Laboratory” (by Saumil Shah). The class is billed as “a practical hands-on approach to exploit development on ARM based systems” and Saumil is world respected, delivering versions of the class at conferences like 44con, Recon and Blackhat for years. It.absolutely.delivered! With a quick refresher on ARM assembly and system programming on day-1, by day-2 everyone in the class was fairly …
Blog Posts
Security vendors have a mediocre track record in keeping their own applications and infrastructure safe. As a security product company, we need to make sure that we don’t get compromised. But we also need to plan for the horrible event that a customer console is compromised, at which point the goal is to quickly detect the breach. This post talks about how we use Linux’s Audit System (LAS) along with ELK (Elasticsearch, Logstash, and Kibana) to help us achieve this …
This year we attended the RSAC expo in San Francisco as a vendor (with booth, swag & badge scanners!). We documented the trip, it’s quirks, costs and benefits along with some thoughts on the event. Check it out, and feel free to drop us a note on the post or by tweeting at @ThinkstCanary. Considering an RSAC Expo booth? Our Experience, in 5,000 words or less …
Introduction Thinkst’ers have spoken at a heap of security conferences across careers spanning decades, and yet last year (2017) was the first time any of us actually attended RSAC (https://www.rsaconference.com/), when I attended the expo (almost accidentally). At the time I was surprised by a bunch of things, from its insane size to the bizarre vendor shenanigans. As I walked the expo floor I asked an array of vendors if they felt the show was worth it for them. The …
Introduction Thinkst’ers have spoken at a heap of security conferences across careers spanning decades, and yet last year (2017) was the first time any of us actually attended RSAC (https://www.rsaconference.com/), when I attended the expo (almost accidentally). At the time I was surprised by a bunch of things, from its insane size to the bizarre vendor shenanigans. As I walked the expo floor I asked an array of vendors if they felt the show was worth it for them. The …
(Guest post by Ollie Whitehouse) tl;dr Thinkst engaged NCC Group to perform a third party assessment of the security of their Canary appliance. The Canaries came out of the assessment well. When compared in a subjective manner to the vast majority of embedded devices and/or security products we have assessed and researched over the last 18 years they were very good. Who is NCC Group and who am I? Firstly, it is prudent to introduce myself and the company I …
Introduction Sandboxes are a good idea. Whether it’s improving kids’ immune systems, or isolating your apps from the rest of the system, sandboxes just make sense. Despite their obvious benefits, they are still relatively uncommon. We think this is because they are still relatively obscure for most developers and hope this post will fix that. Sandboxes? What’s that? Software sandboxes isolate a process from the rest of the system, constraining the process’ access to the parts of the system that it …
(Guest Post by @marasawr) Author’s note : international law is hard, and these remarks are extremely simplified. Thinkst recently published a thought piece on the theme of ‘A Geneva Convention, for software.‘[1] Haroon correctly anticipated that I’d be a wee bit crunchy about this particular ‘X for Y’ anti-pattern, but probably did not anticipate a serialised account of diplomatic derpitude around information and communications technologies (ICT) in international law over the past twenty years. Apparently there is a need for this, …
The anti-pattern “X for Y” is a sketchy way to start any tech think piece, and with “cyber” stories guaranteeing eyeballs, you’re already tired of the many horrible articles predicting a “Digital Pearl Harbour” or “cyber Armageddon”. In this case however, we believe this article’s title fits and are going to run with it. (Ed’s note: So did all the other authors!) The past 10 years have made it clear that the internet, (both the software that both powers it …
This is the fourth post in a series highlighting bits from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here. Introduction In this blog post, we will introduce you to the newest member of our Canarytoken’s family, the Amazon Web Services API key token. This new Canarytoken allows you to sprinkle AWS API keys around and then notifies you when they are used. (If you stick around to the end, we will also …