TL;DR Our credit card Canarytokens are out of beta and flying to your consoles! We love these tokens because they provide a novel way to alert on a strong signal of badness. They also perfectly embody our concept of conspicuous deception. Conspicuous deception is our take that simply knowing that a credit card could be a Canarytoken adds risk to the process of stealing, selling, testing, and committing fraud on all cards. Now, fraudsters have to worry that testing or …
Tag: Canarytokens
We’ve previously discussed how Canarytokens can detect when your website has been cloned and used in phishing campaigns. We also released an Azure Entra ID Login token that can be used to detect this activity on your tenant’s Entra ID Login page. Today, we’re taking that concept a step further by introducing an automated response pipeline that detects phishing attempts, correlates which of your users fell victim to the attack and takes immediate action to minimise the impact of the …
Refreshing Canarytokens.org: a new interface, new functionality, and our security assessment results
Today, we’re excited to announce the launch of the revamped Canarytokens.org, our free Canarytokens service. When you visit the updated site, you’ll notice several key enhancements. First, the user interface has undergone a significant refresh. At Thinkst, we view code as a craft, and this philosophy guided us as we meticulously rebuilt the interface piece by piece. The result is an experience that is not only more intuitive but also more enjoyable to use. Second, we’ve expanded the management functionality …
We are releasing two new versions of the token which alert you when an attacker is using an AitM attack against one of your sites. …
Introduction We spend huge amounts of time sweating the details of our products. We want to remove all the friction we can from using them and want to make sure we never leave our users confused. To get this right, we do a bunch of things: we use simple language, we make extensive use of context-sensitive help and where it’s needed, we nudge users with illustrative examples. Recently we bumped into something that made us rethink our use of examples. Background …
Introduction The AWS API key Canarytoken is a perennial favourite on Canarytokens.org, and we’ve heard requests for a similar token for Azure. In this blog post, we introduce the Azure Login Certificate Token (aka the Azure Token) to Canarytokens.org1. As with all tokens, you can sprinkle Azure tokens throughout your environment and receive high fidelity notifications whenever they’re used. Place one on your CTO’s laptop, or on every server in your fleet. When attackers breach that laptop, or servers, or …
Introducing the new Kubeconfig Canarytoken A while back we asked: “What will an attacker do if they find an AWS API key on your server?” (We are pretty convinced they will try to use it, and when they do, you get a reliable message that badness is going on). Last month we asked: “What will an attacker do if they find a large MySQLDump file on your machine?” (We think there’s a good chance they will load it into a …
InfoSec superstar (and long-time Canary fan) theGrugq recently mused on twitter about generating alerts when certain binaries are run on your hosts. We definitely think it has its uses, and we figured it would be worth discussing a quick way to make this happen (using the existing http://canarytokens.org) TL;DR: You can pass arbitrary data to a web-token allowing you to use it as a reliable, generic alerter of sorts. We often refer to our Web and DNS Canarytokens as our …
Shared passwords, sensitive documents: mailboxes are great targets for attackers. Would you know they were targeted? We’ve got your back! Our Office 365 token deploys to thousands of mailboxes in minutes and alerts you when someone is snooping around. Why an Office 365 Mail token? Enterprises have been flocking (ha) to Office 365 for years now and a large number of Thinkst customers are using it. The Canaries will detect attackers on their networks, but nothing lets them know if …