Introduction The AWS API key Canarytoken is a perennial favourite on Canarytokens.org, and we’ve heard requests for a similar token for Azure. In this blog post, we introduce the Azure Login Certificate Token (aka the Azure Token) to Canarytokens.org1. As with all tokens, you can sprinkle Azure tokens throughout your environment and receive high fidelity notifications whenever they’re used. Place one on your CTO’s laptop, or on every server in your fleet. When attackers breach that laptop, or servers, or …
Tag: Canarytokens
Introducing the new Kubeconfig Canarytoken A while back we asked: “What will an attacker do if they find an AWS API key on your server?” (We are pretty convinced they will try to use it, and when they do, you get a reliable message that badness is going on). Last month we asked: “What will an attacker do if they find a large MySQLDump file on your machine?” (We think there’s a good chance they will load it into a …
InfoSec superstar (and long-time Canary fan) theGrugq recently mused on twitter about generating alerts when certain binaries are run on your hosts. We definitely think it has its uses, and we figured it would be worth discussing a quick way to make this happen (using the existing http://canarytokens.org) TL;DR: You can pass arbitrary data to a web-token allowing you to use it as a reliable, generic alerter of sorts. We often refer to our Web and DNS Canarytokens as our …
Shared passwords, sensitive documents: mailboxes are great targets for attackers. Would you know they were targeted? We’ve got your back! Our Office 365 token deploys to thousands of mailboxes in minutes and alerts you when someone is snooping around. Why an Office 365 Mail token? Enterprises have been flocking (ha) to Office 365 for years now and a large number of Thinkst customers are using it. The Canaries will detect attackers on their networks, but nothing lets them know if …