Like many in the industry, we are mentally preparing for the trip out to Las Vegas for the US’s crowning trio of big security conferences: BSidesLV, Black Hat USA, and DEF CON. Every year tens of thousands make the annual pilgrimage to the “Hacker Summer Camp” trifecta to see friends, learn from the smorgasbord of tasks and trainings, and share their knowledge far and wide. Each year we at the ThinkstScapes HQ find great content worth highlighting from these longstanding …
Tag: research
Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for Thinkst Canary to make sure the added value exceeds the inevitable cognitive complexity that new features (or new UX elements) bring. This post will dive into a recent Labs research effort that we ended up leaving on the cutting room floor. Background We are always on the …
TL;DR Our credit card Canarytokens are out of beta and flying to your consoles! We love these tokens because they provide a novel way to alert on a strong signal of badness. They also perfectly embody our concept of conspicuous deception. Conspicuous deception is our take that simply knowing that a credit card could be a Canarytoken adds risk to the process of stealing, selling, testing, and committing fraud on all cards. Now, fraudsters have to worry that testing or …
We are releasing two new versions of the token which alert you when an attacker is using an AitM attack against one of your sites. …
Introduction Today we’re open-sourcing a research project from Labs, ZipPy, a very fast LLM text detection tool. Unless you’ve been living under a rock (without cellphone coverage), you’ve heard of how generative AI large language models (LLMs) are the “next big thing”. Hardly a day goes by without seeing a breathless article on how LLMs are either going to remake humanity, or bring upon its demise; this post is neither, while we think there are some neat applications for LLMs, …
This year we gave a talk at BlackHat titled: Bring back the Honeypots. You can grab a quickly annotated version of the slides from [here] As usual, we had waaaaaay more content than time (which should have been expected with about 142 slides and multiple demos) but we like to live dangerously.. The linked slides are annotated, so you should be able to gather the gist of our thoughts, but some of them (especially the demos) do require their own …
You can watch it in action here: The videos were made with our early prototypes. The release birds are much much prettier! We think its insane that organizations that spent millions of dollars on cyber security took months (or years) to realize that they were breached. We think Canary fixes this elegantly and manages to do this at a super reasonable price-point. We have spent ages adding features, stripping features and making it a pleasure …
We presented at Hack in the Box Malaysia last week on research we have been doing for the past while on Sock Puppetry. We will post more details on the research in upcoming posts, but for now, you can grab a copy of the slides [here] [edit] Coverage of the talk on Digital News Asia : “Censorship 2.0: Shadowy forces controlling online conversations” [edit] Coverage of the talk on the register : “Stop and Thinkst: Is that really the Most Popular story …
(because we can’t have enough posts with exclamation marks in them) Our previous post (and research) seemed to go by pretty silently initially and then suddenly was everywhere. Andy Greenberg wrote a piece over at Forbes which really does deserve special mention. Tech journalists so often sensationalize security stories that many security researchers are quite afraid to even talk them. I certainly was, but his piece was fair, balanced and covered all the interesting points. +1 to him. The Forbes …
(aka: Shoulder Surfing: There’s an App for that!) We rarely talk about it these days, but shoulder surfing is a pretty old (but reliable) attack. This is why most password prompts are masked. Many modern mobiles (and tablets) however will highlight keys pressed on the keyboard making old style shoulder surfing attacks trivial (and reasonably automatable) again. In an effort to (help) bring back the 90’s we decided to do some fiddling and built a quick app(on top of the …