1 minute Canaries
Visibility is everything in cyber security. Let’s increase the visibility of suspicious activity in your environment in 1 minute.
Ready?
Step 1: Visit https://canarytokens.org
Step 2: Select the type of canary token that matches your system or your risk. For example, you may choose an Excel or Word document on a corporate device, or AWS keys or a MySQL dump on a developer or server machine. There are a lot of options here, freely available for your use.
Step 3: Enter the contact email address or a web hook URL (or both!) to notify when your canary is used.
Step 4: Click “Create my Canarytoken” to generate the token to place wherever you like!
The site provides some recommendations, though feel free to get creative — put a token in an email, in a file named passwords.docx, on a file share, in your ~/.aws/credentials file, or in your private git repository.
[default]
aws_access_key_id = AKIAYVP4CIPPHKZTDHPV
aws_secret_access_key = s5Qi2UmF8jZoES/9q7+/jN6c0uAieT7gZn5Vb9oW
output = json
region = us-east-2That’s all! Now you will get a heads up when someone is snooping around or accessing resources. Have fun with it, share your creative use cases, and pass along this tip to a friend.
Edit — 2023–01–25: At Shmoocon 2023 Thinkist released a new Credit Card token, which is a valid card number that will alert you when it is used then the charge is declined. This may be good to store in email, a password manager, a phone note, or somewhere else folks commonly place credit card data.
