Production usageĬanarytokens can be used as simple web-bugs, but they are incredibly flexible as we'll see. Nothing sucks more than having a token fire an alert that reads “test" - and not knowing where you placed it.Īn example of creating a descriptive reminder can be found here. Make sure that your Reminder is descriptive, and will be self-describing. Over time, if you are using Canarytokens correctly, you will deploy thousands of them all over the place.
CANARY MAIL HELP FREE
(In this way you can use free Canarytokens as a classic web/mail-bug, to receive a notification when an email you send has been read.) What memo should I use? Now an attacker reading your inbox could trip over it just because his mail client renders remote images. This way it works like the classic 1x1 transparent GIF. If you like, you could even use the same token as an embedded image. So if your emails are stolen, then an attacker reading them should be attracted to the mail and visits the link – and while your week is about to get worse, at least you know. An attacker who has grabbed your mail-spool doesn't. Simply keep it in your inbox unread since you know not to touch it.
CANARY MAIL HELP PLUS
This gives us the simplest use-case for a token, an old fashioned web-bug.įor example, you could send yourself an email with a link to the token plus some lure text: How do attackers trip over a Canarytoken?Ī typical token is a unique URL and/or hostname. If an attacker ever trips over a Canarytoken somehow, you'll get an alert letting you know that it has happened. Microsoft Word, Excel and Macro enabled tokens.Refer to the tokens listed below for examples: Place the generated Canarytoken somewhere special. Go to your Console and select your Canarytoken (supply a reminder that reminds you which Canarytoken this is and where you put it.) This sucks because it's commonly only found out about, months or years later.Ĭanarytokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.) How do Canarytokens work? From unsuspecting grandmas to well known security pros.
From mom and pop stores to mega-corps, and even governments. Canarytokens do all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.Īs a Canary customer, Canarytokens are available to you completely free, and generated alerts will show up in your console like any other:
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. These work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests. We provide this infrastructure for you, so you can deploy tokens in seconds and get the benefit from them immediately.įor example, you may be familiar with tracking pixels transparent 1x1 images embedded in emails that track a user upon opening. An old concept, they can be super useful (and are trivial to use) but require some background infrastructure to get working. Canarytokens are a simple way to tripwire things.