blog.thinkst.comThinkst Thoughts – Writing about our experiences and research

findings Maybe Not Static FileMaybe Not Static FileMaybe Not Static FileMaybe Not Static FileMaybe Not Static FileMaybe Not Static File https://fonts-api.wp.com/css?family=Lora:400,700&subset=latin,latin-extHas ConditionalMaybe Not Static File //fonts-api.wp.com/css?family=Open+Sans%3Aregular%2Citalic%2C700&display=swapMaybe Not Static FileExcluded optionThinkst Thoughts LEARN MORE Thinkst Thoughts Visit Thinkst Visit Thinkst Canary Blog Posts Glory to the Glorifier Publish Date May 6, 2024 Marco Slaviero Any Thinksters who have been in physical or virtual proximity to me over the last year have likely suffered at least one whinge session about the Glorifier”. The especially fortunate have suffered several. I’m relieved to say that, at long last, the whinges are over. In this post, I’m going to walk through the travails of producing the Glorifier mostly as a cathartic exercise but extracting a few lessons from the experience. Our story is told in seven parts: Let’s … Continue Reading A Bird’s-eye view: IceID to Dagon Locker (The DFIR Report) Publish Date May 3, 2024 Casey Smith This is the first post in an ongoing series that aims to examine documented/public breaches with a special focus on Canary and Canarytoken deployment. The posts do not intend to imply that we would have been a silver bullet and prevented the breach; rather, our approach has been to help detect breaches. These posts are primarily intended to give our customers and users ideas for possible deployment options. We love the work done by the team at the DFIR report … Continue Reading Defending against the Attack of the Clone[d website]s! Publish Date January 30, 2024 Jacob Torrey Front matter In a previous post, Casey talked about our Cloned Website Canarytoken and how it fares against modern phishing attacks. Today, we are releasing two new versions of the token which alert you when an attacker is using an Adversary-in-the-Middle (AitM) attack against one of your sites. An added bonus is that the new tokens can be deployed on properties you only have limited administrative access to (like your Azure tenant login portal or hosted blog). In this post … Continue Reading Video File Canarytokens: to be or not to be Publish Date January 22, 2024 Gerrie Crafford Recently friend-of-Thinkst (and CTO of NCSC) Ollie Whitehouse tweeted this interesting tidbit: We’re always looking for new types of Canarytokens, so it would be cool if we used this method to create video file Canarytokens. Quick background explainer We build Canaries that act as entire machines, require almost no configuration and boot as various Operating Systems. The logic is that it takes you less than a minute to set it up, and when an attacker lands on your network, they … Continue Reading What personality” should I give my Canary? Publish Date January 18, 2024 anna You can do complex things with Canaries but you don’t need to. Even though Canaries will happily pose as SCADA equipment or Mainframes, a Windows personality, with a well-named fileshare, has caught attackers all over the world. Can it be that easy? Won’t really good attackers be suspicious? The answer is slightly counter-intuitive: Attackers who land on your network have to situate themselves. They have to poke around. But won’t they ignore a server that looks suspiciously unguarded? Almost never. … Continue Reading Oh Crumbs! (Breadcrumbs in Beta) Publish Date January 15, 2024 Quinn Davies tl;dr: You can now create breadcrumbs to lure attackers to your Canaries with just a few clicks. Canaries and (their) Discoverability Our thesis with Canary has always been simple: Attackers who land in your infrastructure need to situate themselves and they do this by looking around. They run commands and touch systems that regular users never need to. By being selective about which services Canaries offer we can find the sweet-spot of services that are super-trivial to deploy, super likely … Continue Reading A (beta) Canarytoken for Active Directory Credentials Publish Date December 11, 2023 Roberto Attackers on your network love finding stray credentials. They are an easy way to elevate privileges and are often one of the first things attackers look for during post-exploitation. There’s no shortage of places where these credentials can be found and surprisingly, there’s very little downside to attackers trying them… …unless there’s a way to drop decoy credentials. This isn’t a new idea, but it usually requires heavy tooling and configuration. Our newest AD tokens allow you to create fake … Continue Reading Cloned Website Token and Reverse Proxies Publish Date September 28, 2023 Casey Smith Our Cloned Website Token has been available for a long time now, both on our public Canarytokens.org site as well as for our Canary customers. It’s helped users all over the world detect attacks early in the process. We wanted to take a moment and go over some of the details of this token: how it works, how to create and use one, and critically, how it fares against the new Adversary-in-the-Middle” (AitM)-generation of phishing attacks.. The cloned website token … Continue Reading CourtVision – Where’s my padel at? Publish Date September 12, 2023 benjamin Labs is the research arm of Thinkst but research has always been a key part of our company culture. All Thinksters are encouraged to work with Labs on longer term projects. These become that Thinkster’s day job” for a while. (These are intended both for individual growth, and to stretch ourselves into new areas: They don’t have to be related to Canary or security). I took a brief hiatus from the engineering team to explore a computer vision project: CourtVision. … Continue Reading Default behaviour sticks (And so do examples) Publish Date August 21, 2023 Paul Gichuki Introduction We spend huge amounts of time sweating the details of our products. We want to remove all the friction we can from using them and want to make sure we never leave our users confused. To get this right, we do a bunch of things: we use simple language, we make extensive use of context-sensitive help and where it’s needed, we nudge users with illustrative examples. Recently we bumped into something that made us rethink our use of examples. Background … Continue Reading Posts navigation 1 2 3 … 15 Site Sidebar 2024 (6) 2023 (8) 2022 (8) 2021 (7) 2020 (13) 2019 (12) 2018 (13) 2017 (11) 2016 (2) 2015 (8) 2014 (6) 2013 (6) 2012 (5) 2011 (17) 2010 (21) Site Footer Loading Comments... Write a Comment... Email (Required) Name (Required) Website Maybe Not Static FileExternal URL: https://stats.wp.com/e-202420.jsAuthored with ?...