I added some new features to canaryusb, the most nice it's that right now it's possible to provide a list of trusted devices, and if any of these are connected, you'll not receive a notification from #canarytoken

https://github.com/carvilsi/canaryusb

Get a mail notification via, Canary Tokens (DNS) when a USB device is connected on a GNU/Linux computer.
Could be useful when you leave the laptop unattended or for a server on a remote location, will not prevent to being breached, but at least you'll notice; this is the principle behind @ThinkstCanary. Here we are thinking about removable media threats like #BadUSB or data theft.

#security #hardware

What are Canarytokens?

#security #network #token #canarytoken

You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.

Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.

Why should you use them

Network breaches happen. From mega-corps, to governments. From unsuspecting grandmas to well-known security pros. This is (kinda) excusable. What isn't excusable, is only finding out about it, months or years later.

Canarytokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.)

https://docs.canarytokens.org/guide/#what-are-canarytokens

@schwartz1375

#canary #canarytoken #canarytokens #thinkst #hacktheplanet

You can now setup Thinkist credit card #CanaryToken #BlueTeam over at https://canarytokens.org/

I am being told that Sentinel One makes use of canary tokens as part of their agent. Yet I cannot find any documentation related to this or how this works. Would anyone be able to provide any insight to this? I am looking to implement canary tokens and or honey pots, but I need to convince the team that this would be doing more than what our current EDR agent is doing. Any input is valuable. Thanks!
#EDR #SentinelOne #canarytoken #honeypot