1. 5
  1.  

  2. 1

    Ok. I like it! But I am not sure where to use it…

    1. 1

      This looks cool, but what exactly is it? Is it more like tracking cookies or thousand eyes/smoke ping?

      1. 1

        How tokens works (in 3 short steps):

        Visit the site and get a free token (which could look like an URL or a hostname, depending on your selection.) If an attacker ever uses the token somehow, we will give you an out of band (email or sms) notification that it’s been visited. As an added bonus, we give you a bunch of hints and tools that increase the likelihood of an attacker tripping on a canary token.

        So, you generate a token, like a URL, and store that in your password manager, or a domain and have it look it up whenever a certain query is run on your DB, or you put some in your AWS credentials and then when that’s hit, you know you’re p0wned.

      2. 1

        The offensive tools used during a cyber operation might likewise have embedded “canary tokens”. So when responding to an incident, avoid triggering such tokens as you analyze malware or infrastructure.

        For example: typically don’t visit embedded URLs as an operator watching their web logs may decide to pack up shop and vanish.