狠狠撸

狠狠撸Share a Scribd company logo

OpenCanary and Canary Tokens

?
?
Mats Karlsson
Mats Karlsson

OpenCanary is a daemon that runs simulated network services called canaries to trigger alerts when they are accessed. It supports various protocols including SSH, FTP, HTTP, and databases. The alerts can be sent to syslog, email, or a correlator daemon. Canary Tokens generates unique identifiers that can be embedded in files, databases, processes, and transactions to detect unauthorized access like web bugs track email opens. It allows implanting traps in production systems rather than using separate honeypots.

1 of 11
OpenCanary Mats Karlsson 2019-02-27
OpenCanary and tokensOpenCanary and tokens By Mats Karlsson 2019-02-27
OpenCanary OpenCanary is a daemon that runs canary services, which trigger alerts when used. The alerts can be sent to a variety of sources, including syslog, emails and a companion daemon opencanary- correlator.
OpenCanary supports faking ssh Secure Shell server which alerts on login attempts ftp File Transfer Protocol server which on login attempts git Git protocol which alerts on repo cloning http HTTP web server that alerts on login attempts httpproxy HTTP web proxy that alerts when there is an attempt to proxy to another page mssql MS SQL server that alerts on login attempts mysql MYSQL server that alerts on login attempts telnet Telnet server that alerts on login attempts snmp SNMP server which alerts on oid requests sip SIP server which alerts on sip requests vnc VNC server which alerts on login attempts redis Redis server which alerts on actions tftp tftp server which alerts on requests ntp NTP server which alerts on ntp requests. tcpbanner TCPbanner service which alerts on connection and subsequent data recieved events.
System design Canary Canary Canary Correlator
Easy to install https://github.com/thinkst/opencanary apt install python-dev python-pip python-virtualenv virtualenv env/ env/bin/activate pip install opencanary pip install opencanary-correlator opencanaryd –copyconfig $EDITOR ~/.opencanary.conf opencanaryd --start
topic
Canary Tokens You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests. Imagine doing that, but for file reads, database queries, process executions, patterns in log files, Bitcoin transactions or even Linkedin Profile views. Canarytokens does all this and more. Implant traps in your production systems rather than setting up separate honeypots.
Canary Tokens - generate https://canarytokens.org/generate
OpenCanary and Canary Tokens
Mats Karlsson Linux, Infrastructure and Nerd. And a passionate maker with Arduino and electronics. https://www.linkedin.com/in/matsk/ mats.o.karlsson@gmail.com

More Related Content

OpenCanary and Canary Tokens

  • 2. OpenCanary and tokensOpenCanary and tokens By Mats Karlsson 2019-02-27
  • 3. OpenCanary OpenCanary is a daemon that runs canary services, which trigger alerts when used. The alerts can be sent to a variety of sources, including syslog, emails and a companion daemon opencanary- correlator.
  • 4. OpenCanary supports faking ssh Secure Shell server which alerts on login attempts ftp File Transfer Protocol server which on login attempts git Git protocol which alerts on repo cloning http HTTP web server that alerts on login attempts httpproxy HTTP web proxy that alerts when there is an attempt to proxy to another page mssql MS SQL server that alerts on login attempts mysql MYSQL server that alerts on login attempts telnet Telnet server that alerts on login attempts snmp SNMP server which alerts on oid requests sip SIP server which alerts on sip requests vnc VNC server which alerts on login attempts redis Redis server which alerts on actions tftp tftp server which alerts on requests ntp NTP server which alerts on ntp requests. tcpbanner TCPbanner service which alerts on connection and subsequent data recieved events.
  • 6. Easy to install https://github.com/thinkst/opencanary apt install python-dev python-pip python-virtualenv virtualenv env/ env/bin/activate pip install opencanary pip install opencanary-correlator opencanaryd –copyconfig $EDITOR ~/.opencanary.conf opencanaryd --start
  • 8. Canary Tokens You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests. Imagine doing that, but for file reads, database queries, process executions, patterns in log files, Bitcoin transactions or even Linkedin Profile views. Canarytokens does all this and more. Implant traps in your production systems rather than setting up separate honeypots.
  • 9. Canary Tokens - generate https://canarytokens.org/generate
  • 11. Mats Karlsson Linux, Infrastructure and Nerd. And a passionate maker with Arduino and electronics. https://www.linkedin.com/in/matsk/ mats.o.karlsson@gmail.com