{"id":212,"date":"2023-01-16T04:01:30","date_gmt":"2023-01-16T04:01:30","guid":{"rendered":"https:\/\/vasanthselvaraj.com\/?p=212"},"modified":"2023-01-27T05:24:16","modified_gmt":"2023-01-27T05:24:16","slug":"aws-canary-tokens","status":"publish","type":"post","link":"https:\/\/vasanthselvaraj.com\/?p=212","title":{"rendered":"Canary tokens on AWS"},"content":{"rendered":"\n

What are Canary tokens?<\/h2>\n\n\n\n

Canary tokens is simple way to detect attacker in your environment. Canary tokens provides visibility and able to identify how far the attacker penetrated the network. And also, sometimes it can be used to test your defence system. In the blog post, I am going to show how easy to deploy the AWS canary tokens. <\/p>\n\n\n\n

I always compare Canary tokens with rat traps<\/code> just keep it everywhere so you know where bad actors likes to show up in your network.<\/p>\n\n\n\n

Setup<\/h2>\n\n\n\n

Based on this blog post<\/a>, I have created canary token and place in it my aws config file location and its the same place where valid AWS API keys is usually kept.<\/p>\n\n\n\n

Navigate to http:\/\/canarytokens.org\/generate# and chose AWS Keys<\/code> from the drop down and provide email address or webhook URL with meaningful description. Thats it ! I have got a token to catch the bad actor.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Next step is to download the AWS credentials file into ~\/.aws directory<\/p>\n\n\n\n

\n

I have noticed downloaded credentials from site is having wrong key name so change the value from aws_access_key<\/code> to aws_access_key_id<\/code><\/p>\n<\/blockquote>\n\n\n\n

\u276f ls ~\/.aws\/credentials\ncredentials\n\u276f cat credentials\n[default]\naws_access_key_id<\/strong>=AKIAHELLOIAMHERE\naws_secret_access_key=9ceverythingintheworld\nregion=us-east-2\noutput=json%<\/code><\/pre>\n\n\n\n
once its ready then test by executing normal aws cli commands and if its working you will get an mail from nominated email address. Some sample aws commands below to demonstrate the test<\/p>\n\n\n\n
\u276f aws s3 ls<\/em><\/p>\n\n\n\n
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied<\/p>\n\n\n\n
aws sts get-caller-identity\n\n{\n\"UserId\": \"AIDASP2TPHJSUHE7LPWIT\",\n\"Account\": \"171436882533\",\n\"Arn\": \"arn:aws:iam::171436882533:user\/canarytokens.com<\/strong>@@26f0775shs8r5cd1v2sxeeoj4\"\n}<\/code><\/pre>\n\n\n\n
As you can see tokens doesn’t give any access but however aws sts get-caller-identity<\/code> provides clue what this token about and where it came from.<\/p>\n\n\n\n
I got a mail in my inbox and its alert from Canarytoken triggered and all the setup took me less than 5 mins to create and deploy this canary tokens.Sweet!<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
Security shouldn’t be hard and it can be simple like using canary tokens to detect the bad actors in your network. Canary tokens are free to use with following benefits<\/p>\n\n\n\n
    \n
  • Detect bad actors in your network<\/li>\n\n\n\n
  • Test your defence system by identifying how far attackers breached your network<\/li>\n\n\n\n
  • Test your operating effectiveness of security tools<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
    What are Canary tokens? Canary tokens is simple way to detect attacker in your environment. Canary tokens provides visibility and able to identify how far the attacker penetrated the network. And also, sometimes it can be used to test your defence system. In the blog post, I am going to show how easy to deploy…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0},"categories":[1],"tags":[],"yoast_head":"\nCanary tokens on AWS - Vasanth Selvaraj<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/vasanthselvaraj.com\/?p=212\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Canary tokens on AWS - Vasanth Selvaraj\" \/>\n<meta property=\"og:description\" content=\"What are Canary tokens? Canary tokens is simple way to detect attacker in your environment. Canary tokens provides visibility and able to identify how far the attacker penetrated the network. And also, sometimes it can be used to test your defence system. In the blog post, I am going to show how easy to deploy...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/vasanthselvaraj.com\/?p=212\" \/>\n<meta property=\"og:site_name\" content=\"Vasanth Selvaraj\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-16T04:01:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-27T05:24:16+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/vasanthselvaraj.com\/wp-content\/uploads\/2023\/01\/image-2-1024x567.png\" \/>\n<meta name=\"author\" content=\"VS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"VS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vasanthselvaraj.com\/?p=212\",\"url\":\"https:\/\/vasanthselvaraj.com\/?p=212\",\"name\":\"Canary tokens on AWS - Vasanth Selvaraj\",\"isPartOf\":{\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#website\"},\"datePublished\":\"2023-01-16T04:01:30+00:00\",\"dateModified\":\"2023-01-27T05:24:16+00:00\",\"author\":{\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/4f1389c368b6d56abbf122ef1ffddb0d\"},\"breadcrumb\":{\"@id\":\"https:\/\/vasanthselvaraj.com\/?p=212#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vasanthselvaraj.com\/?p=212\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vasanthselvaraj.com\/?p=212#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/box2411.temp.domains\/~vasselva\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Canary tokens on AWS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#website\",\"url\":\"https:\/\/box2411.temp.domains\/~vasselva\/\",\"name\":\"Vasanth Selvaraj\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/box2411.temp.domains\/~vasselva\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/4f1389c368b6d56abbf122ef1ffddb0d\",\"name\":\"VS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f363d6f3a44a96f83133417d14b78c63?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f363d6f3a44a96f83133417d14b78c63?s=96&d=mm&r=g\",\"caption\":\"VS\"},\"url\":\"https:\/\/vasanthselvaraj.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Canary tokens on AWS - Vasanth Selvaraj","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/vasanthselvaraj.com\/?p=212","og_locale":"en_US","og_type":"article","og_title":"Canary tokens on AWS - Vasanth Selvaraj","og_description":"What are Canary tokens? Canary tokens is simple way to detect attacker in your environment. Canary tokens provides visibility and able to identify how far the attacker penetrated the network. And also, sometimes it can be used to test your defence system. In the blog post, I am going to show how easy to deploy...","og_url":"https:\/\/vasanthselvaraj.com\/?p=212","og_site_name":"Vasanth Selvaraj","article_published_time":"2023-01-16T04:01:30+00:00","article_modified_time":"2023-01-27T05:24:16+00:00","og_image":[{"url":"http:\/\/vasanthselvaraj.com\/wp-content\/uploads\/2023\/01\/image-2-1024x567.png"}],"author":"VS","twitter_card":"summary_large_image","twitter_misc":{"Written by":"VS","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/vasanthselvaraj.com\/?p=212","url":"https:\/\/vasanthselvaraj.com\/?p=212","name":"Canary tokens on AWS - Vasanth Selvaraj","isPartOf":{"@id":"https:\/\/box2411.temp.domains\/~vasselva\/#website"},"datePublished":"2023-01-16T04:01:30+00:00","dateModified":"2023-01-27T05:24:16+00:00","author":{"@id":"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/4f1389c368b6d56abbf122ef1ffddb0d"},"breadcrumb":{"@id":"https:\/\/vasanthselvaraj.com\/?p=212#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vasanthselvaraj.com\/?p=212"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/vasanthselvaraj.com\/?p=212#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/box2411.temp.domains\/~vasselva"},{"@type":"ListItem","position":2,"name":"Canary tokens on AWS"}]},{"@type":"WebSite","@id":"https:\/\/box2411.temp.domains\/~vasselva\/#website","url":"https:\/\/box2411.temp.domains\/~vasselva\/","name":"Vasanth Selvaraj","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/box2411.temp.domains\/~vasselva\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/4f1389c368b6d56abbf122ef1ffddb0d","name":"VS","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f363d6f3a44a96f83133417d14b78c63?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f363d6f3a44a96f83133417d14b78c63?s=96&d=mm&r=g","caption":"VS"},"url":"https:\/\/vasanthselvaraj.com\/?author=1"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts\/212"}],"collection":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=212"}],"version-history":[{"count":4,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts\/212\/revisions"}],"predecessor-version":[{"id":228,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts\/212\/revisions\/228"}],"wp:attachment":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}