Have you been pwned?
Well, how would you know that? we don’t even know if we are already hacked!
Some people know years later that they have been hacked. But that’s a long time to know that. It doesn’t worth it even if you could stop the attack after that long time.
What can we do to get to know in real-time about the hack going on?
Honeypot takes place here in this business. You can set up a honeypot on your system or your network. Many people manage a large network of computers and they really need a very good defense system. A honeypot is always a good solution for that.
Canarytokens is made for both business platforms and individuals. You can set different alerts for different unauthorized tasks running or trying to run on your system. Whenever an intruder tries to run the task you’ve set up a honeypot for, you will be notified by an alert sent to your inbox or phone number whatever you’ve configured on canary tokens to send notifications.
You can visit How to set up a honeypot in Kali Linux to know more about configuring honeypot on Kali Linux systems.
Let’s see some of the features Canarytokens provide.
1.Receive an alert when a Windows Folder is browsed
You can use some features on the Linux system too. Simply select the features you want to use from the drop-down menu, enter the E-mail you want to get notified, write a custom note which will be sent to you as a notification. Now click on ‘Create my canary token’, download the canary token to your system.
For example, we chose the ‘Windows folder’. This means whenever someone will browse that folder, an alert will be sent to our E-mail. The folder is downloaded in the Zip format, extracted it and the name was really weird. Renamed it to a catchy one like ‘My G-mail passwords’.
Attackers always look for those types of things. Try to give a catchy name to your canary token. Here you can see how Canary token notification appears in the E-mail inbox.
2. Receiving an alert when a URL is visited
This feature gives you a URL when someone visits the URL, a notification will be triggered to your E-mail. To give a more genuine look to the URL, you can use URL shortener services like Bitly
Bitly will shorten your link with a genuine look. Whenever someone accesses the URL, you will be notified.
Detect if a file is infected with Canary token
The features canary token provides can be used by attackers against you. The most suitable and genuine looking one is a PDF file. Hackers use the PDF format a lot to compromise systems. Because it doesn’t look suspicious.
Here we are explaining what if a PDF is infected with canary token and you don’t know? how would you analyze it?
You can use a python tool called ‘PeePDF’ which can help you to analyze PDF documents. Download the tool from Github. Set up a Kali Linux machine, open up the terminal and run the peepdf.py script. Type the command-
./peepdf.py -i pdf file location
Here, at the bottom line, it detected a suspicious element /AA, at the object 13. We need to investigate the object 13.
At this point we got ‘/AA << /0 16 0 R >>‘. Now we have to look at the object 16 to find out what’s going on. The action type of the object is /URI. That means it contains a URL that refers to the Canary tokens platform.
That’s how we can investigate a PDF file to know about suspicious elements embedded with the file.
There are so many features canary token provides, you can use any of them, who satisfy your requirement. We did not explain all of them and don’t think it’s necessary to explain all of them. the advantage of using the canary token is, you don’t have to set up separate honeypots for different tasks.
What’s your opinion? let us know in the comment box below.