Thinkst Blog

Eurotrash Security Podcast

February 27, 2011

The guys over at the Eurotrash Information Security Podcast had me on last week. We discussed HBGary, Thinkst, ZaCon and a bunch of other stuff..

It was pretty enjoyable (although i tried listening to myself and think its a lucky thing i dont do this too often). You can grab it [here]

Comments

Canarytokens' new member: AWS API key Canarytoken

September 15, 2017

This is the fourth post in a series highlighting bits from our recent BlackHat USA 2017 talk. An index of all the posts in the series is here . Introduction In this blog post, we will introduce you to the newest member of our Canarytoken’s family, the Amazon Web Services API key token. This new Canarytoken allows you to sprinkle AWS API keys around and then notifies you when they are used . (If you stick around to the end, we will also share some of the details behind how we built it). Background Amazon Web Services offers a massive range of services that are easily integratable with each other. This encourages companies to build entire products and product pipelines using the AWS suite. In order to automate and manipulate AWS services using their API, we are given access keys which can be restricted by AWS policies. Access keys are defined on a per user basis which means there are a few moving parts in order to lock down an AWS account securely. Take it for a spin - using an AWS ...

Troopers15 Keynote: The hard thing about hard things

May 31, 2015

We gave 2 talks at Troopers15 this year. Marco & Azhar talked about Sockpuppets and Censorship 2.0 . And i gave a somewhat hand-wavy talk titled: " The hard thing about the hard things " (Some pretty smart people seemed to like them, so its probably worth a quick watch)

Using the Linux Audit System to detect badness

May 25, 2018

Security vendors have a mediocre track record in keeping their own applications and infrastructure safe. As a security product company, we need to make sure that we don’t get compromised. But we also need to plan for the horrible event that a customer console is compromised, at which point the goal is to quickly detect the breach. This post talks about how we use Linux's Audit System (LAS) along with ELK (Elasticsearch, Logstash, and Kibana) to help us achieve this goal. Background Every Canary customer has multiple Canaries on their network (physical, virtual, cloud) that reports in to their console which is hosted in AWS. Consoles are single tenant, hardened instances that live in an AWS region. This architecture choice means that a single customer console being compromised, won’t translate to a compromise of other customer consoles. ( In fact, customers would not trivially even discover other customer consoles, but that's irrelevant for this post. ) Hundreds of consoles runn...

Report Abuse

Older Posts

2020 10
- October 1
- August 2
- July 2
- May 2
- April 1
- March 2

2019 11
- December 1
- October 1
- September 3
- August 2
- July 1
- June 1
- March 1
- February 1
2018 11
- December 2
- November 2
- October 1
- September 1
- July 1
- May 2
- March 1
- February 1
2017 11
- November 1
- October 1
- September 2
- August 3
- April 1
- March 1
- February 2
2016 2
- May 2
2015 8
- November 2
- October 1
- September 1
- August 1
- May 2
- January 1
2014 5
- December 1
- October 1
- September 1
- July 1
- June 1
2013 6
- October 1
- June 1
- April 1
- February 1
- January 2
2012 4
- July 1
- June 1
- April 1
- March 1
2011 17
- September 1
- August 1
- July 2
- June 4
- May 2
- April 1
- March 2
- February 1
- January 3
2010 19
- December 1
- October 3
- September 1
- August 2
- July 1
- June 2
- May 4
- April 1
- March 4

Show more Show less