Generating fake tokens to find out about security breaches
Jul 11, 2021
Alexander Junge
1 minute read

I recently came across Canarytokens, a service generating trap tokens (URLs, images, PDF, and much more) that notify the owner when used. From their documentation:

Canary tokens are a free, quick, painless way to help defenders discover they’ve been breached (by having attackers announce themselves.)

The option to generate fake AWS API Keys is very interesting. Adding those to private repositories or storing them on dev machines could give an nice early warning in detecting a breach.

comments powered by Disqus