20 lines
1.6 KiB
Markdown
20 lines
1.6 KiB
Markdown
## What is Canary Tokens and How to Use It?
|
|
Canary tokens are simple, yet effective, tools used for detecting unauthorized access or activity within networks or systems. Here's an overview of Canary tokens:
|
|
|
|
### Canary Token:
|
|
- A Canary token is essentially a piece of data or a file placed within a network or system, designed to act as a tripwire or early warning system when accessed or manipulated without authorization.
|
|
- It can take various forms, such as a file, URL, DNS record, or even a specific piece of text, and is deliberately placed in locations where unauthorized access or activity is suspected.
|
|
|
|
### Operation:
|
|
- Once a Canary token is deployed, any attempt to access, open, modify, or interact with it triggers an alert or notification, indicating potential unauthorized access or activity.
|
|
- Canary tokens are often used in conjunction with monitoring systems, security tools, or threat intelligence platforms to detect and respond to potential security incidents.
|
|
|
|
## How to generate/use Canary Tokens
|
|
|
|
Canary Tokens ---> https://canarytokens.org/generate
|
|
### Types of Canary Tokens:
|
|
- **File-based Tokens**: These tokens are files, documents, or archives that, when accessed or opened, trigger an alert.
|
|
- **URL-based Tokens**: These tokens are URLs or web links that, when accessed or clicked, trigger an alert.
|
|
- **DNS-based Tokens**: These tokens are DNS records or subdomains that, when queried or resolved, trigger an alert.
|
|
- **Text-based Tokens**: These tokens are specific words, phrases, or pieces of code that, when detected or executed, trigger an alert.
|
|
- ... |