Introduction

What are Canarytokens

You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.

Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.

Why should you use them

Network breaches happen. From mega-corps, to governments. From unsuspecting grandmas to well known security pros. This is (kinda) excusable. What isn't excusable, is only finding out about it, months or years later.

Canarytokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.)