- Educational Purpose Only -
- Have you ever heard of it?
Canary tokens are a powerful tool used by security professionals to detect & respond to cyber threats or ordinary people safeguarding their cyber environment. Perfect for OOSINT = Offensive OSINT or even Reconnaissance. These tokens act as tripwires, alerting you silently when someone triggers them. You can boost your security stance by tactfully deploying canary tokens while staying one step ahead of any potential intruders. They can also grasp data from a target, hiding perfectly as a straightforward & innocent file…..
Let’s begin with some hands-on to learn how they work. Head to — https://www.canarytokens.org/generate — You should see as below. Click on“select your token”, & you will see a few options where you can hide a token within; in this post, I will guide you through some basics, but stay tuned for more, as possibilities are multiple.
In this case, let’s scroll down to find the pdf file & click on it.
Then, add your email below & a name to remember it. When you add your data correctly, windows will highlight Greean & then it will download the file. Perfect! Your first token is live!
Ok, now remember Apps like WhatsApp & not only will inspect the link for “ you “ BUT with “ YOUR IP “ along with a few core info about you without even asking…thanks so much, developer team…( G-Mail & Facebook & others at least will use their own General IP not yours. Thus cover your privacy somehow, but you may flagged by their Cyber-Security Team…) … which, besides not being 360 degree safe is not so lovely indeed.
Considering so, opt for a safe provider & deliver the file to the victim. You can opt for Temporary email providers, MMS, or online file sharing, but remember that sometimes, many loops can influence the token & might not work as they should. Always test it before final delivery with Web Proxies — ( Stay tuned for the Proxy Post). Once we are sure the link works & we are not exposing ourselves, we can then deliver the file to the victim & wait for an alert trigger notification on our mailbox — something as below.
As you can see, you will now acquire some info about the target, from IP Address, connection used ( HTTP / HTTPS ), user Agent & more about how & with what ( Mobile, PC, Tablet ) they use to trigger the token.
Now, you have used an OOSINT = Offensive OSINT Tool to gather information about a target freely & anonymously.
It’s essential to note that while ethical hacking can be a valuable tool in protecting against cyber threats, it’s crucial to act within legal & ethical boundaries regularly. Engaging in illegal activities or using cyber attacks for malicious purposes can have serious legal, costly & moral outcomes. All individuals must prioritize ethical behaviour & only engage in legal, thus, purely justifiable activities. Moreover, no matter what, why, when, how, or whatever, “ YOU ARE THE ONLY & SOLELY RESPONSIBLE FOR YOUR ACTIONS. “ Bear this in mind.
After reminding all & recap before closing, we can add a few tips about Canary Tokens & some of their Top Pros. Canary Tokens can be used not only for information Gathering, as we saw above, but also to safeguard systems silently easily from your PC or tablet, thus, Mobile & more, which you may believe your friend, partner, or relatives might spy on, to a firm that wants to make sure to deal with responsible people.
Just in case you want to take a look at their wide services & technical documentation, just head @ >>>>> https://docs.canarytokens.org/guide/
Let’s imagine that you think someone in your household or close friend, thus, maybe your partner or parents, has your PC, Tablet or Mobile Password, thus, your Boss!
- > How can we catch them with Canary Tokens?!
We can create a file, name it something with an appealing name for the suspect/s & leave it somewhere where we think to be spied from (Please remember to “DO NOT CLICK IT YOURSELF” & remember which “VPN” you are using during testing. Indeed, remember to snooze email notifications or use another email provider…..On top of that, if you want visual proof of it, you can place it under a camera to record the facts & time) & again, wait for an inbox & you’re done! If nobody will trigger it, we were only a tiny paranoic, but if we got notified…we were right.
Another similar scenario seen on both sides is when we last worked for a company or dealt with someone who might share private information. Remember, on both sides, Canary Tokens & similar techniques can be used to test trust between parts, as, at any point in any time, anyone can leave “ private files “, making sure nobody touches them without being notified. Besides, limits are only on our inventiveness…..
Lastly, Canary Tokens are available in different formats, from PDF, word, Excel, weblinks, AWS & more, giving us a broad range of choices when needed. Please, use them wisely & not Abusivesly.
I hope you have enjoyed this post.
I want to highlight my last bit.
I am not writing cause I am receiving or engaged and thus related in any way or form with the Company. On the other hand, I believe in their potential & often use their paid & FREE service, thus believing it to be an excellent Cyber Tool that could be Offensive or Defensive with the choice at your fingertip just a few clicks away!
Stay Safe
- Always Help -
Share & Stay Tune ;)
& Thanks 4 your Time
OSINT
OOSINT
“https://www.canarytokens.org”
Head to >>>>>>>
https://start.me/p/ME7aRA/oosintTo see my work in progress ;)
Comments
Post a Comment