Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Open Canary - novahackers


Published on

Talk at NoVAHackers on Canary and OpenCanary

Published in: Technology
  • Be the first to comment

Open Canary - novahackers

  1. 1. Canary & OpenCanary
  2. 2. What’s a Canary ● “Any Interaction” Honeypot ● Mimic “interesting” OS and services ● Any interaction results in an alert
  3. 3. What’s a Canary
  4. 4. What’s a Canary
  5. 5. What’s a Canary For-Pay ones are super feature rich ● Multiple services, multiple HTTP skins ● Magically reports back to thinkst for you (over DNS I believe) ● Configure with their GUI and magically upload to the device ● Slack webhook ● Basic API to retrieve alerts ○ Ended up writing some python to pull these alerts and post into our SIEM because there was no splunk integration
  6. 6. What’s a Canary GUI Set-up
  7. 7. What’s a Canary Pricing Canary pricing allows you to start immediately, with tiny upfront costs. For under $10k, you get 5 Canaries, a dedicated console, and 5 licences for alerts, support and maintenance.
  8. 8. OpenCanary Thinkst doesn’t currently have VM/OVA but I was told it was in the works OpenCanary in the meantime ● Not nearly as feature rich ● No slick gui to config (have to use a conf file) ● No recent updates by Thinkst ● But works ok… ● And it’s free
  9. 9. OpenCanary Decided to use vagrant to spin these things up
  10. 10. OpenCanary Decided to use vagrant to spin these things up
  11. 11. OpenCanary
  12. 12. OpenCanary
  13. 13. OpenCanary
  14. 14. OpenCanary Logging
  15. 15. OpenCanary Logging
  16. 16. OpenCanary Not Vaporware!