CrowdStrike API Key Canarytoken
It’s no secret that adversaries love (ab)using security tooling . So..
Rad just shipped our latest Canarytoken to exploit this: a CrowdStrike API Key Canarytoken!
Attackers who find it, have to use it - and when they do, they expose themselves.
blog.thinkst.com/2026/02/intr...
The best thing about Canaries & Canarytokens, is when they surprise you:
"printed some and put them round the office"
"but then they were put into the bin, and at 21:43 someone scanned them… looks like this place has dumpster divers"
"never thought that was still a thing"
You can grab the latest copy of our quarterly security research roundup at thinkst.com/ts ¹
For this issue, we selected work from over 1,370 talks & 1,200 blog posts.
Available as PDF, ePUB (or audio highlights)
__
¹ As always, completely free
We've always been all about the love..
From all of us, to all of you
💚💚💚
This week's show is up on YouTube (presented by Thinkst Canary @thinkstcanary.canary.tools)
WATCH www.youtube.com/watch?v=fvKM...
thank you, @thinkstcanary.canary.tools 🥹
these guys. always full of adorable surprises. love @thinkstcanary.canary.tools 💚
cc @haroonmeer.canary.love
The org. running the SA Computer Olympiad ran out of money & shut it down..
So we bought it from them¹
The Olympiads will run as normal in 2026 (and hopefully we will make 'em run even better going forward).
2026 Registration is Open (www.olympiad.org.za)
__
¹ www.itweb.co.za/article/comp...
Prevention alone isn't enough. In real networks, credentials leak, assets sprawl, and blind spots exist. Canaries provide high-confidence early detection of internal movement.
I wrote some stuff here: clarkee.co.uk/assume-breac...
@thinkstcanary.canary.tools
You can grab our Q3-2025 issue of ThinkstScapes at thinkst.com/ts
For this issue, we tracked over 1,500 talks/papers, and almost 1,300 security blog posts.
As always, available in PDF, ePub or a brief audio summary. (As always: completely free).
You can catch our @haroonmeer.canary.love on this weeks episode of Risky Business complaining about security vendors approach to security.
It's worth a listen.
risky.biz/RB814/
We try! 💪💚
iFixit Mako Kit
Every year, we try to give our customers a small gift from Thinkst Canary.
Previously we did the Canary Swiss Army Knives¹.
This year, it's the awesome Mako kit from iFixit
All told, we've shipped just under a ton of them 🤯
__
¹ x.com/ThinkstCanar...
This quarter we announced two new platforms for Canary: Oracle Cloud Infra. (OCI) & Nutanix.
Our v1 was a hardware device, but today, Canary also runs on
- GCP,
- AWS,
- VMware,
- Azure,
- Docker,
- Tailscale,
- OCI,
- Nutanix.
Still dead simple. Still "just works!"
US-EAST-1 (AWS) is currently "degraded".
This affects the following Canary services directly:
- Creating AWS Canarytokens (both free and commercial) ;
- Launching new Tailscale Canaries.
Sorry!
We will send a message when service returns to normal.
Thank you. We try 💪💚
Leighton & Sharukh just snuck a quick update into canarytokens.org to allow you to easily manage all the tokens you've previously created.
Still just $0.00
Still one of the best things you can do to detect attackers before they dig in...
Thanks @thinkstcanary.canary.tools for making this awesome platform! 🙌
If you still haven't read my blog post, here it is: grafana.com/blog/2025/08...
It's live now (and free). Check out our blog for more, including how to deploy your first AWS infrastructure Canarytoken.
__
¹ blog.thinkst.com/2025/09/intr...
(3 of 3)
This makes it even easier to deploy juicy S3 buckets, DynamoDB tables, SSM parameters, SecretsManager secrets, and SQS queues, that attackers will want to browse.
We help you design and build a Terraform module that’s unique to your environment, then you deploy when ready.
(2 of 3)
Today we released our new (free) AWS Infrastructure Canarytoken on canarytokens.org.
It catches attackers in your AWS account by putting tempting assets in their way and alerting you if they get probed.
(1 of 3)
Introducing keynote spreaker: Marco Slaviero! 🚀
A #PyConZA veteran and the ingenious CTO of ThinkstCanary, Marco is redefining the security landscape. Don't miss out on his insights!
Grab your ticket today: za.pycon.org/tickets
@marcoslaviero.bsky.social
@thinkstcanary.canary.tools
Spotted at the U.S Open 🎾💪💚
Today has been Drone-flying (indoor, outdoor, fpv) and Drone-hacking..
10/10 - Will recommend..
Most of the company is in CapeTown this week for our annual ThinkstCon.
This means lots of green stuff, and lots of padel.
💪💚
It's our birthday, so we created a tiny skunk(worksy) game for you to play..
Complete all 7 continents, and we will send you a limited-edition, 10-year t-shirt.
Have fun!! (but watch out for the Canaries)
canary.tools/10-year
In April this year, @grafana.bsky.social had a security incident due to an insecure GitHub Action. The attackers even tried covering their tracks.
How were they discovered? Canarytokens..
Check out their post¹ on how they use our tokens at scale..
__
¹ grafana.com/blog/2025/08...
How do you know you're compromised?
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
"We had good success with your canaries at ..."
"I would like to intro my (new) team at ...."
10 years in && we still do 0 outbound sales.
We've had the best customers since day-1!
💪💚
A friendly reminder from your Canary Console that if you are in the Northern Hemisphere, you can probably check out the Perseid meteor shower this week..
💪💚💫
