Baited Canaries - Monitoring Attackers With Active Beacons

Explore active beacon techniques for monitoring attackers in this 25-minute conference talk from BSidesLV 2019. Delve into the concept of canaries and their application in cybersecurity, focusing on phishing sites and attack scenarios. Learn about JavaScript canaries, DNS prefetch, and their constraints. Discover additional functionalities, nonce payloads, and typical timelines for these monitoring methods. Examine G Suite permissions, Google Doc phishing, and the use of bait files. Gain insights into Drive audits, alerts, and token reports. Review key concepts and understand the best practices for implementing active beacons to enhance your organization's security posture against phishing attacks.

Introduction
The Problem
What Are Canaries
Phishing Sites
Attack Scenario 1
JavaScript Canaries
DNS Prefetch
Constraints
Additional Functionality
Nonce
Payload
Typical Time Line
The Best Way
G Suite Permissions
Google Doc Fishing
Bait Files
Drive Audit
Drive Alert
Token Report
Review
Conclusion
Special Thanks
Phishing