INFOSEC Secrets: Detect Intruders with Canary Paths & Tokens! #shorts

And as far as detections go, canary paths, canary tokens, those are actually fairly easy because you don't have to put anything in them. If you're conducting all your audit logs, uh we have detection rules in our in our stack where we say if anybody accesses this this path, fire an alert because nobody should be accessing it's infosec's secrets, you know, and then somebody goes and snoops around to see what's in there, boom, fire an alert. And then maybe you put a token in there that's uh an AWS token that has no privileges, but it can, you know, do a get identity or get caller ID. It can do a who is. Then if somebody uses that token, now

you fire out a critical alert. So, things like that are great for detecting like vault secrets and people trying to dig around inside your secret environment.