wrongsecrets
canarytokens
wrongsecrets | canarytokens | |
---|---|---|
9 | 27 | |
422 | 1,664 | |
- | 1.2% | |
9.7 | 8.5 | |
over 1 year ago | about 4 hours ago | |
Java | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wrongsecrets
- Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
- Learning secrets management in the modern world using OWASP WrongSecrets Project
-
OWASP WrongSecrets Demo - How NOT to store secrets with the project founder Jeroen Willemsen
TL:DR OWASP WrongSecrets is a great project that gamified app that teaches how not to store secrets. The project was created from real examples that Jeroen and others came across in their work as security engineers (Or mistakes they have made) The App uses a number of different technologies such as docker to show common ways secrets are leaked. The challenges get more difficult as you go and give hints and have comments why this is a bad practice. https://github.com/commjoen/wrongsecrets
-
Secure Deployment: 10 Pointers on Secrets Management
OWASP SAMM on secret management Secure deployment Exercises/examples on how(not) to use secrets Canarytokens Have I been pwned? Gitleaks, Trufflehog
- OWASP WrongSecrets: Examples with how to not use secrets
-
What are some free resources for learning hacking?
Maybe to add: Webgoat https://github.com/WebGoat/WebGoat Juice shop https://github.com/juice-shop/juice-shop Wrongsecrets https://github.com/commjoen/wrongsecrets
-
Want to try some secrets hunting?
Hi! Some friends and I are making a p0wnable app around secrets management! Do you want to give a very early version a shot? Check it out over here. And let us know what you think!
canarytokens
- 1Password detects "suspicious activity" in its internal Okta account
-
#Anonymous - AK - RABBIT MEET HOLE - #TheDEWFiles 3,000+ Docs On Tons Patents Various Tech, Studies, Research by TONs of Scientists on DEWs & Alternative Energy (Includes Aerospace Companies.)
Get a free OS in a VMand open any files in there. You should not trust a random batch of potentially backdoored or canarytoken'ed files
- What screams "I'm insecure"?
-
In your experience, what were some unconventional signs that there's a malware inside your network?
Throw some honeytokens/canarytokens on key systems. Thinkst has a free option where you can drop Word docs, PDF, AWS keys, etc. that will send you an email or webhook if they're ever used. https://canarytokens.org
-
IF you did door knocking, what would you leave behind?
QR code with some pdfs from inside a canarytokens.org folder.
- Increase in LockBit Ransomware
-
Worried someone has (or may gain) access to your UoG account? Try Canarytokens
You can generate Canarytokens for free on their website: https://www.canarytokens.org/generate. They're open-source, so if you're technically-inclined, you can run the software yourself: https://github.com/thinkst/canarytokens. All the documentation is here: https://docs.canarytokens.org/guide/.
- 1 minute Canaries
-
Please help me with internet stalker
I do not think a trap or "phishing link" is a good idea if she are getting serious threats! But it is not too hard, you can generate a few with here and if somebody opens the link you will get an email containing the time and IP address of who opened it: https://canarytokens.org (note that, you can not really do much with these information on your own).
-
Someone sending offensive material to people in our google domain
Good tip, OP could use this for quick setup. https://canarytokens.org
What are some alternatives?
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
tailscale - The easiest, most secure way to use WireGuard and 2FA.
trufflehog - Find and verify secrets
postman-app-support - Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
WebGoat - WebGoat is a deliberately insecure application
cli - Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
kubernetes-client - Java client for Kubernetes & OpenShift
cli - GitHub’s official command line tool
Keywhiz - A system for distributing and managing secrets
anvil-runtime - The runtime engine for hosting Anvil web apps
gitleaks - Protect and discover secrets using Gitleaks 🔑
hackclub - 🌎 Hack Club is a worldwide community of high school hackers. We make things. We help one another. We have fun.