creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 06:54:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/implementing-deception-based-detection-with-canarytoken/SKILL.md
T
mukul975 915ea611e5 Add 10 new cybersecurity skills with full folder anatomy 
Skills added:
- implementing-privileged-access-workstation (IAM, PAW hardening)
- detecting-suspicious-oauth-application-consent (cloud security, Graph API)
- performing-hardware-security-module-integration (cryptography, PKCS#11)
- analyzing-android-malware-with-apktool (malware analysis, androguard)
- hunting-for-unusual-service-installations (threat hunting, T1543.003)
- detecting-shadow-it-cloud-usage (cloud security, proxy/DNS log analysis)
- performing-active-directory-forest-trust-attack (red team, impacket)
- implementing-deception-based-detection-with-canarytoken (deception, Canary API)
- analyzing-office365-audit-logs-for-compromise (cloud security, BEC detection)
- hunting-for-startup-folder-persistence (threat hunting, T1547.001)

Each skill includes SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:47:03 +01:00

1.7 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license
name description domain subdomain tags version author license
implementing-deception-based-detection-with-canarytoken Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug tokens, DNS tokens, document tokens, and AWS key tokens. cybersecurity deception-technology
canarytoken
deception
honeytokens
breach-detection
Thinkst-Canary
tripwire
early-warning
1.0 mahipal Apache-2.0

Implementing Deception-Based Detection with Canarytoken

Overview

Canary Tokens are lightweight tripwire mechanisms that alert when an attacker accesses a resource. This skill uses the Thinkst Canary REST API to programmatically create tokens (web bugs, DNS tokens, MS Word documents, AWS API keys), deploy them to strategic locations, monitor for triggered alerts, and generate deception coverage reports.

Prerequisites

  • Thinkst Canary Console or canarytokens.org account
  • API auth token from Canary Console
  • Python 3.9+ with requests
  • File system access for deploying document and file tokens

Steps

  1. Authenticate to the Canary Console API using auth_token
  2. Create web bug (HTTP) tokens for embedding in documents and web pages
  3. Create DNS tokens for monitoring DNS resolution attempts
  4. Create MS Word document tokens for file share deployment
  5. List all active tokens and their trigger history
  6. Query recent alerts for triggered token events
  7. Generate deception coverage report with deployment recommendations

Expected Output

  • JSON report listing all deployed Canary Tokens, trigger history, alert details, and coverage analysis
  • Deployment map showing token types across network segments
Reference in New Issue View Git Blame Copy Permalink