Breadcrumbs are a powerful tool for guiding attackers towards your Canaries. They take the form of profiles or device entries across various different services that an attacker might poke at for vulnerable hosts, leading them directly towards the Canary. This article runs through the creation of breadcrumbs
Note: Breadcrumbs are volatile and take slightly more upkeep than Tokens and Canaries themselves. They are relatively short-lived, lasting only until the Canary's settings (or IP) change to invalidate them. If you make changes to a service's port number, or to the name or IP of your Canary, be sure to scatter some more breadcrumbs to make sure they stay fresh!
Note: Remember that Breadcrumbs act as "lures", attracting bad actors towards your Canaries. You'll want to place them around your environment for hackers to find. Considers locations like your own host, password managers, remote admin tools, machine backups and jump boxes as great areas you'd want to know if an attacker breached.
Available Breadcrumbs
Breadcrumbs are available for the following services:
| Service | Available Breadcrumbs |
| SSH | PuTTY profile, SSH host file entry |
| File Transfer (FTP) | Windows shortcut, FileZilla profile, WinSCP profile |
| Remote Desktop Protocol | Microsoft Remote Desktop profile |
| Webserver | Windows & MacOS web shortcuts |
| Windows File Share | Windows shortcut |
Creating Breadcrumbs
Step 1:
Log in to your Console.
Step 2:
Open your Canaries configuration card.
Step 3:
Make sure at least one breadcrumb service is enabled on your device. If there are none, you can pop into the config and enable them.
Step 4:
Click on the bread slice icon to navigate to the Canary's breadcrumbs.
Step 5:
Pick the breadcrumb of your choice from the dropdown menu.
Step 6:
Once your Breadcrumb has been generated, download it by selecting the "Download" option in the bottom right of the UI, scatter the crumb on your network by following the instructions given for each individual crumb to deploy it.
Mass Download
Rather than downloading and deploying one breadcrumb at a time for your Canary, you also have the option of downloading them all at once and mass deploying. To do so, follow the above steps until step 5, at which point you can instead press the mass download button shown below:
This will download a zip file containing all of the currently available breadcrumbs for your Canary, as well as a readme file with instructions for deploying them all.