Skip to main content

Search

How to set up the WireGuard VPN Canarytoken

 

Description: This token creates fake WireGuard VPN configurations to install on your phone or on servers that will alert when used. The value of this Canarytoken as a signal of compromise, is that the attacker —once they land on your device— will want to check what further privileged access the VPN gets them to spread their compromise further and grab more data. For more on the thinking behind this WireGuard Canarytoken see this blog post.

Step 1:

Log in to your Console.

Console Login.png

Step 2:

Select the Canarytokens tile. 

tile.png

Step 3:

Select the WireGuard VPN Canarytoken from the list.

CleanShot 2024-07-23 at 09.31.24@2x.png

Step 4:

Note: Over time, you will deploy thousands of tokens all over the place. Make sure that your Reminder is as descriptive as possible, and will remind you in the future of where the token was dropped. It may create confusion if a token generated an alert that reads “test" - and not remembering where you placed it.

Give a friendly name to remind you where this WireGuard VPN is configured and click on Create token.

CleanShot 2024-07-23 at 09.31.34@2x.png

Step 5:

The Canarytoken will then give you two options to deploy the WireGuard VPN Canarytoken.

CleanShot 2024-07-23 at 09.31.53@2x.png

 

Deploy using the QR code.

Step 1:

On your phone, open the WireGuard app and click Add a tunnel and then click Create from QR code.

CleanShot 2024-07-23 at 09.32.11@2x.png

Step 2:

Scan the QR code under the WireGuard VPN Canarytoken

CleanShot 2024-07-23 at 09.32.35@2x.png

Step 3:

Give the tunnel a name and click Save.

Note: we named our tunnel Head Office VPN


CleanShot 2024-07-23 at 09.32.59@2x.png

Step 4:

Your WireGuard VPN Canarytoken is now active and waiting for someone to trip on it!

CleanShot 2024-07-23 at 09.33.11@2x.png

 

That's it, you're done :-)

 

How does this Canarytoken alert?     

When the connection is activated, you'll be alerted!

CleanShot 2024-07-23 at 09.33.31@2x.png

Sample Alert:

CleanShot 2024-07-23 at 09.33.40@2x.png

Deploy using the config file. 

Alternatively, if the device you want to add the Canarytoken to doesn't support scanning of QR codes, you can simply download the Canarytoken configuration as a file, and import it into WireGuard:

Step 1:

Download the WireGuard VPN Config File.

CleanShot 2024-07-23 at 09.42.52@2x.png

Step 2:

On the device you want to install the Token on, open the WireGuard application and click Import tunnel(s) from file.

CleanShot 2024-07-23 at 09.43.18@2x.png

Step 3:

Select the Token file, and click Allow when prompted.

CleanShot 2024-07-23 at 09.43.33@2x.png

Step 4:

Your WireGuard VPN Canarytoken is now active and waiting for someone to trip on it!

CleanShot 2024-07-23 at 09.43.43@2x.png

How does this Canarytoken alert?

When the connection is activated, you'll be alerted!

CleanShot 2024-07-23 at 09.43.55@2x.png

Sample Alert:

CleanShot 2024-07-23 at 09.44.04@2x.png

 

That's it, you're done :-)

Was this article helpful?
6 out of 6 found this helpful
Return to top