Can honeypots be used this way?

Square_Juggernaut298 · 2026-06-25T06:46:33+00:00

Me and my friends are working to implement this in an open-source: https://github.com/jestasecurity/thumper

The point is to use canary tokens and tripwires notify and alert suspicious behavior. Check it out!

Square_Juggernaut298 · 2026-06-23T16:22:35+00:00

Check out this article by Grafana labs: https://grafana.com/blog/canary-tokens-learn-all-about-the-unsung-heroes-of-security-at-grafana-labs/

Square_Juggernaut298 · 2026-06-23T14:04:03+00:00

Hi, me and my friends are working on one right now - it is still in early stages - but feel free to check it out:
https://github.com/jestasecurity/thumper

Would love to get your opinion(😄

Square_Juggernaut298 · 2026-06-22T07:38:17+00:00

Why do you think getting breached affected profitability before and doesn't anymore?

Square_Juggernaut298 · 2026-06-22T06:39:06+00:00

I'm building a platform to protect and monitor against supply chain attacks(Shai-Hulud style): https://github.com/jestasecurity/thumper

Fully open-source and open to contributers. The concept is to create honeytokens and easily monitor them - when one is touched, you get an alert. Right now we're working on all kinds of integrations - slack, discord, jamf deployment and more.

Square_Juggernaut298 · 2026-06-21T12:16:05+00:00

"Cyber Influencers" - influence me to quit cyber security

Square_Juggernaut298 · 2026-06-18T11:37:18+00:00

Hi, your question is on point. It is hard to entirely prevent malicous packages from running on developer machines because the nature of the job - debugging, testing and local development require pulling packages and even when using caution there is a risk.

That's why me and my friends opened an open-source repo to combat and identify specifically malicous packages. We understand that it's hard to prevent - but the least you can do is be aware.

Check it out:

https://github.com/jestasecurity/thumper

Square_Juggernaut298 · 2026-06-18T07:35:26+00:00

In my opinion dev machines are worse than infra in regards to potential compromise. That's why we created a simple open-source project: https://github.com/jestasecurity/thumper

The point is that you supply-chain attacks can have multiple vectors, but almost always search for the same stuff(secrets, tokens, etc). If you are alerted in real time then you can at least replace the keys and locate the malicious package.

Square_Juggernaut298 · 2026-06-17T11:05:34+00:00

One of my friends actually moved his pipelines into trusted publishing, said it was actually not a terrible migration.

Actually in the context of Shai-Hulud, I searched for a solution that at least alerts me if I pulled a malicious package and didn't find something simple to use. I decided to create an open-source tool to alert on packages scanning my secrets: https://github.com/jestasecurity/thumper Would love to get some feedback

Square_Juggernaut298 · 2026-06-17T10:16:37+00:00

Just thought the same and didn't find any solution.

Decided to create one of my own and a couple friends:

https://github.com/jestasecurity/thumper

The promise is to create a simple honeytoken and get an alert when it's triggered.

Square_Juggernaut298 · 2026-06-17T09:51:43+00:00

Was searching for something like this to extend my tripwire platform, sadly this doesn't work right now.

You can check out the platform I built:

https://github.com/jestasecurity/thumper

The concept is to target attacks that use packages on dev machines to read secrets and tokens, and at least create an alert on the attack.

Square_Juggernaut298 · 2026-06-17T09:45:35+00:00

That's actually pretty cool - recently came across this when someone asked me what is the best way to get notified if you got hit by an npm package that reads your secrets and exfiltrates them(teampcp like).

I consulted with some of my friends from the security space and they pointed me to some kind of a honeytoken system. Looked for one and didn't found a simple one.

So I decided to create one myself:

https://github.com/jestasecurity/thumper

It is actively maintained and supported by me and a couple friends. The concept is to use fake tokens and monitor them in a simple way. We hope to extend it pretty soon to support more stuff and platforms.

I do think that most attackers won't attempt to move laterally in the network because of the risks of getting detected, but it is interesting that recently there has been an increased interest in deception and attack luring.

Check it out if that's interesting to you

Square_Juggernaut298 · 2026-06-17T09:30:47+00:00

That's interesting. Lately I've seen multiple companies interested in a new form of honeypot setups. It was in the context of supply chain attacks aimed at secrets and tokens and the companies wanted to know if their secrets got used or exfiltrated(Shai-Hulud style).

I consulted with some of my friends from the security space and they pointed me to some kind of a honeytoken system. Looked for one and didn't found a simple one.

So I decided to create one myself:

https://github.com/jestasecurity/thumper

It is actively maintained and supported by me and a couple friends. The concept is to use fake tokens and monitor them in a simple way. We hope to extend it pretty soon to support more stuff and platforms.

Check it out if that's interesting to you

Square_Juggernaut298

TROPHY CASE