Kushtaka

"Defense Through Deception"


Kushtaka is an open source sustainable canary warning system
that helps you detect cyber attackers before they become entrenched





The value of canaries


Remember the game Minesweeper? Where your goal was to find a hidden flag by clicking on tiles?


What would happen if you went too fast? Correct! You'd likely lose the game by detonating a mine!


Now imagine that your hybrid network, both on premise and in the cloud, was like a game of Minesweeper for cyber attackers. Attackers would probe your infrastructure for vulnerabilities and misconfigurations trying to find the flag.

What if the attackers could click on any tile with no negative consquence?

What would be the result if you placed no mines?

Exactly! The attackers would find the flag and win. There would be nothing to slow them down. No mines to blow them up. No canaries to detect their presence.


So if canaries on your network are similar to mines on a Minesweeper gameboard, helping to slow down and detect attackers, why isn't everyone deploying them?

Simple! Blame complexity!


Canaries


Complexity

If you have been a SysAdmin, DBA, or work in DevOps, you'll understand the pain of being tasked with spinning up and maintaining yet another service. And this is often the case with canaries. Where someone inside the organization realizes the value of canaries and how they can shape shift and appear to be legitamate services, with the goal of alerting your team to cyber attacks.

Effort is then expended by the motivated admin to implement a solution. They run pages of commands to install and configure unique canaries. Proxying services and setting static email addresses or variables to detect bad actors. But then the only person who understands how it all works is a singleton. And when that person gets busy or gets a new job leaving the organization, what then?

As we have all seen, a project like that gets left behind as the organzation moves forward.


Sustainability

Kushtaka aims to simplify this process with the goal of sustainable canary implementations. It does this by using Go's single binary paradigm and baking into the application all that is required to spin up a dashboard that acts as an aggregator and configuration orchestrator. The same executable can then be copied easily (curl, wget, rysnc, scp, sftp, etc) and used as a sensor to start implementing canaries.

The shapshifting sensors can be deployed on Linux and Windows hosts and as of now, simulate services like Telnet, SSH, HTTP, FTP, and a few others.

The goal isn't to create sensors with byte for byte emulation of services. As the reality is that a simple best effort is good enough for most threat models and teams.

And Kushtaka is built around both teams and simplicity with the understanding that people come and go and that single points of failure result in wasted effort and sidelined intitiatives. So Kushtaka does the heavy lifting which allows teams to implement and reap the benefits of canaries while strengthening their organization's long term security position by making the stack maintainable by many.




Made by



Jared Folkins