Updated doc canarytoken revamp (#53)

* Update wording and screenshots

* update wording

* update screenshot for DNS token

* remove nvmrc

* Fix typos and wording

* fix typo

* replace Canarytoken's

Author: vittoriaThinkst

.gitignore

@@ -1,3 +1,4 @@
 .DS_Store
 node_modules
 docs/.vuepress/dist/
+.nvmrc

docs/.vuepress/images/canarytokens_generate_page.png

@@ -6,12 +6,12 @@ prev: false
 
 ## What are Canarytokens
 
-You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
+Canarytokens are like motion sensors for your networks, computers and clouds. You can put them in folders, on network devices and on your phones.
 
-Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
+Place them where nobody should be poking around and get a clear alarm if they are accessed. They are designed to look juicy to attackers to increase the likelihood that they are opened (and they are completely free).
 
 ## Why should you use them
 
-Network breaches happen. From mega-corps, to governments. From unsuspecting grandmas to well-known security pros. This is (kinda) excusable. What isn't excusable, is only finding out about it, months or years later.
+Our Canarytokens are easy to sprinkle all over and forget about, until you get the notification that matters. They are super lightweight and don’t require installing software or running more background processes that can slow down your PC.
 
-Canarytokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.)
+Canarytokens are a distilled version of our much-loved [Canary product](https://canary.tools/). They are dead simple, and they work.

docs/.vuepress/images/cloned_web_token_created.png

@@ -1,7 +1,7 @@
-# Adobe PDF Token
+# Adobe PDF Canarytoken
 
-## What is an Adobe PDF token
+## What is an Adobe PDF Canarytoken
 
-This Canarytoken is a PDF document that will notify you when it has been opened (by reasonably compliant PDF readers). The token works by forcing the PDF reader to do a DNS lookup on a unique address (so we can safely tie the resolution to the opening of the Document).
+This Canarytoken is a PDF document that will notify you when it has been opened (by reasonably compliant PDF readers). The Canarytoken works by forcing the PDF reader to do a DNS lookup on a unique address (so we can safely tie the resolution to the opening of the Document).
 
->**Note**: DNS tokens are great to get a beacon out from a heavily filtered network, but lack the granularity of some other tokens. In this case, the best you can hope for is to be aware that the document was opened, and have a rough idea of the source.
+>**Note**: DNS Canarytokens are great to get a beacon out from a heavily filtered network, but lack the granularity of some other Canarytokens. In this case, the best you can hope for is to be aware that the document was opened, and have a rough idea of the source.

docs/.vuepress/images/cloned_web_token_creating.png

@@ -1,14 +1,14 @@
-# AWS API Keys Token
+# AWS API Keys Canarytoken
 
-## What is an AWS API Keys Token
+## What is an AWS API Keys Canarytoken
 
-This token provides you with a set of AWS API keys. Leave them in private code repositories, leave them on a developers machine. An attacker who stumbles on them will believe they are the keys to your cloud infrastructure. If they are used via the AWS API at any point, you will be alerted.
+This Canarytoken provides you with a set of AWS API keys. Leave them in private code repositories, leave them on a developers machine. An attacker who stumbles on them will believe they are the keys to your cloud infrastructure. If they are used via the AWS API at any point, you will be alerted.
 
-## Creating the token
+## Creating the Canarytoken
 
-Create a token by choosing "AWS API Key" from the drop down list.
+Create a Canarytoken by choosing "AWS Keys" from the Canarytokens list.
 
-Leave a reasonable comment to remind yourself where you will deploy the token.
+Leave a reasonable comment to remind yourself where you will deploy the Canarytoken.
 
 The AWS credentials that are displayed can be copied into a file named credentials or keys (as per AWS custom). The two provided keys must be kept together for an attacker to use the AWS API.
 

docs/.vuepress/images/dns_token_created.png

@@ -1,14 +1,14 @@
-# Cloned Website Token
+# Cloned Website Canarytoken
 
-## What is a Cloned Website Token
+## What is a Cloned Website Canarytoken
 
 This Canarytoken is placed within the JavaScript of your websites and notifies you if someone clones your site and hosts it on another domain. (This is often used for targeted Phishing attacks.)
 
-## Creating a Cloned Website token
+## Creating a Cloned Website Canarytoken
 
-Create a token by choosing "Cloned Website" from the drop down list.
+Create a Canarytoken by choosing "JS Cloned Website" from the Canarytokens list.
 
-Leave a reasonable comment to remind yourself where you will deploy the token. Then, supply the domain that you want to protect (this is the domain where the site is deployed that you will insert your tokenized javascript into).
+Leave a reasonable comment to remind yourself where you will deploy the Canarytoken. Then, supply the domain that you want to protect (this is the domain where the site is deployed that you will insert your tokenized javascript into).
 
 You'll get javascript similar to:
 

docs/.vuepress/images/dns_token_creating.png

@@ -1,14 +1,14 @@
-# CSS Cloned Website Token
+# CSS Cloned Website Canarytoken
 
-## What is a CSS Cloned Website Token
+## What is a CSS Cloned Website Canarytoken
 
 This Canarytoken is placed within either the CSS of your site, or inside a 3rd party site, where you may not be able to add JavaScript and notifies you if someone clones your site and hosts it on another domain. This can alert on targeted or Adversary-in-the-Middle (AitM) phishing attacks.
 
-## Creating a CSS Cloned Website Token
+## Creating a CSS Cloned Website Canarytoken
 
-Create a token by choosing "CSS Cloned Website" from the dropdown list.
+Create a Canarytoken by choosing "CSS Cloned Website" from the Canarytokens list.
 
-Leave a reasonable comment to remind yourself where you will deploy the token. Then, supply the domain that you want to protect (this is the domain where the site is deployed that you will insert your tokenized css into).
+Leave a reasonable comment to remind yourself where you will deploy the Canarytoken. Then, supply the domain that you want to protect (this is the domain where the site is deployed that you will insert your tokenized css into).
 
 You'll get a CSS Snippet similar to:
 
@@ -18,9 +18,9 @@ body {
 }
 ```
 
-Upon a client making the request, our CloudFront infrastructure will validate the HTTP Referer header to ensure it is expected. You get an alert if the domain doesn't match the expected domain used during the creation of the token.
+Upon a client making the request, our CloudFront infrastructure will validate the HTTP Referer header to ensure it is expected. You get an alert if the domain doesn't match the expected domain used during the creation of the Canarytoken.
 
 Ideas for use:
 
- - Only the `url()` portion is required, you can change the selector and add `opacity: 0` or `display: hidden` if you want to style an invisible element. 
+ - Only the `url()` portion is required, you can change the selector and add `opacity: 0` or `display: hidden` if you want to style an invisible element.
  - Use this CSS to style 3rd party authentication pages, such as a [LogTo](https://logto.io) page, or an [AWS Cognito login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-ui-customization.html)

docs/.vuepress/images/generic_dns_data.png

@@ -1,17 +1,17 @@
-# Custom EXE Token
+# Custom EXE Canarytoken
 
-## What is a Custom EXE Token
+## What is a Custom EXE Canarytoken
 
-This token works by signing an EXE or a DLL with a certificate containing a Canarytoken. When the EXE is run, or the DLL is loaded, an alert is fired.
+This Canarytoken works by signing an EXE or a DLL with a certificate containing a Canarytoken. When the EXE is run, or the DLL is loaded, an alert is fired.
 
-## Creating the token
+## Creating the Canarytoken
 
-Create a token by choosing "Custom exe" from the drop down list.
+Create a Canarytoken by choosing "Custom exe / binary" from the Canarytokens list.
 
-Leave a reasonable comment to remind yourself where you will deploy the token. Then, select the EXE or the DLL to be signed.
+Leave a reasonable comment to remind yourself where you will deploy the Canarytoken. Then, select the EXE or the DLL to be signed.
 
-The file can now be downloaded. Remember, this token is triggered whenever the binary file is executed. For EXEs, this means direct execution and for DLLs, it means they were loaded.
+The file can now be downloaded. Remember, this Canarytoken is triggered whenever the binary file is executed. For EXEs, this means direct execution and for DLLs, it means they were loaded.
 
 ## What to tokenize
 
-When choosing which files to token, decide on a few binaries commonly used by attackers, and token these.
+When choosing which files to Canarytoken, decide on a few binaries commonly used by attackers, and Canarytoken these.

docs/.vuepress/images/http_token_created.png

@@ -1,33 +1,33 @@
-# DNS Token
+# DNS Canarytoken
 
-## What is a DNS token
+## What is a DNS Canarytoken
 
 When you create a DNS based Canarytoken, the system gives you a unique Internet resolvable domain name.
 
 Anyone attempting to resolve this domain name, will now trigger an alert.
 
-Why does this matter? Once you are able to get an alert for a web-based token, or a DNS based token, you have the building blocks for squillions of possible tripwires.
+Why does this matter? Once you are able to get an alert for a web-based Canarytoken, or a DNS based Canarytoken, you have the building blocks for squillions of possible tripwires.
 
-## Creating a DNS token
+## Creating a DNS Canarytoken
 
-Head on over to [canarytokens.org](https://canarytokens.org/generate) and select `DNS token`:
+Head on over to [canarytokens.org](https://canarytokens.org/generate) and select `DNS`:
 
-![Creating a DNS token](../.vuepress/images/dns_token_creating.png)
+![Creating a DNS Canarytoken](../.vuepress/images/dns_token_creating.png)
 
 Enter your email address along with a reminder that will be easy to understand then click Create:
 
-![Created an HTTP token](../.vuepress/images/dns_token_created.png)
+![Created an HTTP Canarytoken](../.vuepress/images/dns_token_created.png)
 
 Copy the hostname and place it somewhere useful.
 
-## Encoding additional information in your token
+## Encoding additional information in your Canarytoken
 
-Your DNS token can carry a small amount of additional custom data when it’s triggered. This can be used for adding incident-specific data to your alert with custom DNS based tokens. Use the following encoding rules to place generic data into your DNS token:
+Your DNS Canarytoken can carry a small amount of additional custom data when it’s triggered. This can be used for adding incident-specific data to your alert with custom DNS based Canarytokens. Use the following encoding rules to place generic data into your DNS Canarytoken:
 
  * Base32 encode your data, and remove any padding '=' characters
  * Insert periods (.) after every 63-bytes
  * Append the magic string '.G'+<2-random-digits>+'.' (e.g. '.G12.' or '.G83.')
- * Append your DNS token
+ * Append your DNS Canarytoken
 This creates a new hostname of the form:
 ```
   <base32-string>.<base32-string>.G<2-random-digits>.<dns-token>

docs/.vuepress/images/http_token_creating.png

@@ -1,11 +1,11 @@
-# Fast Redirect Token
+# Fast Redirect Canarytoken
 
-## What is a Fast Redirect Token
+## What is a Fast Redirect Canarytoken
 
-This token is similar to the HTTP token but the token redirects to a custom address once triggered. The difference between the regular HTTP token and the Fast Redirect is that this token does not collect browser nor browser plugin information. For a redirect that does, see the Slow Redirect token in the next section.
+This Canarytoken is similar to the HTTP Canarytoken but the Canarytoken redirects to a custom address once triggered. The difference between the regular HTTP Canarytoken and the Fast Redirect is that this Canarytoken does not collect browser nor browser plugin information. For a redirect that does, see the Slow Redirect Canarytoken in the next section.
 
 ## Creating the token
 
-Create a token by choosing "Fast Redirect" from the drop down list.
+Create a Canarytoken by choosing "Fast Redirect" from the Canarytokens list.
 
-Leave a reasonable comment to remind yourself where you will deploy the token. Add the redirect URL to which the token will redirect once fired. Then click "Create New Canarytoken" to create the token.
+Leave a reasonable comment to remind yourself where you will deploy the Canarytoken. Add the redirect URL to which the Canarytoken will redirect once fired. Then click "Create New Canarytoken" to create the Canarytoken.

docs/.vuepress/images/kubeconfig_token_created.png

@@ -4,15 +4,15 @@
 
 Go to [canarytokens.org](https://canarytokens.org/generate) and select your Canarytoken (supply an email to be notified at as well as a memo that reminds you which Canarytoken this is and where you put it).
 
-![Created an HTTP token](../.vuepress/images/http_token_creating.png)
+![Created an HTTP Canarytoken](../.vuepress/images/http_token_creating.png)
 
 Place the generated Canarytoken somewhere special (read the [examples](./examples.md) for ideas on where).
 
 If an attacker ever trips on the Canarytoken somehow, you'll get an email letting you know that it has happened.
 
-## How do attackers trip over a token
+## How do attackers trip over a Canarytoken
 
-Recall that a typical token is a unique URL and/or hostname. The URL component is pretty flexible. This means that if your token is:
+Recall that a typical Canarytoken is a unique URL and/or hostname. The URL component is pretty flexible. This means that if your Canarytoken is:
 
 ```bash
 http://45e51129ec7e.o3n.io/images/o63277vnjf6nfobn3cbey69fh/spacer.gif
@@ -27,25 +27,25 @@ http://45e51129ec7e.o3n.io/images/o63277vnjf6nfobn3cbey69fh/passwords.zip
 http://45e51129ec7e.o3n.io/images/o63277vnjf6nfobn3cbey69fh/anything-really
 ```
 
-would still activate your token. This gives us the simplest use-case for a token, an old fashioned web-bug.
+would still activate your Canarytoken. This gives us the simplest use-case for a Canarytoken, an old fashioned web-bug.
 
-For example, you could send yourself an email with a link to the token plus some lure text:
+For example, you could send yourself an email with a link to the Canarytoken plus some lure text:
 
 ![Tokened mail](../.vuepress/images/tokened_mail.png)
 
 
 Simply keep it in your inbox unread since you know not to touch it. An attacker who has grabbed your mail-spool doesn't. So if your emails are stolen, then an attacker reading them should be attracted to the mail and visit the link – and while your week is about to get worse, at least you know.
 
-If you like, you could even use the same token as an embedded image. This way it works like the classic 1x1 transparent GIF. Now an attacker reading your inbox could trip over it just because his mail client renders remote images. (In this way you can use free Canarytokens as a classic web/mail-bug, to receive a notification when an email you send has been read.)
+If you like, you could even use the same Canarytoken as an embedded image. This way it works like the classic 1x1 transparent GIF. Now an attacker reading your inbox could trip over it just because his mail client renders remote images. (In this way you can use free Canarytokens as a classic web/mail-bug, to receive a notification when an email you send has been read.)
 
 ## What memo should I use
 
-Over time, if you are using Canarytokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is descriptive, and will be self-describing. Nothing sucks more than having a token fire an alert that reads “test" - and not knowing where you placed it.
+Over time, if you are using Canarytokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is descriptive, and will be self-describing. Nothing sucks more than having a Canarytoken fire an alert that reads “test" - and not knowing where you placed it.
 
 ## Production Usage
 
 Canarytokens can be used as simple web-bugs, but they are incredibly flexible as we'll see.
 
-You may have a fancy SIEM that lets you know when stuff happens, but you'll find that with a little creativity, there's a bunch of places that you could get wins from a token (that can be deployed in seconds) that you couldn't easily get to otherwise.
+You may have a fancy SIEM that lets you know when stuff happens, but you'll find that with a little creativity, there's a bunch of places that you could get wins from a Canarytoken (that can be deployed in seconds) that you couldn't easily get to otherwise.
 
-Do you trust the admins/support at DropBox to leave your files alone? (or Office365? or HipChat?) Simply generate a token and drop it in your folder, or mention it in your HipChat channel. If some admin is browsing contents in their spare time (or is being coerced to do so by a 3rd party) they will trip over your URL and you'll be notified.
+Do you trust the admins/support at Dropbox to leave your files alone? (or Office365?) Simply generate a Canarytoken and drop it in your folder, or mention it in your HipChat channel. If some admin is browsing contents in their spare time (or is being coerced to do so by a 3rd party) they will trip over your URL and you'll be notified.

docs/.vuepress/images/kubeconfig_token_creating.png

@@ -1,16 +1,16 @@
-# HTTP Token
+# HTTP Canarytoken
 
-## What is an HTTP token
+## What is an HTTP Canarytoken
 
 When you create a HTTP based Canarytoken, the system gives you a URL.
 
 Anyone attempting to browse to this URL will generate an alert.
 
-Why does this matter? Once you are able to get an alert for a web-based token, or a DNS based token, you have the building blocks for squillions of possible tripwires.
+Why does this matter? Once you are able to get an alert for a web-based Canarytoken, or a DNS based Canarytoken, you have the building blocks for squillions of possible tripwires.
 
-## Creating an HTTP token
+## Creating an HTTP Canarytoken
 
-Head on over to [canarytokens.org](https://canarytokens.org/generate) and select `Web bug /URL token`:
+Head on over to [canarytokens.org](https://canarytokens.org/generate) and select `Web bug`:
 
 ![Creating an HTTP token](../.vuepress/images/http_token_creating.png)
 

docs/guide/README.md

@@ -10,7 +10,7 @@ Using the Kubeconfig Canarytoken will simply return permission errors to an atta
 
 ## Creating a Kubeconfig token
 
-Head on over to [canarytokens.org](https://canarytokens.org/generate) and select Kubeconfig token.
+Head on over to [canarytokens.org](https://canarytokens.org/generate) and select `Kubeconfig`.
 
 Enter the email address or webhook where you would like to get alerts. Next, enter a reminder note that will be convenient for you to identify where you placed the Kubeconfig, when you get alerted.
 

docs/guide/adobe-pdf-token.md

@@ -1,9 +1,9 @@
-# MS Excel Token
+# MS Excel Canarytoken
 
 A special thanks to [Dominic White](https://twitter.com/singe) for making this happen.
 
-## What is a MS Excel Token
+## What is a MS Excel Canarytoken
 
-This is a Microsoft Excel document that will alert you whenever it is opened in Microsoft Office on Windows or MAC OS.
+This is a Microsoft Excel document that will alert you whenever it is opened in Microsoft Office on Windows or macOS.
 
 This is useful for dropping into shares that shouldn't be accessed. Create a juicy filename (employee_salaries.xlsx, passwords.xlsx), leave it lying around on a network share, on a web server, in an email, and wait for the alert to tell you there's someone snooping around.

docs/guide/aws-keys-token.md

@@ -1,7 +1,7 @@
-# MS Word Token
+# MS Word Canarytoken
 
-## What is a MS Word Token
+## What is a MS Word Canarytoken
 
-This is a Microsoft Word document that will alert you whenever it is opened in Microsoft Office on Windows or MAC OS.
+This is a Microsoft Word document that will alert you whenever it is opened in Microsoft Office on Windows or macOS.
 
 This is useful for dropping into shares that shouldn't be accessed. Create a juicy filename (employee_salaries.docx, passwords.docx), leave it lying around on a network share, on a web server, in an email, and wait for the alert to tell you there's someone snooping around.