When an attacker finds an AWS access key, it's like an unscratched instant lottery ticket. If they're lucky, the prize is full control of your cloud infrastructure. If they're unlucky, it's just an information disclosure vector that leads to more chances for them to win. PROJECT SPACECRAB turns every ticket into a losing ticket, that also alerts your security team that the ticket has been scratched.
SPACECRAB lets you generate, annotate and alert on AWS keys configured as honey tokens at scale. Using your CI/CD or orchestration infrastructure you can put them anywhere, even across your supply chain, and when bad actors find them, they'll use them. Alarms will go off and you'll know not only that you are breached, but where.
We'll also present some data on how and when compromised AWS keys are abused in the wild.