際際滷

際際滷Share a Scribd company logo

BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worrying And Delete My Accounts

Download as PPTX, PDF
J
JosephTesta9

Michael created a program called Sentry that automatically deletes or locks down a user's social media accounts and online presence if certain triggering events occur, such as a tweet going viral or containing a specific phrase. Sentry is designed to prevent doxing and unwanted attention on the internet by allowing users to quickly wipe their digital trails. It can integrate with services like Twitter, Cloudflare, and Pushover to change account settings or delete information according to rules defined in a configurable JSON file. The open source tool aims to offer alternatives to total social media abstinence or inaction when online safety is a concern.

1 of 23
Download to read offline
Sentry Or: How I Learned To Stop Worrying And Delete My Accounts Michael West - T3h Ub3r K1tten - mwe.st
Michael West - T3h Ub3r K1tten Located in Dallas, TX National Technical Advisor at CyberArk IT / DBA / software dev / infosec professionally for 6 years AOL Keywords: OSINT, Twitter, barcodes, space, amateur radio, storm spotting, emergency preparedness, volunteering Proof I do leave the house on occasion
Remember this?
Trump tweeted it
Unexpected attention
Doxed
"Kaczynski'd again!"
People become incidentally viral everyday
A zone of bone
Including infosec...
What happens in Vegas...
Can be publicized after your arrest What happens in Vegas...
What if it happens to me?
My risk stance is... Un-optimized
What if...?
The current solutions are... Censorship Clean your social media of anything remotely unsavory Compartmentalize the dirt Become a hermit Don't use social media Keep social media private/pseudonymous Nihilism Don't worry about it, probably won't happen to me
Something different: Sentry Watches for certain criteria A trigger phrase you post A tweet with 1,000+ retweets Or your own script Triggers a cascade of actions Customize actions Lock down accounts Set Twitter private Disable personal website Wipe when that's not an option Erase Reddit comments Delete other accounts The "gay furry" account
Nitty gritty Written in C# for .NET Core Runs on Windows, Linux, and Mac Highly extensible and configurable Configured by JSON Can be called by other scripts Uses Selenium for web automation RestSharp for APIs
Demo "The whole point of the doomsday machine is lost... if you keep it a secret!"
Features JFMSUF Mode Twitter (via API) Check for trigger string Check for >x RTs/favs Delete all tweets ("scorch") Post tweet Twitter (via web) Lock account Delete (deactivate) account Cloudflare Update DNS records Delete DNS records Pushover Notify on startup Notify on trigger activation Still in development: Conjur Store secrets securely and easily Multi-factor support Reddit (via API) Blank posts ("wipe") Delete posts Reddit (via web) Delete account Email (IMAP/POP) Check for trigger string Clustering support
Just Fuck My Shit Up Fam (JFMSUF) mode Everything runs like it was triggered. Prompts for confirmation (unless skipped). Great to call Sentry from your own script: dotnet Sentry.dll run --JustFuckMyShitUpFam --SkipJFMSUFConfirmation dotnet Sentry.dll run --ConfigFile "custom.json" dotnet Sentry.dll run --ConfigText "{ yourJsonHere }"
Conjur Open-source secrets management server https://github.com/cyberark/conjur Coming Soon
Code MIT License github.com/T3hUb3rK1tten/Sentry mwe.st/github Michael West T3h Ub3r K1tten @t3hub3rk1tten mwe.st/twitter Me

More Related Content

BSides Rochester 2018: Michael West: Sentry, Or: How I Learned To Stop Worrying And Delete My Accounts

  • 1. Sentry Or: How I Learned To Stop Worrying And Delete My Accounts Michael West - T3h Ub3r K1tten - mwe.st
  • 2. Michael West - T3h Ub3r K1tten Located in Dallas, TX National Technical Advisor at CyberArk IT / DBA / software dev / infosec professionally for 6 years AOL Keywords: OSINT, Twitter, barcodes, space, amateur radio, storm spotting, emergency preparedness, volunteering Proof I do leave the house on occasion
  • 8. People become incidentally viral everyday
  • 9. A zone of bone
  • 11. What happens in Vegas...
  • 12. Can be publicized after your arrest What happens in Vegas...
  • 13. What if it happens to me?
  • 14. My risk stance is... Un-optimized
  • 16. The current solutions are... Censorship Clean your social media of anything remotely unsavory Compartmentalize the dirt Become a hermit Don't use social media Keep social media private/pseudonymous Nihilism Don't worry about it, probably won't happen to me
  • 17. Something different: Sentry Watches for certain criteria A trigger phrase you post A tweet with 1,000+ retweets Or your own script Triggers a cascade of actions Customize actions Lock down accounts Set Twitter private Disable personal website Wipe when that's not an option Erase Reddit comments Delete other accounts The "gay furry" account
  • 18. Nitty gritty Written in C# for .NET Core Runs on Windows, Linux, and Mac Highly extensible and configurable Configured by JSON Can be called by other scripts Uses Selenium for web automation RestSharp for APIs
  • 19. Demo "The whole point of the doomsday machine is lost... if you keep it a secret!"
  • 20. Features JFMSUF Mode Twitter (via API) Check for trigger string Check for >x RTs/favs Delete all tweets ("scorch") Post tweet Twitter (via web) Lock account Delete (deactivate) account Cloudflare Update DNS records Delete DNS records Pushover Notify on startup Notify on trigger activation Still in development: Conjur Store secrets securely and easily Multi-factor support Reddit (via API) Blank posts ("wipe") Delete posts Reddit (via web) Delete account Email (IMAP/POP) Check for trigger string Clustering support
  • 21. Just Fuck My Shit Up Fam (JFMSUF) mode Everything runs like it was triggered. Prompts for confirmation (unless skipped). Great to call Sentry from your own script: dotnet Sentry.dll run --JustFuckMyShitUpFam --SkipJFMSUFConfirmation dotnet Sentry.dll run --ConfigFile "custom.json" dotnet Sentry.dll run --ConfigText "{ yourJsonHere }"
  • 22. Conjur Open-source secrets management server https://github.com/cyberark/conjur Coming Soon

Editor's Notes

  • #10: Apparently it was pregnant porn