Robert Auger's Avatar

Robert Auger

@robertauger.bsky.social

25 years Appsec,PurpleTeam,Web Application Security Consortium(WASC) cofounder,Baythreat Organizer,Ex-PayPal/eBay/Box/Workday/Coinbase infosec. http://Sectemplates.com | https://www.cgisecurity.com/ | https://github.com/securitytemplates/sectemplates

171 Followers  |  302 Following  |  48 Posts  |  Joined: 13.11.2024  |  2.0153

Latest posts by robertauger.bsky.social on Bluesky

At defcon today if anyone wants to chat

09.08.2025 22:14 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Same desert as Hellโ€™s Kitchen I think which makes sense!

09.08.2025 22:13 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Hellโ€™s Kitchen?

09.08.2025 22:12 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

About 75% done with a new pack for Sectemplates.com focusing on appsec 'Security Partnerships'. How many of you have leveraged such as program and how did it go for you?

09.03.2025 07:18 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

I wonder how long it will take for AI interfaces into your brain to
1. read your โ€˜databaseโ€™ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or โ€˜ramโ€™ to aid with tasks

5-10 years?

07.03.2025 21:01 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

I have a bunch of solid security domain names I'm thinking of finally selling. What would be the best way to sell them to security vendors?

01.03.2025 05:43 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Random rant: If security teams understood how to represent their work as dollar savings, how much more funding and support they'd receive?

28.02.2025 07:08 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Announcement - Incident Response Program Pack v1.5

This release is to provide you with everything you need to establish a functioning security incident response program at your company.

Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...

17.02.2025 23:45 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

It was nice knowing you ;)

15.02.2025 22:36 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

It gets worse

10.02.2025 02:27 โ€” ๐Ÿ‘ 11    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

I need to spend more time here, Twitter is just political yelling and screaming

09.02.2025 05:35 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Stealing Accesses tokens from Cloud Functions in GCP How Attackers Leverage Serverless Functions to Escalate Privileges and Move Laterally

Stealing Accesses tokens from Cloud Functions in GCP

08.02.2025 08:32 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

POTUS can do whatever he wants now that heโ€™s king

05.02.2025 01:48 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

I imagine people using botnets to train AI models in the near future.

29.01.2025 07:48 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Silicon Valley Is Raving About a Made-in-China AI Model DeepSeek is called โ€œamazing and impressiveโ€ despite working with less-advanced chips.

Chinese AI models will be cheaper at the cost of censoring certain topics and people will eat it up... Ask it about Tank man or Xi and you'll see some obvious examples. www.wsj.com/tech/ai/chin...

26.01.2025 23:32 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Feels like the future for automating exploitation is training llms and using agents to perform these attacks. Agree? Disagree?

24.01.2025 20:11 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image 18.01.2025 20:57 โ€” ๐Ÿ‘ 3    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

BREAKING: Chinese hackers accessed Yellen's computer in US Treasury breach, per Bloomberg.

17.01.2025 01:25 โ€” ๐Ÿ‘ 154    ๐Ÿ” 26    ๐Ÿ’ฌ 8    ๐Ÿ“Œ 8

100%, 2025 likely not going to be much better on the world stage. Letโ€™s hope Iโ€™m wrong

31.12.2024 21:35 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Hacking campaign compromised at least 16 Chrome browser extensions Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users.

Hacking campaign compromised at least 16 Chrome browser extensions

31.12.2024 17:12 โ€” ๐Ÿ‘ 5    ๐Ÿ” 5    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

I'm pleased to announce the latest SecTemplates.com release, External Penetration Testing Program Pack v1.1.

Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...

28.12.2024 00:12 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Bill requiring US agencies to share custom source code with each other becomes law President Joe Biden signed the bipartisan legislation into law Dec. 23.

This is a good idea, however I doubt that this code on average is getting proper security testing/updates. As a result there may be a surge in agencies adopting vulnerable code and increasing their attack surface fedscoop.com/agencies-mus...

27.12.2024 22:53 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension

An attacker successfully phished a Cyberhaven employee.

They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.

Read my full writeup here:

www.vulnu.com/p/breaking-c...

Thanks @jaimeblascob.bsky.social and @johntuckner.me

27.12.2024 03:20 โ€” ๐Ÿ‘ 40    ๐Ÿ” 17    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

You know what one of the best uses for #AI is going to be that nobody is talking about? When you're arguing with an internet stranger about a point and you need to find facts to 'teach them', you can ask the AI to summarize the best sources and paste it back. Soon arguing will be automated. ;)

17.12.2024 07:22 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

These Jersey drones are worrying. Feeling more and more like they are searching for something that has the possibility of a very negative outcome. #drones

15.12.2024 00:05 โ€” ๐Ÿ‘ 3    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Is there a known pattern for training LLMs with tenant specific data, that allows for solid separation to avoid cross tenant exposure?

12.12.2024 21:53 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
20% of next sprint / technical debt

20% of next sprint / technical debt

10.12.2024 05:59 โ€” ๐Ÿ‘ 33    ๐Ÿ” 4    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
RUN DMC - Christmas In Hollis (Official HD Video)
YouTube video by RUNDMCVEVO RUN DMC - Christmas In Hollis (Official HD Video)

The only good Christmas song youtu.be/OR07r0ZMFb8?...

09.12.2024 20:10 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Any chance to try using an infrared or FLIR camera? Maybe rent one from local stores or online?

08.12.2024 06:47 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

We've witnessed a significant lack of OSINT nerds discussing the Brian Thompson assassination.

This could be your moment to ChatGPT your way to over 10,000 likes by armchair experting gun ballistics, criminal psychology, and healthcare policy

07.12.2024 23:23 โ€” ๐Ÿ‘ 31    ๐Ÿ” 1    ๐Ÿ’ฌ 5    ๐Ÿ“Œ 0

@robertauger is following 20 prominent accounts