Talkback
Talkback

Talkback is a smart infosec resource aggregator, designed to help security enthusiasts, practitioners and researchers be more productive.

The system works by continuously monitoring several resource mediums for infosec news and publications, parses all content, classifies and hydrates the data-set, then presents this via a simple UI.

A couple of the key interfaces in Talkback are:

  • Chronicles that provides a snapshot view for a given week or month.
  • Resources that allows drilling down and browsing the Talkback library.

For more information on how Talkback works and its key features, see our blog post Keeping up with the Pwnses - an overview of Talkback.

Talkback is a project developed by elttam .

Featured Resources

Last 7 days
Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co. app cloud

GitHub's Cross Fork Object Reference (CFOR) vulnerability allows users to access data from deleted and private repositories indefinitely by supplying commit hashes.

Wed 24 Jul trufflesecurity.com
Thread Name-Calling - using Thread Name for offense exp sys

Thread Name-Calling is a novel process injection technique utilizing Windows APIs to bypass endpoint protection and execute remote code in running processes without write privileges.

Thu 25 Jul research.checkpoint.com
Injecting Java in-memory payloads for post-exploitation app exp

In-memory payloads can be injected into applications like Bitbucket, Jenkins, and Confluence to achieve Remote Code Execution (RCE) by exploiting vulnerabilities like arbitrary deserialization, SSTI, scripting engines, and command injections.

Tue 23 Jul synacktiv.com
Deep Sea Phishing Pt. 1 exp rev

Custom payloads are more effective than stock shellcode for bypassing EDR systems, requiring the creation of custom shellcode loaders or implants to avoid detection and increase the chances of success.

Tue 23 Jul posts.specterops.io
Unfashionably secure: why we use isolated VMs cloud

Canary's security product prioritizes customer isolation through individual tenant consoles on separate AWS EC2 instances, enhancing security and compliance while incurring higher operational costs.

Thu 25 Jul blog.thinkst.com
A hex editor and nothing to lose - Binary patching Golang to fix net/http rev exp

The article explores modifying Golang code at the assembly level to customize behavior in the net/http library, highlighting the process of identifying and patching header canonicalization functions.

Tue 23 Jul pulsesecurity.co.nz

Trending Vulnerabilities

Last 7 days
CVE-2024-24621 9.8
Received

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.

Thu 25 Jul
CVE-2024-24622 8.8
Received

Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.

Thu 25 Jul
CVE-2024-24623 8.8
Received

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.

Thu 25 Jul
CVE-2023-38048 9.9
Awaiting Analysis

A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.

Tue 9 Jul
CVE-2023-38055 9.6
Awaiting Analysis

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

Tue 9 Jul
CVE-2023-38047 8.5
Awaiting Analysis

A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

Tue 9 Jul

Trending Topics

Last 7 days
Falcon CrowdStrike
Security software
  • CISA Sells Private Sector on CIRCIA Reporting Rules
  • CrowdStrike Cloud Security Defines the Future of an Evolving Market
  • Falcon Fund Invests in Nagomi | CrowdStrike
  • ...
Fri 26 Jul
Windows Microsoft
Operating System
  • [Cracking Windows Kernel with HEVD] Chapter 4: How do we write a shellcode to elevate privileges and gracefully return to userland?
  • Abusing MS Windows printing for C2 communication
  • Announcing Zero Trust DNS Private Preview
  • ...
Fri 26 Jul
GitHub GitHub
Version control system
  • Threat actors hacked the Dropbox Sign production environment
  • What can we learn from the passwords used in brute-force attacks?
  • 64 bytes and a ROP chain - A journey through nftables - Part 2
  • ...
Fri 26 Jul
Chrome Google
Web Browser
  • Predicting Object Addresses In Chrome
  • GHSL-2020-163: Use-After-Free (UAF) in NFCHost::GetNFC - CVE-2020-15970
  • Google Rushes to Patch Chrome Zero-Day Exploit: CVE-2024-4671
  • ...
Fri 26 Jul
Python Python Software Foundation
Programming Language
  • JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application
  • HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems
  • LLM Pentest: Leveraging Agent Integration For RCE
  • ...
Fri 26 Jul
PowerShell Microsoft
Scripting language
  • Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 2)
  • AMSI Write Raid 0day Vulnerability
  • How to enforce usage of Privileged Access Workstations for Admins
  • ...
Fri 26 Jul