Talkback
Talkback is a smart infosec resource aggregator, designed to help security enthusiasts, practitioners and researchers be more productive.
The system works by continuously monitoring several resource mediums for infosec news and publications, parses all content, classifies and hydrates the data-set, then presents this via a simple UI.
A couple of the key interfaces in Talkback are:
- Chronicles that provides a snapshot view for a given week or month.
- Resources that allows drilling down and browsing the Talkback library.
For more information on how Talkback works and its key features, see our blog post Keeping up with the Pwnses - an overview of Talkback.
Talkback is a project developed by elttam .
Featured Resources
Last 7 daysGitHub's Cross Fork Object Reference (CFOR) vulnerability allows users to access data from deleted and private repositories indefinitely by supplying commit hashes.
![](https://s3.talkback.sh/media/screenshots/70f8bcb186ece5561c47a07ff8d3843c.png)
Thread Name-Calling is a novel process injection technique utilizing Windows APIs to bypass endpoint protection and execute remote code in running processes without write privileges.
![](https://s3.talkback.sh/media/screenshots/a27c1aa21f48ac1ed71ee902daab084f.png)
In-memory payloads can be injected into applications like Bitbucket, Jenkins, and Confluence to achieve Remote Code Execution (RCE) by exploiting vulnerabilities like arbitrary deserialization, SSTI, scripting engines, and command injections.
![](https://s3.talkback.sh/media/screenshots/eeb2a64acbddc94d4a47b5b305d47e67.png)
Custom payloads are more effective than stock shellcode for bypassing EDR systems, requiring the creation of custom shellcode loaders or implants to avoid detection and increase the chances of success.
![](https://s3.talkback.sh/media/screenshots/199753530c1d8b12b05bb4faa03faad8.png)
Canary's security product prioritizes customer isolation through individual tenant consoles on separate AWS EC2 instances, enhancing security and compliance while incurring higher operational costs.
![](https://s3.talkback.sh/media/screenshots/47d9cb1f11b771c79b5a9d1d9555b231.png)
The article explores modifying Golang code at the assembly level to customize behavior in the net/http library, highlighting the process of identifying and patching header canonicalization functions.