Summary
Talkback is a smart infosec resource aggregator, designed to help security enthusiasts, practitioners and researchers be more productive.
The system works by continuously monitoring several resource mediums for infosec news and publications, parses all content, classifies and hydrates the data-set, then presents this via a simple UI.
A more detailed overview of Talkback and how it works can be found here.
Key Features
- Fully automated infosec resource aggregation from several feeds/mediums that dates back 15+ years.
- Filtering and keyword searching across all resources.
- A resource category classifier that organises resources into several potential disciplines.
- A resource ranking formula that factors in several attributes.
- Highlighting resources that have been featured by reputable infosec curators.
- Tracking popularity across social media platforms.
- Screenshots and wordcloud generation.
- Auto archival of new resources via the Wayback machine.
- Cross referencing between resources to find and list related/linked resources.
- Integration with Shodan to show hosting information of resources.
- Integration with NVD to enrich CVE references.
Curators List
A key feature of Talkback is highlighting resources that have been featured by a handful of infosec curators. This list of curators has been specially chosen due to their quality and experience, and we recommend following and supporting them.
The curators list is as follows:
- ThinkstScapes - https://thinkst.com/ts
- Risky Business - https://risky.biz/
- CTO at NCSC - https://ctoatncsc.substack.com/
- PentesterLab - https://twitter.com/pentesterlab
- tl;dr sec - https://tldrsec.com/
- INT3 (retired) - https://int3.substack.com/
- Dailyswig (retired) - https://twitter.com/dailyswig
FAQ
We built Talkback to help improve productivity for technical infosec enthusiasts/practitioners. We wanted it to be a fully automated living infosec library that can support many use-cases.
Search works by indexing resource content in Elasticsearch, including PDFs and other document types.
The resource <title> and <description> meta tags are also indexed.
Advanced search queries can be done using the query string syntax.
The resource ranking works by factoring in several attributes associated with a resource. This includes if a resource has been featured by a curator, the popularity of cross-referenced resources, and also its popularity on social media and news sites.
A few new features in our backlog include:
- Breakdowns by CVE data, including CWE and CPE
- Improvements for the resource type classifier and ranking
- Improvements for content parsing
- Mastodon integration
- Basic web API to extract details and trends
Not at the moment. We may consider open sourcing the system or at least specific components in the future.
The resource type classifier is in its infancy with some known limitations that we will incrementally improve.
Talkback is a rewrite of a tool from 2010-2012 by @volvent. The original version focused on leveraging social media to identify research and trends of vulnerabilities and also included a prototype for browsing trending infosec resources - a presentation on this can be found here. This is a new version by @lanjelot and @volvent with a revamped design to focus on technical resources and news.
Please email talkback at elttam.com with the details.