Talkback

Summary

Talkback is a project developed by elttam to help our team and the wider community be more efficient and effective at keeping up with cyber security content.

The system works by continuously monitoring several resource mediums for infosec news and publications from all corners of the internet, then uses AI/ML and third-party integrations to hydrate, classify, summarise and organise all content. The Talkback dataset is available via the UI and also an API.

A couple of the key interfaces in Talkback are:

Chronicles that provides a snapshot view for a given week, month or year.
Resources that allows drilling down and browsing the Talkback library.

For more information on how Talkback works and its key features:

Overview of Talkback - elttam blog
A Monocle on Chronicles - elttam blog
Keeping up with the Pwnses - BSides Canberra 2024
A walk-through of Talkback - CrikeyCon Brisbane 2024

Key Features

Fully automated infosec resource aggregation from several feeds/mediums that dates back 15+ years.
Filtering and keyword searching across all resources.
A resource category classifier that organises resources into several potential disciplines.
A resource ranking formula that factors in several attributes.
Highlighting resources that have been featured by reputable infosec curators.
Tracking popularity across social media platforms.
Screenshots and wordcloud generation.
Auto archival of new resources via the Wayback machine.
Cross referencing between resources to find and list related/linked resources.
Integration with Shodan to show hosting information of resources.
Integration with NVD to enrich CVE references.

Curators List

A key feature of Talkback is highlighting resources that have been featured by a handful of infosec curators. This list of curators has been specially chosen due to their quality and experience, and we recommend following and supporting them.

The curators list is as follows:

ThinkstScapes - https://thinkst.com/ts
Risky Business - https://risky.biz/
CTO at NCSC - https://ctoatncsc.substack.com/
PentesterLab - https://twitter.com/pentesterlab
tl;dr sec - https://tldrsec.com/
INT3 (retired) - https://int3.substack.com/
Dailyswig (retired) - https://twitter.com/dailyswig

FAQ

We built Talkback to help improve productivity for technical infosec enthusiasts/practitioners. We wanted it to be a fully automated living infosec library that can support many use-cases.

Search works by indexing resource content in Elasticsearch, including PDFs and other document types. The resource <title> and <description> meta tags are also indexed. Advanced search queries can be done using the query string syntax.

The resource ranking works by factoring in several attributes associated with a resource. This includes if a resource has been featured by a curator, the popularity of cross-referenced resources, and also its popularity on social media and news sites.

A few new features in our backlog include:

Breakdowns by CWE, CPE or TTPs
Improvements for content parsing

Yes, there is a GraphQL API available. Start here.

Not at the moment. We may consider open sourcing the system or at least specific components in the future.

The resource parser is in its infancy with some known limitations that we will incrementally improve.

Talkback is a rewrite of a tool from 2010-2012 by @volvent. The original version focused on leveraging social media to identify research and trends of vulnerabilities and also included a prototype for browsing trending infosec resources - a presentation on this can be found here. This is a new version by @lanjelot and @volvent with a revamped design to focus on technical resources and news.

Please email talkback at elttam.com with the details.

Summary

Key Features

Curators List

FAQ

Why build this system?

How does search work?

What is the colored badge or "rank" field mean?

What features are planned?

Is there an API?

Is the source code available?

The resource summary/type/category looks inaccurate sometimes?

Wasn't there a tool called Talkback a while ago?

I found an inaccuracy / bug in the system.

Customize Cookies