Introduction

Talkback has two new features - Chronicles and Newsletters, designed to help users more efficiently browse snapshots of trending infosec resources at points in time, such as a given week or month. These features allow filtering on specific subjects in infosec, and should appeal to a range of technical roles wishing to focus on relevant publications and news.

The first feature is dubbed “Chronicles” which allows users to see within the Talkback UI what news, publications, tools, and other resources were trending for a specific week, month, or year and allows filtering on resource types and also infosec categories.

The second feature was released at BSides Canberra in September 2024, which allows registered users to configure a weekly digest email with only categories of their interest.

These features required a few building blocks in the system to be refined, specifically around classification of resources and revising a ranking formula. In this post we’ll provide an overview of the relevant components in Talkback, then show how both the Chronicles and Newsletters features can be used to help productivity.

If you’re not familiar with Talkback, it’s recommended to read our earlier blog post Keeping up with the Pwnses - an Overview of Talkback that provides an introduction on the tool and its various features.

Resource processing 101

Before demo’ing the Chronicles and Newsletter features, it’d be useful to have a 101 understanding for how resources make their way into Talkback, what the classifiers do, and also how resource ranking works.

Data sources and indexing

The design of Talkback is intended to be autonomous and not have a reliance on a single source or manually maintaining a static set of data sources. Instead the system has components to monitor both social media and RSS feeds which dynamically monitors and prioritises feeds and mediums based on a ranking formula.


Social media and RSS feeds

Ontop of this, a handful of other misc importers exist, including finding and indexing papers, slides, etc. from popular technical conferences. This is in its infancy but does support both industry and academic conferences like Blackhat and Usenix. During the ingestion process Think.st Citation is cross referenced to help determine if there’s relevant conference data that can be associated to the resource.

Conference feed processes

With these feeds in place, Talkback averages ingesting around 2000 resources a month at the time of writing. We will be continuing to further improve the data coverage to ensure quality resources dating back the past few decades are indexed.

Categories and topics

When new resources are ingested, whether it’s web content or a document, the full text of the content is indexed, and then several other content enrichment modules are run.

There are two classifiers built ontop of OpenAI that are relevant to the content of this blog post - categories and topics. We’ll show a couple of recent popular resources, with the first being Attacking UNIX Systems via CUPS, Part I and then Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3) to help understand the outputs of both.

Categories

The categories multi-label classifier runs against all resources and aims to assign one or more infosec categories to a resource. The initial implementation at the time of our last blog post was in its infancy, and this year a focus was put to improve its accuracy and also include the rationale and a relevance score.

For the first article on CUPS, the primary category was Exploit Development at 80% relevance, with the Operating System and Network Security categories following at 70%.

Categories assigned for CUPS article

For the second article on attacking PHP/glibc, the primary category was Exploit Development, with no secondary categories assigned.

Categories assigned for PHP/glibc article

Topics

When thinking about a resource, what specific topics is it covering? A second classifier was prepared during this year focused on extracting relevant technologies, tools, programming languages, techniques, etc. of resources coming into Talkback. Similar to categories, it provides a rationale and a relevance score, but the classifier also extracts the type, such as Operating System or Programming Language, along with tracking the latest link to the home page of the topic.

For the first article on CUPS, the classifier identiifed the focus of the blog post was on CUPS with the type Printing system, but also mentions both the Chrome Web browser and Solaris Operating System as being relevant topics.

Topics assigned for CUPS article

For the second article on attacking PHP/glibc, the classifier determined both the GLIBC C Library and the PHP scripting language were the focuses of the blog post.

Topics assigned for PHP/glibc article

Resource ranking

Assigning a score to resources is done via a weighted ranking formula that’s had a number of refinements over time. The ranking score aims to provide a general non-bias 1-100 score for each resource that helps with prioritisation within Talkback, factoring in a number of features and attributes related to the resource.

The several weighted features include factoring in things such as if the resource has been featured by an infosec curator, the average rank score of past resources for where its hosted, its popularity on social media, the rank score of referenced/related resources. There are a handful of other factors, and these features and weights are periodically refined and updated.

Simplified resource ranking formula

Using Chronicles and Newsletters

With the 101 out of the way on how Talkback ingests, classifies, and ranks resources, we’ll show a couple of demos for the Chronicles and Newsletters features.

Chronicles

Chronicles is a new section in the Talkback UI that is broken up into Weekly, Monthly, or Yearly views.

Chronicles allows selecting a period (e.g. 2024 Week 39 or 2024 October or 2024) and seeing the highest ranked resources within that time window. A filter button allows entering a list of resource types and a selection of categories to only return resources that match the criteria. Separate to the Resources view in Talkback, Chronicles helps to catch up on or review past trending resources.

The demo below shows accessing the Weekly Chronicles, then previewing a specific resource and saving it for reading. It then shows moving to the previous week and finding another resource to save for later. The demo then changes to the Monthly Chronicles where filters are adjusted to focus on the Cryptography category, and moving through recent months.

Demo of Chronicles

Weekly Newsletter

The Talkback Weekly Newsletter works in a similar fashion to Chronicles, however it compiles a concise email digest for a users selected categories.

Users can click on their Profile icon and then select Newsletters that presents their newsletter settings, and there’s also a new section Newsletters which shows past newsletters.

The short demo below shows accessing the Newsletter settings associated to the profile and adjusting the categories for the next newsletter. It then shows the Newsletters section for previous newsletters, and selecting a resource of interest.

Demo of Newletters UI

Each Monday a digest email of top resources for each selected category will be sent, which provides concise summaries of the content, and hyperlinks to the resource view in Talkback.

Demo of Newletters Email

Conclusion

This post has provided an update on the new Chronicles and Newsletters features in Talkback, intended to help give more ways to keep up and browse infosec resources, that can be customised specific to your role and interests.

To subscribe to Newsletters, simply visit the Newsletters preferences page in your profile.

Thanks for reading!

Latest Posts

Blog A Monocle on Chronicles

By Matt October 02, 2024

This post provides an overview of Talkback Chronicles for viewing snapshots of trending infosec resources for points in time, and also how to subscribe to a new weekly Newsletter feature.

Blog DUCTF 2024 ESPecially Secure Boot Writeup

By daniel August 01, 2024

This blog post covers a DUCTF 2024 pwn challenge called "ESPecially Secure Boot", which required writing an exploit for CVE-2018-18558.

Blog plORMbing your Prisma ORM with Time-based Attacks

By Alex Brown July 08, 2024

Part two of our ORM Leak series about attacking the Prisma ORM and leaking sensitive data in a time-based attack.