A Monocle on Chronicles
Using Talkback Chronicles, and introducing a new Newsletter.
Introduction
Talkback has two new features - Chronicles and Newsletters, designed to help users more efficiently browse snapshots of trending infosec resources at points in time, such as a given week or month. These features allow filtering on specific subjects in infosec, and should appeal to a range of technical roles wishing to focus on relevant publications and news.
The first feature is dubbed “Chronicles” which allows users to see within the Talkback UI what news, publications, tools, and other resources were trending for a specific week, month, or year and allows filtering on resource types and also infosec categories.
The second feature was released at BSides Canberra in September 2024, which allows registered users to configure a weekly digest email with only categories of their interest.
These features required a few building blocks in the system to be refined, specifically around classification of resources and revising a ranking formula. In this post we’ll provide an overview of the relevant components in Talkback, then show how both the Chronicles and Newsletters features can be used to help productivity.
If you’re not familiar with Talkback, it’s recommended to read our earlier blog post Keeping up with the Pwnses - an Overview of Talkback that provides an introduction on the tool and its various features.
Resource processing 101
Before demo’ing the Chronicles and Newsletter features, it’d be useful to have a 101 understanding for how resources make their way into Talkback, what the classifiers do, and also how resource ranking works.
Data sources and indexing
The design of Talkback is intended to be autonomous and not have a reliance on a single source or manually maintaining a static set of data sources. Instead the system has components to monitor both social media and RSS feeds which dynamically monitors and prioritises feeds and mediums based on a ranking formula.
Ontop of this, a handful of other misc importers exist, including finding and indexing papers, slides, etc. from popular technical conferences. This is in its infancy but does support both industry and academic conferences like Blackhat and Usenix. During the ingestion process Think.st Citation is cross referenced to help determine if there’s relevant conference data that can be associated to the resource.
With these feeds in place, Talkback averages ingesting around 2000 resources a month at the time of writing. We will be continuing to further improve the data coverage to ensure quality resources dating back the past few decades are indexed.
Categories and topics
When new resources are ingested, whether it’s web content or a document, the full text of the content is indexed, and then several other content enrichment modules are run.
There are two classifiers built ontop of OpenAI that are relevant to the content of this blog post - categories and topics. We’ll show a couple of recent popular resources, with the first being Attacking UNIX Systems via CUPS, Part I and then Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3) to help understand the outputs of both.
Categories
The categories multi-label classifier runs against all resources and aims to assign one or more infosec categories to a resource. The initial implementation at the time of our last blog post was in its infancy, and this year a focus was put to improve its accuracy and also include the rationale and a relevance score.
For the first article on CUPS, the primary category was Exploit Development at 80% relevance, with the Operating System and Network Security categories following at 70%.
For the second article on attacking PHP/glibc, the primary category was Exploit Development, with no secondary categories assigned.
Topics
When thinking about a resource, what specific topics is it covering? A second classifier was prepared during this year focused on extracting relevant technologies, tools, programming languages, techniques, etc. of resources coming into Talkback. Similar to categories, it provides a rationale and a relevance score, but the classifier also extracts the type, such as Operating System or Programming Language, along with tracking the latest link to the home page of the topic.
For the first article on CUPS, the classifier identiifed the focus of the blog post was on CUPS with the type Printing system, but also mentions both the Chrome Web browser and Solaris Operating System as being relevant topics.
For the second article on attacking PHP/glibc, the classifier determined both the GLIBC C Library and the PHP scripting language were the focuses of the blog post.
Resource ranking
Assigning a score to resources is done via a weighted ranking formula that’s had a number of refinements over time. The ranking score aims to provide a general non-bias 1-100 score for each resource that helps with prioritisation within Talkback, factoring in a number of features and attributes related to the resource.
The several weighted features include factoring in things such as if the resource has been featured by an infosec curator, the average rank score of past resources for where its hosted, its popularity on social media, the rank score of referenced/related resources. There are a handful of other factors, and these features and weights are periodically refined and updated.
Using Chronicles and Newsletters
With the 101 out of the way on how Talkback ingests, classifies, and ranks resources, we’ll show a couple of demos for the Chronicles and Newsletters features.
Chronicles
Chronicles is a new section in the Talkback UI that is broken up into Weekly, Monthly, or Yearly views.
Chronicles allows selecting a period (e.g. 2024 Week 39 or 2024 October or 2024) and seeing the highest ranked resources within that time window. A filter button allows entering a list of resource types and a selection of categories to only return resources that match the criteria. Separate to the Resources view in Talkback, Chronicles helps to catch up on or review past trending resources.
The demo below shows accessing the Weekly Chronicles, then previewing a specific resource and saving it for reading. It then shows moving to the previous week and finding another resource to save for later. The demo then changes to the Monthly Chronicles where filters are adjusted to focus on the Cryptography category, and moving through recent months.
Weekly Newsletter
The Talkback Weekly Newsletter works in a similar fashion to Chronicles, however it compiles a concise email digest for a users selected categories.
Users can click on their Profile icon and then select Newsletters that presents their newsletter settings, and there’s also a new section Newsletters which shows past newsletters.
The short demo below shows accessing the Newsletter settings associated to the profile and adjusting the categories for the next newsletter. It then shows the Newsletters section for previous newsletters, and selecting a resource of interest.
Each Monday a digest email of top resources for each selected category will be sent, which provides concise summaries of the content, and hyperlinks to the resource view in Talkback.
Conclusion
This post has provided an update on the new Chronicles and Newsletters features in Talkback, intended to help give more ways to keep up and browse infosec resources, that can be customised specific to your role and interests.
To subscribe to Newsletters, simply visit the Newsletters preferences page in your profile.
Thanks for reading!
