Data can be encoded in anything that changes state — not just file content or network packets.

The principle of Covert Channel

In short, it's a communication path that was never intended to be used for communication. Instead of using a legitimate, observable channel, two parties encode information into some aspect of a system that changes state which both parties observe

Based on research, this dates back to a 1973 paper by Butler Lampson on the confinement problem. He described a scenario where a malicious process could leaf info to an outside observer not by writing files or opening sockets, but by modulating its own CPU usage mesured by the observer. Basically the observer doesn't read a message, it deducts one from a side effect.

Categories of Covert Channels

This broadly fall into two types
- Storage channels
- Timing channels

The first type encode data by modifying a "shared system attribute" that another process an read. File permissions, timestamps, process IDs, registery keys, and even the presence or absence of a file are all storage channels. The recent crackme challenge used a storage channel.

The receiver measures the gaps. CPU cache timing attacks like Spectre and Meltdown are timing channels operating at the nanosecond level.

In the recent crackme challenge, both binaries once executed only took about 1.3 seconds to communicate and end cleanly.

In order to intercept the communication (the goal), I had to set my python interceptor to use 1 Microsecond (0.00001 seconds) in order to not miss a single byte. Even that wasn't enough. I had to pause every process, program etc even network to avoid any form of interruption.

A real world example concerning convert channels involves the popular vulnerabilities; Spectre and Meltdown as mentioned previously

You can read more about them here

meltdownattack.com

I'll be going deeper into it (covert channels) as it really caught all my attention during the challenge. I'll write down a research doc on it. If I find something deeper, interesting and perhaps critical and worth reporting that'll be fantastic and worth the pursuit.

My little secret to anyone struggling to understand every Linux commands they use, even with those from AI without explanation.

Start by knowing what each later and word stand for.

Most if not all Linux commands are just abbreviations or first letters of the task.

Knowing what the letters stand for makes commands instantly more memorable and logical

It's like learning the etymology of words - suddenly everything clicks into place.

Trust me, mixed up commands won't look strange to you again.

Just came across this amazing tool: Beerus Framework

Developed to assist the mobile pentester during the entire process.

Check it out here: https://t.co/3a1wOTYAwh

#mobilesecurity #PenetrationTesting

🚀 Proud to Announce: ELPM v1.0 is Out!

Sleek PyQt6 GUI for Linux process hunting: Real-time views, network graphs, CPU/mem viz, & SIGKILL controls.

Linux/macOS ready—30s setup: Clone, pip, run script. Windows guide incl.

GitHub: https://github.com/The-OffSec-Desk/enhanced-process-monitor

Star it, fork it, yell at me in issues—community feedback fuels v2.0 (malware scans incoming 👀).

#ELPM #CyberSec #OpenSource

Curious to go deeper into the Linux kernel internals and low-level related topics? There you go, enjoy !

https://github.com/0xAX/linux-insides/tree/master

🚀 Project ELPM Update: PyQt6 Desktop App v1.0 is LIVE!

I’ve rebuilt my real-time process monitor from the ground up now with a sleek, native desktop UI using PyQt6.
It displays every running process, integrates deep system logic, and uses my custom elpm-killer.c for secure signal handling.

Here's how i did it:

To get the perfect design, I started by building a React + Vite web app — it gave me full control over animations, styling, and UX.
But I wanted a true desktop experience, so I didn’t stop there.

Next, I recreated the entire UI in Qt Designer, learning PyQt6 from scratch.
Shoutout to Python GUIs — their tutorial made the learning curve smooth and fun.

Converting the Figma-like design wasn’t easy.
No direct export, so I manually translated every component, layout, and style into .ui files — then converted them to Python.

The result? A native, cross-platform desktop app that mirrors the web version — minus web-only animations, but with full system access.

Still some polish needed, but the core is solid.

Behind the scenes:
✅ Real-time psutil monitoring
✅ C-based privileged actions (elpm-killer.c)
✅ Group-based permissions for security
✅ Button signals tied to process control (kill, suspend, etc.)

This is v1.0 — but not the end.
Next:
🔹 Malware detection (YARA + heuristics)
🔹 Hidden process & rootkit scanning
🔹 Desktop alerts for suspicious activity
🔹 Full export & analysis tools

Gonna work on the GitHub repo ready for anyone who wanna test it out 😁

In case you ask Why a desktop app?

No localhost, no config headaches. I tried that and trust me it isn't worth the stress at all 🤕

Just double-click and run — works on Linux, Windows, macOS. That's far better

This project started as a curiosity and deep learning about processes, then, grew into a tool I now use daily.
As someone passionate about low-level security and system internals, building ELPM (Enhanced Linux Process Monitoring) has been one of the most rewarding challenges in my journey.
I’m sharing it not just as code, but as a piece of my craft.

If you’re working in defense, red teaming, or just love systems I’d love to hear your thoughts. Let’s connect and build something powerful together.

#CyberSecurity #Python #SystemsEngineering #OpenSource #InfoSec #RedTeaming #ProcessMonitor

If you operate in the shadows of Ring 0, then https://docs.kernel.org/index.html is your grimoire —
It turns you from a practitioner into a kernel-native researcher.

It teaches you not just to write exploits, but to understand what you’re breaking — and how to build something unbreakable.

A true and rare gem

You can’t break and secure what you don’t understand.

Learn, understand and practice before exploiting

It’s completely free -> https://training.linuxfoundation.org/training/a-beginners-guide-to-linux-kernel-development-lfd103/

You can check out their courses - premium

Enjoy