I've had this TI-83 Premium CE since secondary school and I'm thinking of what I could use it again for, or what I could turn it into

It runs Z80 assembly. I could write low-level code, explore calculator ROM hacking, or reverse-engineer the firmware.

But I have a better idea

A covert channel research project on this ti-83 premium ce. Measuring timing side-channels to understand what information leaks from the device.

the goal is to fingerprint calculator operations through usb response latency alone. No hardware modification. Just signal analysis.

if timing reveals secrets, so does everything else connected to the system.

I really have no idea of what the result would be, but this will be fun

I thought the cable was a charge-only, now it got identified by the kernel via dmesh from RingBuffer (https://github.com/The-OffSec-Desk/ringbuffer) I don't need to go get a better one

I'll be sharing my findings in parts, enjoy 🙂

#security #research #cybersecurity #covertchannels

The moment I read, last year, that GitHub was gonna become a property of MS, I already knew 2026 was gonna be a crazy year, from there upward.

Already, some people choose to host their own repos, all without GitHub (very possible btw), which I thought of, and even now more with the recent hack targeted at GitHub. Adding to that is, the personal issues everyone has with MS, and now, this they've done and have been doing, banning anyone they want from GitHub...I can very much say that in few years from now, GitHub users will significantly drop. Many will migrate to a better platform, or host theirs, where they can control everything. This will take time but it'll happen. The cracks are showing.

Most people only stick to it because of its social ecosystem, and that as well acts as a sort of global standard reputation for developers. However, as understanding as it is, people can get tired and opt out. Anything can be replaced.

This vendor-researcher clash didn't start today, nor yesterday. It's been ongoing for years now and it's it not presently changing, rather getting worse.

So many flaws within systems, so complex in structure take time to study, find and prove before they get reported. Months upon months could be spent on only studying the system(s), all to make the industry a better place. But companies like Microsoft make it so challenging, and almost impossible, in fact impossible to attain.

What on earth do they gain from treating security researchers this way? How will you reduce the number of threat actors if you're literally producing many per day? Like seriously, how?
If everyone should join the left hand side, how will you [or they] stand them? People are literally living the dream life by doing something they probably never thought they'd end up doing, but, were out of options. Some chose to go that way. Others chose not to. Yet, you treat them like trash. Come, what really is your problem? 🤨

Admitting flaws publicly hurts reputation. No doubts. Bug bounties and SRC (Security Research Centers) exist to channel reports productively, why gatekeep? Dismissing or slow-walking reports certainly burns goodwill and pushes people to full disclosure. Once it's out, those vulnerabilities spread more rapidly, leaving you with little to no time to patch them, cos you know what's coming.

We haven't even talked about rewards yet. I heard that some don't receive fair rewards for the great and wonderful job they've done. Saving the company from a complete downfall.

Companies, corporates, organisations... All need to revisit their visions, goals and objectives. And suggest or negotiate for a win win ground with researchers. Else, If this should continue, I'm afraid the industry may risk turning into something else.

#cybersecurity #microsoft

MIT's 6.566 Computer Systems Security (Spring 2026) is now live with full lectures and labs.

20 lectures covering:

- LEC 1-4: Threat models, OS/VM isolation, WebAssembly, trusted hardware
- LEC 5-7: Privilege separation (OpenSSH), data center infrastructure, mobile security
- LEC 8-10: Web security, buffer overflow defenses (baggy bounds), symbolic execution (EXE)
- LEC 11-15: Supply chain security, network security, TLS, certificates, U2F/passkeys
- LEC 16-20: Decentralized key management, AI agent security, messaging (Signal), anonymous communication (Tor)

Along with 5 labs:

- Buffer overflows
- Privilege separation
- Symbolic execution
- Browser security
- HTTPS & WebAuthn

css.csail.mit.edu/6.566/2026

Available on YouTube as well: youtu.be/-Z-Z_lmA7nE

#SecurityResearch #SystemsSecurity #MIT #Cybersecurity #Infosec #BufferOverflow #Exploitation #WebSecurity #CyberSecurity #OpenSource #Learning #ComputerScience #Defense #NetworkSecurity #Cryptography

Data can be encoded in anything that changes state — not just file content or network packets.

The principle of Covert Channel

In short, it's a communication path that was never intended to be used for communication. Instead of using a legitimate, observable channel, two parties encode information into some aspect of a system that changes state which both parties observe

Based on research, this dates back to a 1973 paper by Butler Lampson on the confinement problem. He described a scenario where a malicious process could leaf info to an outside observer not by writing files or opening sockets, but by modulating its own CPU usage mesured by the observer. Basically the observer doesn't read a message, it deducts one from a side effect.

Categories of Covert Channels

This broadly fall into two types
- Storage channels
- Timing channels

The first type encode data by modifying a "shared system attribute" that another process an read. File permissions, timestamps, process IDs, registery keys, and even the presence or absence of a file are all storage channels. The recent crackme challenge used a storage channel.

The receiver measures the gaps. CPU cache timing attacks like Spectre and Meltdown are timing channels operating at the nanosecond level.

In the recent crackme challenge, both binaries once executed only took about 1.3 seconds to communicate and end cleanly.

In order to intercept the communication (the goal), I had to set my python interceptor to use 1 Microsecond (0.00001 seconds) in order to not miss a single byte. Even that wasn't enough. I had to pause every process, program etc even network to avoid any form of interruption.

A real world example concerning convert channels involves the popular vulnerabilities; Spectre and Meltdown as mentioned previously

You can read more about them here

meltdownattack.com

I'll be going deeper into it (covert channels) as it really caught all my attention during the challenge. I'll write down a research doc on it. If I find something deeper, interesting and perhaps critical and worth reporting that'll be fantastic and worth the pursuit.

My little secret to anyone struggling to understand every Linux commands they use, even with those from AI without explanation.

Start by knowing what each later and word stand for.

Most if not all Linux commands are just abbreviations or first letters of the task.

Knowing what the letters stand for makes commands instantly more memorable and logical

It's like learning the etymology of words - suddenly everything clicks into place.

Trust me, mixed up commands won't look strange to you again.

Just came across this amazing tool: Beerus Framework

Developed to assist the mobile pentester during the entire process.

Check it out here: https://t.co/3a1wOTYAwh

#mobilesecurity #PenetrationTesting

🚀 Proud to Announce: ELPM v1.0 is Out!

Sleek PyQt6 GUI for Linux process hunting: Real-time views, network graphs, CPU/mem viz, & SIGKILL controls.

Linux/macOS ready—30s setup: Clone, pip, run script. Windows guide incl.

GitHub: https://github.com/The-OffSec-Desk/enhanced-process-monitor

Star it, fork it, yell at me in issues—community feedback fuels v2.0 (malware scans incoming 👀).

#ELPM #CyberSec #OpenSource

Curious to go deeper into the Linux kernel internals and low-level related topics? There you go, enjoy !

https://github.com/0xAX/linux-insides/tree/master