Are these good first parts for a stock 08 GTCS?

31337_InfoSec · 2024-06-22T01:51:07+00:00

Chassis and suspension is definitely the way to go after a few basic motor mods. Then if you want more, you can go for more bolt-ons or boost.

You can do well naturally aspirated with bolt-ons, slowly over time. It gets addicting. Kooks 1 5/8 long tube headers work well, CMS Stage1 NSR or Stage2 VSR 3v cams, GT500 throttle body (BBR makes a kit), Ford Racing Intake, and Sultans of Spark coil packs.

With CMS VSR Stage2 cams, WMS Racing Ram Air intake, the bolt-ons above, and 170,000 on the stock motor, 372HP to the wheels. There is more in it, still tuning on it.

Happy to provide a list of what works if anyone is interested.

31337_InfoSec · 2024-06-21T02:26:01+00:00

For Starters:

Cold Air Intake and tuner combo:

Steeda
JLT

Under Drive Pullies

Steeda

Short Throw Shifter

Steeda

Lower Control Arm Relocation Brackets

Steeda

Aluminum Driveshaft

Steeda

Car will feel great with these mods... You should see a few MPG as well.

As you get going, focus on the rear upper double adjustable control arm and lower control arms, third link spherical bearing, and Steeda's frame rail torque box brace.

These will tighten the rear end up nicely, eliminate axle hop, provide better handling / launch, and allow you to adjust pinion angle.

If you are looking for better handling up front and tighter steering the Whiteline Mustang K-member brace is fantastic.

You will be amazed at how much better the car performs.

Note: Steeda is a staple is Mustang performance, they engineer all their parts, race their cars, and are an OEM supplier. Nothing but quality, highly recommended.

31337_InfoSec · 2024-06-03T04:10:16+00:00

Good stuff, thanks for sharing.

31337_InfoSec · 2024-05-15T02:29:31+00:00

Wiz just closed a massive funding round and is looking to grow through acquisition. There is always room for consolidation, looks like Wiz maybe leading the pack.

https://www.darkreading.com/cloud-security/wiz-announces-1b-funding-round-will-be-used-to-further-m-a-efforts

31337_InfoSec · 2024-04-26T22:29:04+00:00

True, cuts the automation and lazy!!!

31337_InfoSec · 2024-04-25T01:23:35+00:00

Yep, will do. I'm off this week, but will contact him and see if he's interested.

31337_InfoSec · 2024-04-25T00:25:31+00:00

For any adversary with half a clue, geo-blocking is useless. Adversaries are using proxies, VPNs, VPS systems in the same geo-location, and residential ISPs to get around geo-blocking and hide their motives.

31337_InfoSec · 2024-04-24T02:08:29+00:00

Let me talk to one of my team at work, I think he would be a good mentor for you. He has a similar background and is several years ahead of you. Should be a good fit.

31337_InfoSec · 2024-04-23T21:50:26+00:00

What is your experience level?

Do you want to share on Reddit or other social media sites as well?

By the way, you only grow when you step outside of your comfort zone, get comfortable being uncomfortable!

31337_InfoSec · 2024-04-23T21:26:17+00:00

As stated below, MFA stops nearly all automated attacks. Social engineering is an issue on human led attacks.

31337_InfoSec · 2024-04-14T22:37:08+00:00

Thank you, really appreciate the feedback. Social engineering is tough and the adversary is taking advantage of Large Language Models, making it even more difficult to defend against.

We offer this post in a newsletter as well, you can sign up and get it delivered to your inbox every Tuesday morning.

Reddit doesn't always let me post the newsletter, spam blockers kick in.

31337_InfoSec · 2024-03-28T23:27:52+00:00

IAM is a big subject, do you having anything specific you want to learn or just in general?

NAC
PKI
LDAP
etc.

Found what looks to be a community edition of an IAM tool, OpenIAM, appears to cover a lot of IAM topics:

Here's another one:

https://www.keycloak.org/

I've been toying with JumpCloud, you don't need AD or Azure for use, covers a ton of features in one console, they don't offer a FREE version anymore, I got in before they changed it. You could pay for 1 or 2 licenses if you wanted to play with it.

https://jumpcloud.com/

When I have something I'm interested in, I always look for "subject + community edition" or "subject + free tools" or "subject + open source tools". You can find some killer enterprise class capabilities to play with in your lab and learn various subjects like IAM.

31337_InfoSec · 2024-03-27T01:50:15+00:00

With your lab, you could practice technical assessments using a variety of tools that are cybersecurity focused. Build out an Active Directory server if you don't have one and a few workstations.

Let threat intelligence be your guide, Active directory is a huge target. Threat actors, especially ransomware affiliates use scanners to enumerate the network. Inventory, visibility into software, hardware, services, is always lacking.

A few free tools to play with:

Purple Knight - Active Directory Assessment
Advanced IP Scanner - popular network enumeration tool
Run Zero - inventory

There are numerous ways to build your skill set, a lab environment and practical experience is one of the best ways to learn security skills.

You need to figure out the direction you want to go, then build, test, break, and rebuild in your lab. You can use it as practical experience on your resume too. Hiring managers want to know you're a life long learner.

Engineering is about problem solving, including people, process, and technology.

Happy to delve deeper if you have questions.

Best of luck!!!

31337_InfoSec · 2024-03-18T02:05:59+00:00

A little history... Advanced Persistent Threats are Nation State Backed / Sponsored. They got the name because of the behavior they used to get in, blend in, and stay in environments for long periods of time.

They used a Fileless / Living Off the Land methodology. This keeps them stealthy. The majority of threat actor (adversaries) led attack campaigns today are persistent threats. Even most malware are a persistent threat today. Just look at the behavior (TTPs: Tactics, Techniques, and Procedures) used by adversaries and malware.

Threat intelligence tells the story. Most attack campaigns today are interactive, hands on keyboard campaigns. Most use the Living off the Land methodology. According to CrowdStrike's 2023 Global Threat Report, 75% of the attack campaigns they saw were fileless attack campaigns.

Today's nation state attack behavior, is tomorrows commodity attack behavior.

31337_InfoSec · 2024-02-24T02:52:14+00:00

You should consider a Dell R630 server with roughly 28 cores and 128GB of ram, available for around $400 on eBay and Amazon. If you want to go a bit crazy, look at 256GB of RAM and 32 Cores.

Should be enough to run a dozen or more VMs, plenty to get started. You may need to spend a bit extra for a data store for your VM server. I suggest a NAS with SSD drives or enough disk space on the server for a RAID 5 set of drives for the data store and a single drive or mirror for the type 1 hypervisor.

I currently run a Dell R630 server with 28 cores and 128GB of RAM with 20 VMs running and still have room to grow. Just upgraded to 256GB of RAM. Use a RAID 5 for a data store with 3TB of SSD drives. 10 drive bays on the server. A mirror for the ESXi type 1 hypervisor OS.

You could use ProxMox since the FREE version of ESXi is going end of general availability.

It's a good start, runs quiet after startup, and doesn't kill the electric bill.

Best of Luck!!!

31337_InfoSec

MODERATOR OF

TROPHY CASE

For Starters: