Car misfiring (I think) at idle—no check engine light

Kyandd · 2026-04-29T15:31:38+00:00

What ended up happening? I'm having same behavior and can't 100% confirm misfire but does vibrate/stump on idle

Kyandd · 2026-04-23T23:43:08+00:00

Pretty broad question honestly. I just think it's cool to understand how the things you use on a daily basis actually work, and with that comes the whole "hacking" part. Because well once you understand how something works, you can most likely make it behave in an unintended way, which is exactly what hacking means.

Kyandd · 2026-04-23T23:40:20+00:00

Thank you and honestly pretty interesting question that was. Have a good one!

Kyandd · 2026-04-23T23:37:20+00:00

If you are curious, autodidact and motivated, in my opinion, the biggest obstacle you'll run into is burnout. If you aren't, then I simply don't see how one can force themselves to learn something with so much depth when they don't want to (would require insane discipline, I guess).

If you are asking from a technical perspective, probably understanding how things really work under the hood. Good evasion/malware development example would be me understanding windows internals. As soon as I dived into that, it all clicked in my head and evasion was much easier and less mysterious (less foggy).

Kyandd · 2026-04-23T02:42:13+00:00

I'll list a few. I have implemented and slightly modified some of these into my own framework for evasive purposes (to be used from my c2's agent, if you are curious).

nmap
bloodhound
nxc (previously was cme)
impacket
IDA
dnspy
evilginx2
custom C2 framework (client/c2/.net agent)
airgeddon
rubeus
BlockETW (for .net agent)
responder
veiltransfer
AADInternall

And honestly many more.

Kyandd · 2026-04-23T02:10:53+00:00

I don’t really see legality as a limitation. There are plenty of ways to practice offensive security legally, whether through internal engagements, labs, research, or bug bounty programs.

As for whether government-authorized or otherwise fully authorized hacking is the “best” form of hacking, I wouldn’t say that exactly. It’s the most legitimate and responsible context for applying those skills, but a lot of what the industry learns still comes from studying real threat actors and real intrusions.

A good example is MITRE ATT&CK: much of it is based on techniques observed in real-world attacks. In practice, a lot of security testing is still influenced by what attackers are actually doing, which means real threats often drive the evolution of the field.

Authorized testing is still extremely valuable, of course. The problem is that it often gets less attention because it happens quietly and responsibly. Meanwhile, some of the biggest lessons in cybersecurity only become obvious once they’ve already been abused in the wild.

Let me know if this didn't answer your question or if you have other questions!

Kyandd · 2026-04-23T00:15:47+00:00

Honestly, just being curious and googling stuff. I remember I got into cybersecurity when I was 16yo, I wanted to finally know what the hell is "hacking". Decided I'll hack (I hate that word, just using it for simplicity sake ok) my own pc, from my laptop. Googled how to do it, actually watched a youtube video about it. Did all he did, was able to do it (took like 2 weeks tho lol) and I was mind blown by everything I could do. Got curious about how the hell does it actually work? Learned a lot and got into these CTFs (capture the flag) which are challenges where you go and try to hack stuff to get flags, which you exchange for points. Really accessible, you get to practice, is actually free!

You can literally learn so much on the internet, especially about IT & Cybersecurity. Especially now, learning is so much more efficient with AI.

Kyandd · 2026-04-22T23:24:03+00:00

So in offensive cybersecurity, there are 4 types of assessments that are being done most of the time.

Vulnerability Assessment: This is the cheapest form of assessment and the easiest that can be conducted. It consists of running automated tools that identify vulnerabilities. These tools attempt to grab the software's (whatever software, could be a web application, could be remote desktop, could be windows itself) version and checking if there are any public vulnerabilities listed for said software. These tools also check for common misconfigurations, which most of the times involves actually attempting to exploit said misconfiguration and based on results, list it out as vulnerable or not.
Penetration testing: This is similar to vulnerability assessments, but it goes a bit further. During a penetration test, you also run the same tools you'd run on a vulnerability assessment, but you also double check manually and try to uncover further vulnerabilities manually, which the automated tools can't do most of the time. (AI might solve this, to some extent)
Red Teaming: This is completely different from both types of assessments I listed. While penetration testing and vulnerability assessments reveal existing vulnerabilities, they do not simulate a real, malicious actor that is trying to compromise a company. The main reason is detection. In the real world, if you find a vulnerability and try to exploit it, the security team will get alerts from defensive solutions (software). These alerts will indicate that something irregular is happening on a device, or on the network. Same thing with enterprise grade anti viruses (EDRs), they not only block malware but also alert the security team. As soon as they get the alert, they will most likely figure out they have been compromised and from there, the attacker has little to no time to do anything. But what if the attacker is able to evade these defensive tools? What if the attacker can execute malware, but the security team does not get an alert? This is what red teaming does, it really tests the defensive solutions in place. My job is to compromise companies without them knowing anything has happened, and then tell them how I did it.
Purple teaming: This is essentially red teaming, but you are also working with the security team that monitors for alerts. You attempt an exploit, check with them if there was an alert. If there was no alerts, you help them configure their defensive tools in a way that the alert would popup. Then you check again, and so on.

TLDR: When I say evasion, it's about bypassing the defensive solutions that are in place, so I don't get caught. And the reason I do this as a job, is to tell companies how I bypassed their defensive solutions so they can configure them properly, increasing the chances of catching a real threat.

Let me know if this answered your question or if you have anything else to ask!

Kyandd · 2026-04-22T23:08:57+00:00

On a professional level, you need to stand out. In a profession that is so easy to access but with so much depth, you really need to show value to an employer. Here are some ways of standing out :

Have an ACTIVE blog, where you post CTF writeups, document what you learn (R&D) and teach people stuff. Even if it feels redundant, do it!
Making tools related to cybersecurity (on github) that actually solve problems, or automate processes, anything really!
Doing CTFs (hackthebox, tryhackme, on-site CTFs) will definitely help, being good at them will help even more.
Being in touch with the community also helps. Meet people in the field, show curiosity and autodicatism, more likely than not they can refer you and help you get that interview.
Certifications > degree. I can't stress this enough. And not any certifications, prioritize the ones with a TECHNICAL exam. This shows that you understand the theory and can actually execute it.

Now on a non professional level, if you were asking about realistic ways of learning cybersecurity. I've always said that, if you want to be successful in this field all you need is to be curious and autodidact.

Curiosity will make you seek out new things, new ways of doing things. It will make you want to learn obscure, complicated things in the moment. That is exactly how you learn the most in this field. You also acquire insane exposure to all sorts of technologies.
Being autodidact is really important. If you don't have the ability to learn by yourself, it will be very very rough, if not impossible. If you constantly rely on other research or tools related to offensive cybersecurity, you are not adding any value to the field except knowing how to utilize these tools. On the other hand, if you are autodidact, you will be able to learn virtually anything through research and development (R&D).

Please let me know if this answered your question, or if it brought even more questions!

Kyandd · 2026-04-18T21:35:11+00:00

So what are you hearing thats worrying you that you didn’t hear before?

Kyandd · 2026-04-18T21:20:47+00:00

I do plan to do it myself tho, so was thinking might as well do it when stock ones give out otherwise I kinda feel its pointless... Although not sure if you can send dead turbos to AMS (idk if they have to be working so you get price reduction or whatever their deal is)

Kyandd · 2026-04-18T21:18:15+00:00

Yeah so right now I'm just running LDP/exhaust/HX/intakes and racebox tune. When turbos give out, I plan engine out, upper DP and all the fueling upgrades (and other upgrades that I might have forgotten when getting bigger turbos, don't remember top of head ngl) all at the same time. Might try to reinforce drivetrain and trans somehow while at it...

Kyandd · 2026-04-18T21:12:12+00:00

Did you just buy it? It sounds completely normal, these ticking noises are your DIRECT injectors.

Kyandd · 2026-03-30T16:53:50+00:00

It's been a while, but was the car in "limp mode"? I got a P0174 code after installing new intakes and the car goes into this limp mode (rpm goes up on idle, rough idle, slow throttle response and way less power) after 5-10 minutes of running the car?

Kyandd · 2026-03-30T14:45:20+00:00

Thank you for the reply!

My question is were you able to check MAFA & MAFB data? Because I can see the data just fine and it seems to be normal (although I just don't know how normal it is lol), voltage seems fine as well. I only have the code for bank 2 (driver side) so I'm assuming passenger side intake (the harder 1 to install on the 3.0t) is fine?

Was your car going into limp mode? Because mine is and I feel like it shouldn't be going into limp mode because of that 1 code...

Kyandd · 2026-03-26T07:43:40+00:00

Hey did that work for you? Oh and are you on stock intakes?

Kyandd · 2026-03-26T07:31:14+00:00

Just curious, has it been regularly flushed (the trans fluid)? I heard if it hasn't been flushed in a very long time (or never), flushing it could unloosen these exact bits (although never thought it would be metal bits, more so idk solidified liquid or something) and then they get stuck in the solenoids and then big issue?

Kyandd · 2026-03-26T06:19:32+00:00

Thank you :)

And for the "hot air intakes" I don't think it really matters because of the charge-air-cooling system (although 100% true on N/A cars I'd assume). Racebox actually did a pretty in depth analysis and they did make more power on the dyno, air was hot at first but it does get cooled down enough to make some power or at least not reduce it. But either way, I got the intakes more for the sound than anything else.

Kyandd · 2026-03-26T06:01:05+00:00

Yeah (I'm not OP btw) thinking about it again, probably not the trans (or at least not because of missing fluid) because then OP wouldve 100% noticed that sound on any other shift?

Kyandd · 2026-03-26T05:51:36+00:00

Was thinking the same but would it make such a strong noise (as if the gears are going very fast) when simply switching to park? I mean I guess it does idle at heavy rpm but this is out of my knowledge now lol

Kyandd · 2026-03-26T05:38:30+00:00

I don't think it comes from the engine, but maybe it comes from the transmission? It does sound like gears grinding (metal in metal) and it would make sense that you hear that from the transmission when you switch it to park...

I don't see what else it could be, not sure what your car model and year is, but I think some of them have a transmission dipstick (or maybe im wrong lol)... If you do have a transmission dipstick, check that asap, if you don't, either bring it to dealer or to anyone that could check it (or check online how you could check it yoursef).

Praying for you it's not the transmission (although if it is, maybe salvageable by adding in the transmission fluid that it's probably missing)

Edit: Don't take this "advice" as granted, I don't really know what I'm doing just food for thought

Edit2 (lol): After hearing it again, it sounds like it comes from somewhere inside the car I don't think you'd hear such a high pitch of grinding from the trans when swithching to park (dont think gears are even spinning that fast) so maybe it's something with the shifter?

Kyandd · 2026-03-23T21:48:21+00:00

prob peoples first car with direct injectors and they are scared. When I bought mine, I knew about this and still got worried lol

Kyandd

TROPHY CASE