In this episode I talk with Ben Kofman, a Offensive Security Engineer. We talk about Ben's introduction to Cybersecurity, offensive vs. defensive cyber, cybersecurity tools every aspiring analyst should know, an exploit Ben found at a tech company and some good EDM artists to study to. Hope you enjoy!
CYBERSECURITY READING:
Recursive Amplification Attacks: Botnet-as-a-Service (Ben’s Article): https://www.praetorian.com/blog/recursive-amplification-attacks-botnet-as-a-service/
An Unprecedented Look at Stuxnet, the World's First Digital Weapon from
Wired: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
Everything You Need for a Career as a SOC Analyst in 2024 from the Dynamic Search Solutions Blog: https://dynamicsearch.co.uk/career-tips/soc-analyst-career/
How Did Thousands of Pagers Used by Hezbollah Explode at the Same Time? from the Wall Street Journal: https://www.wsj.com/world/middle-east/hezbollah-pager-explosion-explained-ed4274f3
How Do APIs Work? from Akami: https://www.akamai.com/glossary/how-do-apis-work
How to become a cybersecurity engineer: ultimate career guide from Hack the Box: https://www.hackthebox.com/blog/how-to-become-a-cybersecurity-engineer-career-guide
Red Team vs Blue Team Defined from Crowdstrike: https://www.crowdstrike.com/en-us/cybersecurity-101/advisory-services/red-team-vs-blue-team/
Security architecture design from Microsoft: https://learn.microsoft.com/en-us/azure/architecture/guide/security/security-start-here
SolarWinds Hack Victims: From Tech Companies to a Hospital and University from the Wall Street Journal: https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402
The Untold Story of the Boldest Supply-Chain Hack Ever from Wired: https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
What Is an Incident Response Analyst? From Kingsland University: https://kingslanduniversity.com/incident-response-analyst-become
What is Phishing from Fortinet: https://www.fortinet.com/de/resources/cyberglossary/phishing
CYBERSECURITY TRAINING:
Hack The Box: https://www.hackthebox.com/
Port Swigger Academy: https://portswigger.net/web-security
TryHackMe: https://tryhackme.com/
OffSec Proving Grounds: https://www.offsec.com/labs/enterprise/
Sans Net Wars: https://www.sans.org/cyber-ranges/tournament-of-champions/
PODCASTS:
Darknet Diaries - NotPetya: https://darknetdiaries.com/transcript/54/
Darknet Diaries – Shadow Brokers:
https://darknetdiaries.com/transcript/53/
Darknet Diaries - Stuxnet: https://darknetdiaries.com/transcript/29/
PROGRAMS MENTIONED:
Burp Suite: https://portswigger.net/burp
Caido: https://caido.io/
Docker: https://www.docker.com/
Kali Linux OS: https://www.kali.org/
VMWare Workstation: https://www.vmware.com/products/desktop-hypervisor/workstation-and-fusion
Oracle VirtualBox: https://www.virtualbox.org/
SONG INTRO/OUTRO:
One More Time by Daft Punk
|-Video Chapters-|
0:00 - Intro
0:57 - Deciding on a major in university
3:04 - Ben's internship experience
4:54 - University majors with optionality
5:23 - Ben’s introduction to Cybersecurity
7:36 - The unusual paths to tech
8:26 - Certifications in Cybersecurity
11:36 - Capture the Flag (CTF) challenges
14:42 - Building an app to handle data processing and search
18:40 - Adrian’s attempt at full stack dev
21:05 - Offensive vs defensive Cybersecurity
24:09 - Social engineering and getting phished
27:29 - A vulnerability Ben found in a company’s application
34:49 - The most technically skilled cyber hacks of our time
42:15 - Cool names for Advanced Persistent Threat (APT) groups
44:50 - How to prepare for a job in Cybersecurity
48:06 - Tools and programs to learn that are useful in Cybersecurity
56:40 - Ben's favorite EDM artists
58:20 - Lofi and synthwave for studying
59:55 - Favorite EDM concerts
1:01:37 - apes.io
1:03:03 - Conclusion
