In this episode I talk with Ben Kofman, a Offensive Security Engineer. We talk about Ben's introduction to Cybersecurity, offensive vs. defensive cyber, cybersecurity tools every aspiring analyst should know, an exploit Ben found at a tech company and some good EDM artists to study to. Hope you enjoy! CYBERSECURITY READING: Recursive Amplification Attacks: Botnet-as-a-Service (Ben’s Article): https://www.praetorian.com/blog/recursive-amplification-attacks-botnet-as-a-service/ An Unprecedented Look at Stuxnet, the World's First Digital Weapon from Wired: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ Everything You Need for a Career as a SOC Analyst in 2024 from the Dynamic Search Solutions Blog: https://dynamicsearch.co.uk/career-tips/soc-analyst-career/ How Did Thousands of Pagers Used by Hezbollah Explode at the Same Time? from the Wall Street Journal: https://www.wsj.com/world/middle-east/hezbollah-pager-explosion-explained-ed4274f3 How Do APIs Work? from Akami: https://www.akamai.com/glossary/how-do-apis-work How to become a cybersecurity engineer: ultimate career guide from Hack the Box: https://www.hackthebox.com/blog/how-to-become-a-cybersecurity-engineer-career-guide Red Team vs Blue Team Defined from Crowdstrike: https://www.crowdstrike.com/en-us/cybersecurity-101/advisory-services/red-team-vs-blue-team/ Security architecture design from Microsoft: https://learn.microsoft.com/en-us/azure/architecture/guide/security/security-start-here SolarWinds Hack Victims: From Tech Companies to a Hospital and University from the Wall Street Journal: https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402 The Untold Story of the Boldest Supply-Chain Hack Ever from Wired: https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/ What Is an Incident Response Analyst? From Kingsland University: https://kingslanduniversity.com/incident-response-analyst-become What is Phishing from Fortinet: https://www.fortinet.com/de/resources/cyberglossary/phishing CYBERSECURITY TRAINING: Hack The Box: https://www.hackthebox.com/ Port Swigger Academy: https://portswigger.net/web-security TryHackMe: https://tryhackme.com/ OffSec Proving Grounds: https://www.offsec.com/labs/enterprise/ Sans Net Wars: https://www.sans.org/cyber-ranges/tournament-of-champions/ PODCASTS: Darknet Diaries - NotPetya: https://darknetdiaries.com/transcript/54/ Darknet Diaries – Shadow Brokers: https://darknetdiaries.com/transcript/53/ Darknet Diaries - Stuxnet: https://darknetdiaries.com/transcript/29/ PROGRAMS MENTIONED: Burp Suite: https://portswigger.net/burp Caido: https://caido.io/ Docker: https://www.docker.com/ Kali Linux OS: https://www.kali.org/ VMWare Workstation: https://www.vmware.com/products/desktop-hypervisor/workstation-and-fusion Oracle VirtualBox: https://www.virtualbox.org/ SONG INTRO/OUTRO: One More Time by Daft Punk |-Video Chapters-| 0:00 - Intro 0:57 - Deciding on a major in university 3:04 - Ben's internship experience 4:54 - University majors with optionality 5:23 - Ben’s introduction to Cybersecurity 7:36 - The unusual paths to tech 8:26 - Certifications in Cybersecurity 11:36 - Capture the Flag (CTF) challenges 14:42 - Building an app to handle data processing and search

18:40 - Adrian’s attempt at full stack dev 21:05 - Offensive vs defensive Cybersecurity 24:09 - Social engineering and getting phished 27:29 - A vulnerability Ben found in a company’s application 34:49 - The most technically skilled cyber hacks of our time 42:15 - Cool names for Advanced Persistent Threat (APT) groups 44:50 - How to prepare for a job in Cybersecurity 48:06 - Tools and programs to learn that are useful in Cybersecurity 56:40 - Ben's favorite EDM artists 58:20 - Lofi and synthwave for studying 59:55 - Favorite EDM concerts 1:01:37 - apes.io 1:03:03 - Conclusion