A Day in the Life of a Penetration Tester with Carson Sallis
In this episode, we chat with Carson Sallis, Senior Offensive Security Engineer and Vulnerability Researcher at NVIDIA. Carson walks us through a day in the life of a pentester and shares actionable advice for anyone looking to break into offensive security. He also gives a live demo of fuzzing with AFL (American Fuzzy Lop) and explains how tools like this are used in real-world vulnerability research.Whether you're just starting out or looking to sharpen your red team skills, this episode is full of insights you won’t want to miss.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Episode Resources:GitHub: https://github.com/cybersecmentors/season_3_ep_6Guest: Carson Sallis Follow Carson and connect for updates, demos, and career insights.LinkedIn: https://www.linkedin.com/in/carson-sallis/Fuzzing Tools & Resources· AFL (American Fuzzy Lop) The fuzzing tool featured in Carson's demo. Link: https://lcamtuf.coredump.cx/afl/· AFL++ An advanced fork of AFL with modern features. Link: https://github.com/AFLplusplus/AFLplusplus· Fuzzing: Brute Force Vulnerability Discovery (Book) A foundational guide for learning fuzzing. Link: https://nostarch.com/fuzzing++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Connect with us and leave us feedback:Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultationSign up for our Newsletter: https://sendfox.com/lp/m2vx85 Join us on Discord: https://discord.com/invite/g4yRKjnD78Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcastCheck out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcastTCM Affiliate Link: https://certifications.tcm-sec.com/?ref=1Send us fan mail via text
--------
46:54
Mastering Cybersecurity: Part 2 – Securing Systems and Environments
In this episode, Steve and John dive into why securing systems is a must-know skill in cybersecurity. Learn the basics of system hardening, access control, and logging, plus practical tools and labs to get hands-on. They also explore how AI can boost your defense game — and why thinking like both an attacker and defender will set you apart.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Episode Resources:Hands-On Labs & PlatformsTryHackMe Labs: Intro to Windows, Hardening, Linux Privilege Escalation, Pre-Security PathGreat for learning system hardening and exploitation from both Red and Blue perspectives.Link: https://tryhackme.comHack The Box Academy Modules on Windows/Linux fundamentals, Active Directory hardening, and network security.Link: https://www.hackthebox.com/Cyber Defenders Real-world challenges with system logs, hardening tasks, and detection engineering.Link: https://cyberdefenders.org/Security Benchmarks & GuidesCIS Benchmarks Free hardening guidelines for Windows, Linux, macOS, network devices, and cloud platforms.Link: https://www.cisecurity.org/cis-benchmarksMicrosoft Security Baselines Microsoft’s official security settings for Windows 10/11, Server, Office, and more.Link: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselinesTools & ScriptsWindows Hardening Guide by Debloat WindowsOpen-source PowerShell scripts to harden Windows easily.Link: https://github.com/ChrisTitusTech/win10scriptLynis (Linux Hardening Audit Tool)CLI tool that scans Linux systems and gives a security score with suggestions.Link: https://cisofy.com/lynis/Ansible Lockdown RolesPrebuilt automation scripts for applying CIS hardening via Ansible.Link: https://github.com/ansible-lockdown/++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Connect with us and leave us feedback:Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultationSign up for our Newsletter: https://sendfox.com/lp/m2vx85 Join us on Discord: https://discord.com/invite/g4yRKjnD78Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcastCheck out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcastTCM Affiliate Link: https://certifications.tcm-sec.com/?ref=1Send us fan mail via text
--------
40:33
Craig Sheffield's Unconventional Journey Into Cybersecurity
Craig Sheffield shares his unconventional journey transitioning from teaching English in Taiwan to pursuing a cybersecurity career, highlighting how his background in music and audio engineering provided unexpected transferable skills. He also shares his candid experiences with the TryHackMe Security Analyst Level 1 certification. Episode Resources:Craig’s LinkedIn page - https://www.linkedin.com/in/sheffieldcraig/Craig’s Github page with his project breakdown - https://github.com/ideafieldproChris Romano's site for his SOC academy - https://sites.google.com/careerup.tech/careerup-techJohn Strand and the Black Hills team do Pay What You Can courses - https://www.antisyphontraining.com/Free Anki flashcards decks for certification exams (no SAL1) from Josh Madakor - https://lognpacific.com/free-certification-practice-tests/MyDFIR youtube channel with projects and career advice - https://www.youtube.com/@MyDFIRConnect with us and leave us feedback:Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultationSign up for our Newsletter: https://sendfox.com/lp/m2vx85 Join us on Discord: https://discord.com/invite/g4yRKjnD78Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcastCheck out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcastTCM Affiliate Link: https://certifications.tcm-sec.com/?ref=198Send us fan mail via text
--------
1:01:54
Mastering Cybersecurity: Part 1 - Why learning how to "Build" is Essential
In this episode, we delve into the often-overlooked yet fundamental importance of learning how to "build" systems, networks, and applications for cybersecurity professionals. Coining the philosophy "Build, Secure, Hack," we explore why hands-on experience in building provides an essential foundation for effectively securing and ultimately understanding how to hack those environments. We discuss the pitfalls of skipping these foundational IT skills, highlight the immense value of setting up a home lab for practical learning, and offer concrete examples of what to build to enhance your cybersecurity expertise and career prospects in today's job market.Check out our new merch shop! https://the-cybersecurity-mentors-pod.myspreadshop.comYouTube ResourcesNetworkChuck - https://www.youtube.com/c/NetworkChuckTechno Tim - https://www.youtube.com/c/TechnoTimLive LearnLinuxTV - https://www.youtube.com/c/LearnLinuxTV The Coding Train - https://www.youtube.com/c/TheCodingTrain Professor Messer - https://www.youtube.com/@professormesserVirtualization PlatformsVirtualBox – Free and easy to use. - https://www.virtualbox.org/VMware Workstation Player – Personal use version of VMware.Proxmox VE – Advanced, self-hosted hypervisor.Lab Design IdeaspfSense as your firewall/routerLinux and Windows VMs for practiceAdd vulnerable VMs from VulnHub to practice attack/defend - https://www.vulnhub.com/Add Security Onion to practice detection - https://securityonionsolutions.com/Automation / DevOpsAnsible – Infrastructure as code for deploying and managing servers - https://www.ansible.com/Docker – Build and run isolated containers (great for web apps or SOC tools) - https://www.docker.com/HomelabOS – Build an entire lab with one command - https://homelabos.com/Cloud OptionsAWS Free Tier - https://aws.amazon.com/free/Google Cloud Free Tier - https://cloud.google.com/freeMicrosoft Azure for Students - https://azure.microsoft.com/en-us/free/students/Send us fan mail via text
--------
36:50
Peeling Back the Network Layers with Doug Burks
In this episode, we talk with Doug Burks, founder and CEO of Security Onion Solutions. He shares his journey from computer enthusiast to cybersecurity company founder and how he's helping defenders catch bad guys through accessible network security monitoring tools. We also discuss how important setting up your home lab is as a crucial learning environment for security professionals at all levels. Security Onion Solutions https://securityonionsolutions.com/ Doug Burks – Linkedin https://www.linkedin.com/in/dougburks/ BSides Augustahttps://bsidesaugusta.org/ Check out our new merch shop! https://the-cybersecurity-mentors-pod.myspreadshop.comSend us fan mail via text
In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.
España