In this episode, we chat with Carson Sallis, Senior Offensive Security Engineer and Vulnerability Researcher at NVIDIA. Carson walks us through a day in the life of a pentester and shares actionable advice for anyone looking to break into offensive security. He also gives a live demo of fuzzing with AFL (American Fuzzy Lop) and explains how tools like this are used in real-world vulnerability research.
Whether you're just starting out or looking to sharpen your red team skills, this episode is full of insights you won’t want to miss.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Episode Resources:

GitHub: https://github.com/cybersecmentors/season_3_ep_6

Guest: Carson Sallis

Follow Carson and connect for updates, demos, and career insights.

LinkedIn: https://www.linkedin.com/in/carson-sallis/

Fuzzing Tools & Resources

· AFL (American Fuzzy Lop)
The fuzzing tool featured in Carson's demo.
Link: https://lcamtuf.coredump.cx/afl/

· AFL++
An advanced fork of AFL with modern features.
Link: https://github.com/AFLplusplus/AFLplusplus

· Fuzzing: Brute Force Vulnerability Discovery (Book)
A foundational guide for learning fuzzing.
Link: https://nostarch.com/fuzzing

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Connect with us and leave us feedback:

1. Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com
2. Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultation
3. Sign up for our Newsletter: https://sendfox.com/lp/m2vx85
4. Join us on Discord: https://discord.com/invite/g4yRKjnD78
5. Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcast
6. Check out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcast
7. TCM Affiliate Link: https://certifications.tcm-sec.com/?ref=1

Send us fan mail via text

In this episode, Steve and John dive into why securing systems is a must-know skill in cybersecurity. Learn the basics of system hardening, access control, and logging, plus practical tools and labs to get hands-on. They also explore how AI can boost your defense game — and why thinking like both an attacker and defender will set you apart.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Episode Resources:

Hands-On Labs & Platforms

1. TryHackMe
   • Labs: Intro to Windows, Hardening, Linux Privilege Escalation, Pre-Security Path
   • Great for learning system hardening and exploitation from both Red and Blue perspectives.
   • Link: https://tryhackme.com
2. Hack The Box Academy
   • Modules on Windows/Linux fundamentals, Active Directory hardening, and network security.
   • Link: https://www.hackthebox.com/
3. Cyber Defenders
   • Real-world challenges with system logs, hardening tasks, and detection engineering.
   • Link: https://cyberdefenders.org/

Security Benchmarks & Guides

1. CIS Benchmarks
   • Free hardening guidelines for Windows, Linux, macOS, network devices, and cloud platforms.
   • Link: https://www.cisecurity.org/cis-benchmarks
2. Microsoft Security Baselines
   • Microsoft’s official security settings for Windows 10/11, Server, Office, and more.
   • Link: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines

Tools & Scripts

1. Windows Hardening Guide by Debloat Windows
   • Open-source PowerShell scripts to harden Windows easily.
   • Link: https://github.com/ChrisTitusTech/win10script
2. Lynis (Linux Hardening Audit Tool)
   • CLI tool that scans Linux systems and gives a security score with suggestions.
   • Link: https://cisofy.com/lynis/
3. Ansible Lockdown Roles
   • Prebuilt automation scripts for applying CIS hardening via Ansible.
   • Link: https://github.com/ansible-lockdown/

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Connect with us and leave us feedback:

1. Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com
2. Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultation
3. Sign up for our Newsletter: https://sendfox.com/lp/m2vx85
4. Join us on Discord: https://discord.com/invite/g4yRKjnD78
5. Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcast
6. Check out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcast
7. TCM Affiliate Link: https://certifications.tcm-sec.com/?ref=1

Send us fan mail via text

Craig Sheffield shares his unconventional journey transitioning from teaching English in Taiwan to pursuing a cybersecurity career, highlighting how his background in music and audio engineering provided unexpected transferable skills. He also shares his candid experiences with the TryHackMe Security Analyst Level 1 certification.

Episode Resources:

• Craig’s LinkedIn page - https://www.linkedin.com/in/sheffieldcraig/
• Craig’s Github page with his project breakdown - https://github.com/ideafieldpro
• Chris Romano's site for his SOC academy - https://sites.google.com/careerup.tech/careerup-tech
• John Strand and the Black Hills team do Pay What You Can courses - https://www.antisyphontraining.com/
• Free Anki flashcards decks for certification exams (no SAL1) from Josh Madakor - https://lognpacific.com/free-certification-practice-tests/
• MyDFIR youtube channel with projects and career advice - https://www.youtube.com/@MyDFIR

Connect with us and leave us feedback:

• Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com
• Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultation
• Sign up for our Newsletter: https://sendfox.com/lp/m2vx85
• Join us on Discord: https://discord.com/invite/g4yRKjnD78
• Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcast
• Check out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcast
• TCM Affiliate Link: https://certifications.tcm-sec.com/?ref=198

Send us fan mail via text