Nasreddine Bencherchali

Staff Research Engineering Technical Leader at cisco-sbg Splunk SigmaHQ magicsword-io

Hull, England, Germany
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
award
Top expert inCybersecurity Analytics and Threat Intelligence
Nasreddine Bencherchali is a Staff Research Engineering Technical Leader and Senior Threat Researcher with eight years of hands-on experience in detection, threat hunting, malware analysis, incident response and Windows internals. He combines research-led detection engineering with practical offensive and DFIR experience, having authored SIGMA rules, YARA signatures (including detections for Follina CVE-2022-30190) and contributions to the flagship Sigma rule repository. Based between Hull and Germany, he now works at Cisco after a stint at Splunk and maintains core responsibilities at SigmaHQ, bridging open-source rule validation and enterprise detection pipelines. Known for obsessive attention to Windows behavior and regex-driven rule hardening, he also blogs about infosec and runs practical projects like MAL-CL that surface evasive command-line techniques.
code8 years of coding experience
job7 years of employment as a software developer
bookMaster's degree Information Systems Security, Master's degree Information Systems Security at Saad Dahlab University - Blida, Algeria
bookBaccalaureate Science, Baccalaureate Science at Mouloud Kacem Naït Belkacem High School
languagesEnglish, French, Arabic, German
github-logo-circle

Github Skills (19)

threat-hunting10
testing10
security10
regular-expression10
threat-intelligence10
yara10
sia9
dfu9
dfd9
dfa9
dfm9
python8
yaml8
monitoring7
scanner7

Programming languages (14)

C#MDXC++JinjaCMakefileVueGo

Github contributions (5)

github-logo-circle
SigmaHQ/sigma

Oct 2021 - Jan 2023

Main Sigma Rule Repository
Role in this project:
userSecurity Engineer
Contributions:1518 reviews, 1092 commits, 1124 PRs in 1 year 3 months
Contributions summary:Nasreddine's commits primarily focus on enhancing and refining the testing framework for security rules within the Sigma repository. They made significant contributions to the test suite, including improvements to regex patterns for MITRE ATT&CK tags, adding tests for duplicate filters, and correcting common field name typos. The user also added tests to improve the robustness of the rule validation process.
signaturessysmonrulesecurityids
Neo23x0/signature-base

Jun 2022 - Jan 2023

YARA signature and IOC database for my scanners and tools
Role in this project:
userSecurity Engineer
Contributions:7 reviews, 8 commits, 4 PRs in 6 months
Contributions summary:Nasreddine's contributions primarily involve updating YARA rules within the `signature-base` repository. They added and modified rules designed to detect exploit attempts related to CVE-2022-30190 (Follina) and CVE-2022-46169, specifically focusing on identifying malicious patterns in files and network traffic. The user also addressed a broken extension, indicating a focus on maintaining and improving existing detection capabilities.
scanneryarahashdfirioc
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Nasreddine Bencherchali - Staff Research Engineering Technical Leader at cisco-sbg Splunk SigmaHQ magicsword-io