Nasreddine Bencherchali's Avatar

Nasreddine Bencherchali

@nasbench.bsky.social

Detection @Splunk | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner

483 Followers  |  143 Following  |  8 Posts  |  Joined: 03.09.2023  |  1.8089

Latest posts by nasbench.bsky.social on Bluesky

Post image Post image

πŸ” Windows Security and SDDL: What You Need to Know πŸ”

Windows permissions misconfigurations are a goldmine for attackers. SDDL (Security Descriptor Definition Language) remains overlooked yet highly exploitable. 🚨

@nasbench.bsky.social and I break it down -->

🧡 (1/)

21.02.2025 15:55 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time | Splunk Explore SDDL in Windows security with our comprehensive guide to help enhance your defensive strategy against privilege escalation attacks.

Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time www.splunk.com/en_us/blog/s....

Thrilled to share my first blog at @splunk! @mhaggis.bsky.social and I take a deep dive into the weird & exciting world of SDDL and ACEs - what they are, how they work, and how attackers can abuse them.

15.02.2025 22:36 β€” πŸ‘ 12    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
Incident Response: Behind the Scenes by InfoSec Deep Dive Explore the field of incident response with our hosts as they discuss what it means to be an incident responder. From preparation to recovery, they cover the phases of handling security incidents and the approach needed to remain effective under pressure. Using real-world examples like ransomware attacks, they talk about the challenges, tools, and teamwork involved in reducing impact and learning from each event. This episode provides insight into the essential role of incident responders. Whether you want to know about the tools they use, the choices they make, or their daily tasks, this episode has you covered. Join us to understand why cybersecurity matters for everyone.

πŸŽ™οΈ New podcast episode is live! I used my experience as an Incident Responder and provided it to NotebookLM to turn into a podcast. Wondering what it feels like to be in IR? This episode shares most responsibilities, true to life for 99% of IR folks.

Hope you enjoy: creators.spotify.com...

27.01.2025 00:10 β€” πŸ‘ 11    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

This is just sad to think about πŸ˜”

24.01.2025 22:24 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

AI allows you to do more work with the same salary. Allowing companies to make more money, and, it uses your data to train so that it'll replace you later.

When is the utopia we read about in sci-fi books. Looks like we skipped to the doom and gloom and AI overlords chapter too quickly 😭

24.01.2025 22:01 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

I guess we're still here @kostas-sec.bsky.social πŸ˜‚
Bsky is chill

23.01.2025 00:30 β€” πŸ‘ 11    πŸ” 1    πŸ’¬ 3    πŸ“Œ 0
Post image

Compared to release v2023-08-24, in v2024-11-10 there are 469 more public #detectionrules in the #SigmaRules repository.

www.dogesec.com/blog/analysi...

#threatintelligence #threatintel

09.12.2024 10:41 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

πŸ’‘Interested in #memoryforensics ? Follow

βœ… @volexity.com
βœ… @volatilityfoundation.org
βœ… @attrc.bsky.social
βœ… @rmettig.bsky.social
βœ… @nolaforensix.bsky.social

➑️ more to come!

20.11.2024 18:49 β€” πŸ‘ 54    πŸ” 24    πŸ’¬ 1    πŸ“Œ 0

I’m looking for a new remote work opportunity starting in April. If you think I’d be a good fit for your team, let me know!

20.11.2024 22:07 β€” πŸ‘ 1    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
Blue Sky Jimmy Cliff GIF ALT: Blue Sky Jimmy Cliff GIF

Everybody joining and preaching BS aka Blue sky πŸ˜†
Enjoy your weekend everyone.

16.11.2024 00:24 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Unwrapping the emerging Interlock ransomware attack Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware.

Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Read the blog here: cs.co/6019SsMIh
#dfir #threatintel #cybersecurity

13.11.2024 14:06 β€” πŸ‘ 16    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0

Windows.edb and WER dumps, just to name a few

10.11.2024 11:43 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Appreciate you brother πŸ™

02.11.2024 13:02 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

LOLDrivers are cool 😎

18.11.2023 15:23 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@nasbench is following 20 prominent accounts