AUSCERT Conference 2024: Key Insights from Thomas Roccia’s Talk

Listen to this Post

Featured Image
Thomas Roccia, a Senior Security Researcher at Microsoft, recently spoke at the AUSCERT 2024 Conference in the Southport room. His session covered cutting-edge cybersecurity trends, threat intelligence, and defensive strategies. Below, we break down key takeaways, practical commands, and tools discussed.

You Should Know:

1. Threat Intelligence & Hunting with Microsoft Tools

Thomas likely emphasized Microsoft Defender for Endpoint (MDE) and Azure Sentinel for threat detection. Here are some practical commands:

  • Check running processes (Linux):
    ps aux | grep -i "suspicious_process"
    
  • Hunt for suspicious network connections (Windows):
    Get-NetTCPConnection | Where-Object {$_.State -eq "Established"} | Select-Object LocalAddress, RemoteAddress, State
    
  • Query logs in Azure Sentinel (KQL):
    SecurityEvent | where EventID == 4625 | summarize count() by Account
    

2. Detecting Malware with YARA Rules

YARA is a powerful tool for malware identification. Example rule:

rule Detect_Emotet {
meta:
description = "Detects Emotet malware"
strings:
$s1 = "Emotet" nocase
$s2 = { 6A 40 68 00 30 00 00 6A 14 }
condition:
any of them
}

Scan a file with:

yara rule.yar suspicious_file.exe

3. Memory Forensics with Volatility

Thomas may have discussed memory analysis. Commands:

volatility -f memory_dump.raw pslist 
volatility -f memory_dump.raw netscan 

4. Securing Cloud Workloads

For Azure Security Center:

Get-AzSecurityTask | Where-Object {$_.Status -eq "Unresolved"}

What Undercode Say:

Thomas Roccia’s talk reinforced the importance of proactive threat hunting, leveraging AI-driven security tools, and memory forensics. Key tools like Microsoft Defender, YARA, and Volatility are critical for modern defenders.

Prediction:

As cyber threats evolve, expect deeper integration of AI in threat detection, increased cloud-based attacks, and a surge in fileless malware. Defenders must adopt automated hunting and behavioral analytics to stay ahead.

Expected Output:

 Sample output for ps aux | grep "suspicious"
root 12345 0.0 0.1 112704 2124 ? S 10:00 0:00 suspicious_process

URLs (if applicable):

References:

Reported By: Thomas Roccia – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram