Listen to this Post

Thomas Roccia, a Senior Security Researcher at Microsoft, recently spoke at the AUSCERT 2024 Conference in the Southport room. His session covered cutting-edge cybersecurity trends, threat intelligence, and defensive strategies. Below, we break down key takeaways, practical commands, and tools discussed.
You Should Know:
1. Threat Intelligence & Hunting with Microsoft Tools
Thomas likely emphasized Microsoft Defender for Endpoint (MDE) and Azure Sentinel for threat detection. Here are some practical commands:
- Check running processes (Linux):
ps aux | grep -i "suspicious_process"
- Hunt for suspicious network connections (Windows):
Get-NetTCPConnection | Where-Object {$_.State -eq "Established"} | Select-Object LocalAddress, RemoteAddress, State - Query logs in Azure Sentinel (KQL):
SecurityEvent | where EventID == 4625 | summarize count() by Account
2. Detecting Malware with YARA Rules
YARA is a powerful tool for malware identification. Example rule:
rule Detect_Emotet {
meta:
description = "Detects Emotet malware"
strings:
$s1 = "Emotet" nocase
$s2 = { 6A 40 68 00 30 00 00 6A 14 }
condition:
any of them
}
Scan a file with:
yara rule.yar suspicious_file.exe
3. Memory Forensics with Volatility
Thomas may have discussed memory analysis. Commands:
volatility -f memory_dump.raw pslist volatility -f memory_dump.raw netscan
4. Securing Cloud Workloads
For Azure Security Center:
Get-AzSecurityTask | Where-Object {$_.Status -eq "Unresolved"}
What Undercode Say:
Thomas Roccia’s talk reinforced the importance of proactive threat hunting, leveraging AI-driven security tools, and memory forensics. Key tools like Microsoft Defender, YARA, and Volatility are critical for modern defenders.
Prediction:
As cyber threats evolve, expect deeper integration of AI in threat detection, increased cloud-based attacks, and a surge in fileless malware. Defenders must adopt automated hunting and behavioral analytics to stay ahead.
Expected Output:
Sample output for ps aux | grep "suspicious" root 12345 0.0 0.1 112704 2124 ? S 10:00 0:00 suspicious_process
URLs (if applicable):
References:
Reported By: Thomas Roccia – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


