Thomas Roccia

Thomas Roccia is a seasoned threat researcher. Currently, he serves as a Senior Security Researcher at Microsoft Threat Intelligence and operates SecurityBreak, an online platform for his project updates and research.

Contributed Techniques
Technique Name Technique ID's Has Snippet(s) Has Rules(s)
BobSoft Mini Delphi Packer U1428
INT 0x2D U0129 B0001.006
CloudEye/DarkEye U1426
CryptOne U1427
Trap Flag U0131
NLS Code Injection Through Registry U1237
Code Cave U0502
ICE 0xF1 U0130
Contributed Code Snippets
Technique Language Creation Date
Checking Memory Size C++ 8 months, 3 weeks
Detecting USB Drive C++ 8 months, 3 weeks
Connected Printer C++ 8 months, 3 weeks
Geofencing Python 8 months, 3 weeks
Image File Execution Options Injection C++ 10 months, 4 weeks
COM Hijacking C++ 11 months, 2 weeks
Checking Pipe C++ 12 months
Geofencing C++ 12 months
Hiding Mechanisms C++ 12 months
Malvertising JavaScript 12 months
Fast Flux Python 12 months
Domain Generation Algorithm Python 12 months
DNS Tunneling Python 12 months
DNS Hijacking Python 12 months
Tor Network C2 Python 12 months
Peer to peer C2 Python 12 months
C2 via Social Networks Python 12 months
ROL Python 12 months
Cryptography Python 12 months
Custom Encoding Python 12 months
XOR Operation C++ 12 months
XOR Operation Python 12 months
Kill Process C++ 3 years, 2 months
TLS Callback C++ 3 years, 2 months
Checking Malware Name C++ 3 years, 2 months
OutputDebugString C++ 3 years, 2 months
IsDebuggerPresent C++ 3 years, 2 months
Indicator Removal: Clear Windows Event Logs cmd 3 years, 2 months
Detecting Mac Address Golang 3 years, 2 months
Caesar Cipher Golang 3 years, 2 months
Base64 Golang 3 years, 3 months
Detecting Hostname, Username C++ 3 years, 3 months
Checking Screen Resolution C++ 3 years, 3 months
Detecting Virtual Environment Files C++ 3 years, 3 months
SMSW C++ 3 years, 3 months
Checking Hard Drive Size Python 3 years, 3 months
Detecting Virtual Environment Artefacts C++ 3 years, 3 months