Thomas Roccia (fr0gger) Profile

Thomas Roccia (fr0gger)

Senior Security Researcher at Microsoft

Administrator Founder Top Contributor

Thomas Roccia is a seasoned threat researcher. Currently, he serves as a Senior Security Researcher at Microsoft Threat Intelligence and operates SecurityBreak, an online platform for his project updates and research.

Contributed Techniques

Technique Name	Technique ID's	Snippet(s)	Rules(s)	OS
XProtect Encryption Abuse	U0711
PyArmor	U1435
Base64	U0706 E1027.m02
ConfuserEx	U1417
hXOR Packer	U1418
BobSoft Mini Delphi Packer	U1428
INT 0x2D	U0129 B0001.006
CloudEye/DarkEye	U1426
CryptOne	U1427
Trap Flag	U0131
NLS Code Injection Through Registry	U1237
Code Cave	U0502
ICE 0xF1	U0130

Contributed Code Snippets

Technique	Language	Creation Date
kernel flag inspection via sysctl	Python	11 months
Checking Memory Size	C++	2 years, 8 months
Detecting USB Drive	C++	2 years, 8 months
Connected Printer	C++	2 years, 8 months
Geofencing	Python	2 years, 8 months
Image File Execution Options Injection	C++	2 years, 10 months
COM Hijacking	C++	2 years, 11 months
Checking Pipe	C++	3 years
Geofencing	C++	3 years
Hiding Mechanisms	C++	3 years
Malvertising	JavaScript	3 years
Fast Flux	Python	3 years
Domain Generation Algorithm	Python	3 years
DNS Tunneling	Python	3 years
DNS Hijacking	Python	3 years
Tor Network C2	Python	3 years
Peer to peer C2	Python	3 years
C2 via Social Networks	Python	3 years
ROL	Python	3 years
Cryptography	Python	3 years
Custom Encoding	Python	3 years
XOR Operation	C++	3 years
XOR Operation	Python	3 years
Kill Process	C++	5 years, 2 months
TLS Callback	C++	5 years, 2 months
Checking Malware Name	C++	5 years, 2 months
IsDebuggerPresent	C++	5 years, 2 months
OutputDebugString	C++	5 years, 2 months
Indicator Removal: Clear Windows Event Logs	cmd	5 years, 3 months
Detecting Mac Address	Golang	5 years, 3 months
Caesar Cipher	Golang	5 years, 3 months
Base64	Golang	5 years, 3 months
Detecting Hostname, Username	C++	5 years, 3 months
Checking Screen Resolution	C++	5 years, 3 months
Detecting Virtual Environment Files	C++	5 years, 3 months
SMSW	C++	5 years, 3 months
Checking Hard Drive Size	Python	5 years, 3 months
Detecting Virtual Environment Artefacts	C++	5 years, 3 months

Contributed Detection Rules

Rule Name	Rule Type	Technique Count	Creation Date
YARA_SMTP_Exfiltration	YARA	1	11 months