Thomas Roccia (fr0gger) Profile

Thomas Roccia (fr0gger)

Senior Security Researcher at Microsoft

Administrator Founder Top Contributor

Thomas Roccia is a seasoned threat researcher. Currently, he serves as a Senior Security Researcher at Microsoft Threat Intelligence and operates SecurityBreak, an online platform for his project updates and research.

Contributed Techniques

Technique Name	Technique ID's	Snippet(s)	Rules(s)	OS
XProtect Encryption Abuse	U0711
PyArmor	U1435
Base64	U0706 E1027.m02
ConfuserEx	U1417
hXOR Packer	U1418
BobSoft Mini Delphi Packer	U1428
INT 0x2D	U0129 B0001.006
CloudEye/DarkEye	U1426
CryptOne	U1427
Trap Flag	U0131
NLS Code Injection Through Registry	U1237
Code Cave	U0502
ICE 0xF1	U0130

Contributed Code Snippets

Technique	Language	Creation Date
kernel flag inspection via sysctl	Python	1 month, 1 week
Checking Memory Size	C++	1 year, 11 months
Detecting USB Drive	C++	1 year, 11 months
Connected Printer	C++	1 year, 11 months
Geofencing	Python	1 year, 11 months
Image File Execution Options Injection	C++	2 years, 1 month
COM Hijacking	C++	2 years, 1 month
Checking Pipe	C++	2 years, 2 months
Geofencing	C++	2 years, 2 months
Hiding Mechanisms	C++	2 years, 2 months
Malvertising	JavaScript	2 years, 2 months
Fast Flux	Python	2 years, 2 months
Domain Generation Algorithm	Python	2 years, 2 months
DNS Tunneling	Python	2 years, 2 months
DNS Hijacking	Python	2 years, 2 months
Tor Network C2	Python	2 years, 2 months
Peer to peer C2	Python	2 years, 2 months
C2 via Social Networks	Python	2 years, 2 months
ROL	Python	2 years, 2 months
Cryptography	Python	2 years, 2 months
Custom Encoding	Python	2 years, 2 months
XOR Operation	C++	2 years, 2 months
XOR Operation	Python	2 years, 2 months
Kill Process	C++	4 years, 4 months
TLS Callback	C++	4 years, 4 months
Checking Malware Name	C++	4 years, 4 months
IsDebuggerPresent	C++	4 years, 5 months
OutputDebugString	C++	4 years, 5 months
Indicator Removal: Clear Windows Event Logs	cmd	4 years, 5 months
Detecting Mac Address	Golang	4 years, 5 months
Caesar Cipher	Golang	4 years, 5 months
Base64	Golang	4 years, 5 months
Detecting Hostname, Username	C++	4 years, 5 months
Checking Screen Resolution	C++	4 years, 5 months
Detecting Virtual Environment Files	C++	4 years, 5 months
SMSW	C++	4 years, 5 months
Checking Hard Drive Size	Python	4 years, 5 months
Detecting Virtual Environment Artefacts	C++	4 years, 5 months

Contributed Detection Rules

Rule Name	Rule Type	Technique Count	Creation Date
YARA_SMTP_Exfiltration	YARA	1	1 month, 1 week