Thomas Roccia (fr0gger) Profile

Thomas Roccia (fr0gger)

Senior Security Researcher at Microsoft

Administrator Founder Top Contributor

Thomas Roccia is a seasoned threat researcher. Currently, he serves as a Senior Security Researcher at Microsoft Threat Intelligence and operates SecurityBreak, an online platform for his project updates and research.

Contributed Techniques

Technique Name	Technique ID's	Snippet(s)	Rules(s)	OS
XProtect Encryption Abuse	U0711
PyArmor	U1435
Base64	U0706 E1027.m02
ConfuserEx	U1417
hXOR Packer	U1418
BobSoft Mini Delphi Packer	U1428
INT 0x2D	U0129 B0001.006
CloudEye/DarkEye	U1426
CryptOne	U1427
Trap Flag	U0131
NLS Code Injection Through Registry	U1237
Code Cave	U0502
ICE 0xF1	U0130

Contributed Code Snippets

Technique	Language	Creation Date
kernel flag inspection via sysctl	Python	1 week, 3 days
Checking Memory Size	C++	1 year, 10 months
Detecting USB Drive	C++	1 year, 10 months
Connected Printer	C++	1 year, 10 months
Geofencing	Python	1 year, 10 months
Image File Execution Options Injection	C++	2 years
COM Hijacking	C++	2 years
Checking Pipe	C++	2 years, 1 month
Geofencing	C++	2 years, 1 month
Hiding Mechanisms	C++	2 years, 1 month
Malvertising	JavaScript	2 years, 1 month
Fast Flux	Python	2 years, 1 month
Domain Generation Algorithm	Python	2 years, 1 month
DNS Tunneling	Python	2 years, 1 month
DNS Hijacking	Python	2 years, 1 month
Tor Network C2	Python	2 years, 1 month
Peer to peer C2	Python	2 years, 1 month
C2 via Social Networks	Python	2 years, 1 month
ROL	Python	2 years, 1 month
Cryptography	Python	2 years, 1 month
Custom Encoding	Python	2 years, 1 month
XOR Operation	C++	2 years, 1 month
XOR Operation	Python	2 years, 1 month
Kill Process	C++	4 years, 3 months
TLS Callback	C++	4 years, 3 months
Checking Malware Name	C++	4 years, 3 months
IsDebuggerPresent	C++	4 years, 4 months
OutputDebugString	C++	4 years, 4 months
Indicator Removal: Clear Windows Event Logs	cmd	4 years, 4 months
Detecting Mac Address	Golang	4 years, 4 months
Caesar Cipher	Golang	4 years, 4 months
Base64	Golang	4 years, 4 months
Detecting Hostname, Username	C++	4 years, 4 months
Checking Screen Resolution	C++	4 years, 4 months
Detecting Virtual Environment Files	C++	4 years, 4 months
SMSW	C++	4 years, 4 months
Checking Hard Drive Size	Python	4 years, 4 months
Detecting Virtual Environment Artefacts	C++	4 years, 4 months

Contributed Detection Rules

Rule Name	Rule Type	Technique Count	Creation Date
YARA_SMTP_Exfiltration	YARA	1	1 week, 4 days