Thomas Roccia (fr0gger)
Senior Security Researcher at Microsoft
Administrator Founder Top Contributor

Thomas Roccia is a seasoned threat researcher. Currently, he serves as a Senior Security Researcher at Microsoft Threat Intelligence and operates SecurityBreak, an online platform for his project updates and research.

Contributed Techniques
Technique Name Technique ID's Categories Snippet(s) Rules(s)
XProtect Encryption Abuse U0711
PyArmor U1435
Trap Flag U0131
ICE 0xF1 U0130
INT 0x2D U0129 B0001.006
BobSoft Mini Delphi Packer U1428
CryptOne U1427
CloudEye/DarkEye U1426
NLS Code Injection Through Registry U1237
hXOR Packer U1418
ConfuserEx U1417
Code Cave U0502
Base64 U0706 E1027.m02
Contributed Code Snippets
Technique Language OS Creation Date
kernel flag inspection via sysctl Python macOS 1 year, 2 months
Checking Memory Size C++ Windows 3 years
Detecting USB Drive C++ Windows 3 years
Connected Printer C++ Windows 3 years
Geofencing Python Windows 3 years
Image File Execution Options Injection C++ Windows 3 years, 2 months
COM Hijacking C++ Windows 3 years, 2 months
Checking Pipe C++ Windows 3 years, 3 months
Geofencing C++ Windows 3 years, 3 months
Hiding Mechanisms C++ Windows 3 years, 3 months
Malvertising JavaScript Windows 3 years, 3 months
Fast Flux Python Windows 3 years, 3 months
Domain Generation Algorithm Python Windows 3 years, 3 months
DNS Tunneling Python Windows 3 years, 3 months
DNS Hijacking Python Windows 3 years, 3 months
Tor Network C2 Python Windows 3 years, 3 months
Peer to peer C2 Python Windows 3 years, 3 months
C2 via Social Networks Python Windows 3 years, 3 months
ROL Python Windows 3 years, 3 months
Cryptography Python Windows 3 years, 3 months
Custom Encoding Python Windows 3 years, 3 months
XOR Operation C++ Windows 3 years, 3 months
XOR Operation Python Windows 3 years, 3 months
Kill Process C++ Windows 5 years, 5 months
TLS Callback C++ Windows 5 years, 6 months
Checking Malware Name C++ Windows 5 years, 6 months
IsDebuggerPresent C++ Windows 5 years, 6 months
OutputDebugString C++ Windows 5 years, 6 months
Indicator Removal: Clear Windows Event Logs cmd Windows 5 years, 6 months
Detecting Mac Address Golang Windows 5 years, 6 months
Caesar Cipher Golang Windows 5 years, 6 months
Base64 Golang Windows 5 years, 6 months
Detecting Hostname, Username C++ Windows 5 years, 6 months
Checking Screen Resolution C++ Windows 5 years, 6 months
Detecting Virtual Environment Files C++ Windows 5 years, 6 months
SMSW C++ Windows 5 years, 6 months
Checking Hard Drive Size Python Windows 5 years, 6 months
Detecting Virtual Environment Artefacts C++ Windows 5 years, 6 months
Contributed Detection Rules
Rule Name Rule Type Technique Count Creation Date
Detect SMTP Data Exfiltration YARA 1 1 year, 2 months