Thomas Roccia (fr0gger) Profile

Thomas Roccia (fr0gger)

Senior Security Researcher at Microsoft

Administrator Founder Top Contributor

Thomas Roccia is a seasoned threat researcher. Currently, he serves as a Senior Security Researcher at Microsoft Threat Intelligence and operates SecurityBreak, an online platform for his project updates and research.

Contributed Techniques

Technique Name	Technique ID's	Snippet(s)	Rules(s)	OS
XProtect Encryption Abuse	U0711
PyArmor	U1435
Base64	U0706 E1027.m02
ConfuserEx	U1417
hXOR Packer	U1418
BobSoft Mini Delphi Packer	U1428
INT 0x2D	U0129 B0001.006
CloudEye/DarkEye	U1426
CryptOne	U1427
Trap Flag	U0131
NLS Code Injection Through Registry	U1237
Code Cave	U0502
ICE 0xF1	U0130

Contributed Code Snippets

Technique	Language	Creation Date
kernel flag inspection via sysctl	Python	9 months, 2 weeks
Checking Memory Size	C++	2 years, 7 months
Detecting USB Drive	C++	2 years, 7 months
Connected Printer	C++	2 years, 7 months
Geofencing	Python	2 years, 7 months
Image File Execution Options Injection	C++	2 years, 9 months
COM Hijacking	C++	2 years, 10 months
Checking Pipe	C++	2 years, 10 months
Geofencing	C++	2 years, 10 months
Hiding Mechanisms	C++	2 years, 10 months
Malvertising	JavaScript	2 years, 10 months
Fast Flux	Python	2 years, 10 months
Domain Generation Algorithm	Python	2 years, 10 months
DNS Tunneling	Python	2 years, 10 months
DNS Hijacking	Python	2 years, 10 months
Tor Network C2	Python	2 years, 10 months
Peer to peer C2	Python	2 years, 10 months
C2 via Social Networks	Python	2 years, 10 months
ROL	Python	2 years, 10 months
Cryptography	Python	2 years, 10 months
Custom Encoding	Python	2 years, 10 months
XOR Operation	C++	2 years, 10 months
XOR Operation	Python	2 years, 10 months
Kill Process	C++	5 years
TLS Callback	C++	5 years, 1 month
Checking Malware Name	C++	5 years, 1 month
IsDebuggerPresent	C++	5 years, 1 month
OutputDebugString	C++	5 years, 1 month
Indicator Removal: Clear Windows Event Logs	cmd	5 years, 1 month
Detecting Mac Address	Golang	5 years, 1 month
Caesar Cipher	Golang	5 years, 1 month
Base64	Golang	5 years, 1 month
Detecting Hostname, Username	C++	5 years, 1 month
Checking Screen Resolution	C++	5 years, 1 month
Detecting Virtual Environment Files	C++	5 years, 1 month
SMSW	C++	5 years, 1 month
Checking Hard Drive Size	Python	5 years, 1 month
Detecting Virtual Environment Artefacts	C++	5 years, 1 month

Contributed Detection Rules

Rule Name	Rule Type	Technique Count	Creation Date
YARA_SMTP_Exfiltration	YARA	1	9 months, 2 weeks