KOR Labs Cybersecurity

From Internet Data to Cyber Defense

We help the Internet community combat DNS abuse and other cyber threats

Discover how we do it

Collaboration

Our Valued Partners

Public Interest Registry
NetBeacon Institute
Université Grenoble Alpes
Laboratoire d'Informatique de Grenoble
Institut polytechnique de Grenoble

Expertise

What We Do

We investigate malicious activities and share insights to empower the Internet community in combating cybercrime

Threat Intelligence

We continuously collect and process vast amounts of cyber threat data to identify ongoing and emerging attack trends.

DNS Abuse

We monitor malicious activities that exploit the Domain Name System (DNS), including phishing, spam, malware, and botnets.

Cybersecurity Research

We apply rigorous academic methods to analyze the collected data, therefore advancing the scientific knowledge in the field.

Browse projects

Insights

Latest News & Blogs

ADoX deployment in the wild
Blog
ADoX Research
May 04, 2026

ADoX deployment in the wild

In this blog, we examine the deployment of recursive-to-authoritative encryption (ADoX) in the wild, across both nameservers and resolvers.

Read article
Day in the life of RIPE Atlas
Blog
RIPE Research
Mar 19, 2026

Day in the life of RIPE Atlas

RIPE Atlas is one of the most widely used Internet measurement platforms, trusted by researchers and operators alike. In this blog, we analyse what RIPE Atlas looked like on 1 November, 2025.

Read article
LogoTrust: a validated dataset of brands, domain names, and logos
Blog
BIMI Research
Jan 12, 2026

LogoTrust: a validated dataset of brands, domain names, and logos

In this blog, we explore how Brand Indicators for Message Identification (BIMI) can be used as a foundation for a high-integrity dataset that is suitable for security-related applications like phishing detection.

Read article
Bulletin: DNS Abuse Campaign Exploiting “Subdomain Cloaking”
Blog
DNS Abuse NetBeacon
Nov 27, 2025

Bulletin: DNS Abuse Campaign Exploiting "Subdomain Cloaking"

As a follow up to our recent blog on the concentration of malicious phishing, we are publishing this blog to raise awareness of a recently observed (and ongoing) campaign which involves a specific type of malicious registration.

Read article

Recent Updates

May 26 2026
Speaking at OARC 46 in Edinburgh, Scotland

We were pleased to participate in the OARC 46 workshop and share our latest research …
Mar 06 2026
Joining the 2026 Internet Society Pulse Research Fellowship

We are very excited to join the 2026 Internet Society Pulse Research Fellowship.The fellowship is …
Feb 20 2026
New Research: Monitoring and Characterising Phishing on IPFS

The InterPlanetary File System (IPFS) enables resilient and distributed content delivery, but it can also …
Feb 09 2026
Speaking at the FIRST Technical Colloquium in Paris, France

Join us at the FIRST Technical Colloquium in Paris, where Maciej Korczyński (Grenoble Alpes University …
Feb 03 2026
Our team at the Internet Integrity Workshop II in Bucharest, Romania

Last year, we participated in the Internet Integrity Workshop II, colocated with RIPE 91 in …
Dec 02 2025
New Research: Identifying URL Shortening Services

Our team has just published new research on identifying URL shortening services in the wild.URL …
Oct 01 2025
Speaking at ACM CCS 2025 in Taipei, Taiwan

We are attending ACM CCS 2025 in Taipei, Taiwan, to present our paper on the …