KOR Labs Cybersecurity

From Internet Data to Cyber Defense

We help the Internet community combat DNS abuse and other cyber threats

Discover how we do it

Collaboration

Our Valued Partners

Public Interest Registry
NetBeacon Institute
Université Grenoble Alpes
Laboratoire d'Informatique de Grenoble
Institut polytechnique de Grenoble

Expertise

What We Do

We investigate malicious activities and share insights to empower the Internet community in combating cybercrime

Threat Intelligence

We continuously collect and process vast amounts of cyber threat data to identify ongoing and emerging attack trends.

DNS Abuse

We monitor malicious activities that exploit the Domain Name System (DNS), including phishing, spam, malware, and botnets.

Cybersecurity Research

We apply rigorous academic methods to analyze the collected data, therefore advancing the scientific knowledge in the field.

Browse projects

Insights

Latest News & Blogs

LogoTrust: a validated dataset of brands, domain names, and logos
Blog
Dataset Research
Jan 12, 2026

LogoTrust: a validated dataset of brands, domain names, and logos

In this blog, we explore how Brand Indicators for Message Identification (BIMI) can be used as a foundation for a high-integrity dataset that is suitable for security-related applications like phishing detection.

Read article
Bulletin: DNS Abuse Campaign Exploiting “Subdomain Cloaking”
Blog
NetBeacon Phishing
Nov 27, 2025

Bulletin: DNS Abuse Campaign Exploiting "Subdomain Cloaking"

As a follow up to our recent blog on the concentration of malicious phishing, we are publishing this blog to raise awareness of a recently observed (and ongoing) campaign which involves a specific type of malicious registration.

Read article
Discovery of Designated Resolvers
Blog
Encryption Research
Aug 25, 2025

Discovering the Discovery of Designated Resolvers

DNS encryption is gaining momentum with proposed standards such as DoT, DoH, and DoQ protecting DNS exchanges from external observers. In this blog, we look at the Discovery of Designated Resolvers (DDR) - a mechanism that allows clients to obtain encryption configurations of recursive resolvers.

Read article
INFERMAL Project: Analyzing Features of Malicious Domain Registrations
Blog
ICANN Research
Oct 24, 2024

INFERMAL Project: Analyzing Features of Malicious Domain Registrations

INFERMAL Project, funded by ICANN and conducted by KOR Labs, is dedicated to understanding the selection patterns behind cybercriminals' preferences for specific domain name registrars and top-level domains (TLDs) in their phishing operations.

Read article

Recent Updates

Mar 06 2026
Joining the 2026 Internet Society Pulse Research Fellowship

We are very excited to join the 2026 Internet Society Pulse Fellowship.The fellowship is a …
Feb 20 2026
New research: Monitoring and characterising phishing on IPFS

The InterPlanetary File System (IPFS) enables resilient, distributed content delivery, but it can also be …
Feb 09 2026
Speaking today at FIRST Technical Colloquium in Paris

Join us at the FIRST Technical Colloquium in Paris, where Maciej Korczyński (Grenoble Alpes University …
Feb 03 2026
Our research at the Internet Integrity Workshop

Last year we participated in the Internet Integrity Workshop, colocated with RIPE 91 in Bucharest. …
Dec 02 2025
New Research on Identifying URL Shortening Services

Our team just published new research on identifying URL shortening services in the wild! Accurately …
Oct 01 2025
Our Team at ACM CCS 2025 in Taipei

We are attending ACM CCS 2025 in Taipei, Taiwan to present our paper on the …
Sep 08 2025
Join the ICANN webinar on Extended DNS Errors

We will be giving a webinar on Extended DNS Errors (EDE) as part of the …