What we do

KOR Labs is an exceptional place where top research methods and tools meet industry needs for a safer Internet. We propose consulting services related to cybersecurity and domain name abuse. Our team also provides free measurement tools to improve Internet security, stability, and resilience.

Card image cap
Cyber Threat Intelligence

The French cyber threat intelligence platform aimed at sharing knowledge among multiple players.

Card image cap
DNSAI Compass

Consult monthly reports on the use of the Domain Name System in phishing and malware.

Card image cap
DNS statistics

Find various statistics about registrars, registries, and other aspects of the Domain Name System.

See all our services

Latest from our blog

DNSAI project
A New Phase of Measuring DNS Abuse

June 8, 2023 · Rowena Schoo

Today the DNS Abuse Institute ("DNSAI" or the "Institute") adds a new level of reporting for our measurement project: DNSAI Compass™ ("Compass"). With his new level of reporting we intend to show the spectrum of how malicious phishing and malware is distributed across the DNS registration ecosystem.

Read more
Source Address Validation
SAV: Why Is Source Address Validation Still a Problem?

May 2, 2023 · Qasim Lone, Yevheniya Nosyk, and Maciej Korczyński

Despite being a known vulnerability for at least 25 years, source IP address spoofing remains a popular attack method for redirection, amplification, and anonymity. In this post, we provide an introduction / refresher on what SAV is and discuss methods to detect non-compliant networks and the incentives that the industry must enact to make the deployment of SAV attractive.

Read more
Intercept and Inject
Intercept and Inject: DNS Response Manipulation in the Wild

April 7, 2023 · Yevheniya Nosyk, Qasim Lone, Yury Zhauniarovich, Carlos H. Gañán, Emile Aben, Giovane Moura, Samaneh Tajalizadehkhoob, Andrzej Duda, and Maciej Korczyński

In November 2021, Internet users from Mexico lost access to whatsapp.net and facebook.com. Here, we present key takeaways from our analysis of the event - carried out with RIPE Atlas - and we look at the extent to which queries to DNS root servers get manipulated.

Read more

Get in touch