KOR Labs

From Internet Data to Cyber Defense

KOR Labs is a university spin-off dedicated to combating cyber threats, helping the Internet community collectively increase barriers to abuse as well as companies to increase the effectiveness of their network protection and countermeasures. Our team comprises security researchers with a strong academic track record and world-class expertise in cyber security and Internet technologies. We are passionate about investigating malicious activities and sharing knowledge and data with the technical and policy communities to prevent and mitigate cybercrime.

We mainly focus on domain name and Domain Name System (DNS) abuse. We identify security vulnerabilities and notify administrators of security problems, sometimes before cybercriminals exploit them. We also aim to reduce the so-called information asymmetry between cybercriminals (e.g., phishers) and Internet intermediaries, such as hosting providers, top-level domain (TLD) registries, and domain registrars by revealing factors driving abuse. For example, why do some registries suffer from higher concentrations of phishing or spam domains? Or in other words, why do cybercriminals choose to register malicious domain names with certain providers and not others. How can registrars or hosting providers develop their own anti-abuse best practices while balancing their own anti-abuse policies with economic incentives?

KOR Labs is an exceptional place where top research methods and tools meet industry needs for a safer Internet. We propose consulting services related to cybersecurity and domain name abuse. Our team also provides free of charge measurement tools to improve Internet security, stability, and resilience.


Learn about our toolkit for assessing the correct configuration of SPF and DMARC extensions to prevent email spoofing and certain types of phishing attacks.

Explore the Closed Resolver Project (community project with University Grenoble Alps and other partners) to identify networks vulnerable to inbound IP address spoofing, which enables various external attacks on DNS infrastructure, including possible zero-day vulnerabilities in DNS server software.


Detection of networks that do not implement source address validation for inbound traffic

Latest from Our Blog

May 2, 2023

In this post, we provide an introduction/refresher on what SAV is and discuss methods to detect non-compliant networks and the incentives that the industry must enact to make deployment of SAV attractive.

April 7, 2023

Are your DNS queries reaching the Root Servers?

September 16, 2022

In May 2022, we wrote about kicking off our work to measure DNS Abuse. We’re proud to announce today that we have launched our first report and gone live with our measurement initiative: DNSAI Intelligence.

February 15, 2021

At least half of all Autonomous Systems (ASes) on the Internet are vulnerable to Denial of Service (DoS) attacks because they are not deploying a 20-year-old filtering mechanism.


Write to us by filling the following form.