Erwan CHEVALIER

Principal Threat Researcher

Articles by
Erwan CHEVALIER

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Detection Engineering
Threat Research & Intelligence
TDR
January 14, 2026

Leveraging Landlock telemetry for Linux detection engineering

This blogpost explore how Landlock as an interesting security mechanism and a valuable source of telemetry for detection engineering.

By
Threat Detection & Research Team
By
Erwan CHEVALIER
By
Guillaume COUCHARD
& more
View more
SOC Insights & Other News
December 18, 2025

Sekoia.io Strengthens Collective Cyber Defense at NATO CCDCOE’s Crossed Swords 2025 Exercise

Sekoia.io delivered its technology and expertise to the NATO CCDCOE’s Crossed Swords 2025 (XS25) exercise to gather critical insights and validate our defensive capabilities in a military-grade environment. Hosted by the NATO Cooperative…

By
Arnaud DECHOUX
By
Erwan CHEVALIER
By
Guillaume COUCHARD
& more
View more
Threat Research & Intelligence
TDR
April 22, 2025

Detecting Multi-Stage Infection Chains Madness

Learn about detecting multi-stage infection chains using Cloudflare tunnel infrastructures delivering RATs.

By
Threat Detection & Research Team
By
Erwan CHEVALIER
& more
View more
Detection Engineering
TDR
March 5, 2025

Detection engineering at scale: one step closer (part three)

Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
February 4, 2025

Detection engineering at scale: one step closer (part two)

In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines.

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
January 13, 2025

Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28

By
Amaury-Jacques GARCON
By
Maxime ARQUILLIERE
By
Erwan CHEVALIER
By
Félix AIME
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
December 16, 2024

Detection engineering at scale: one step closer (part one)

Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer nu

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
July 24, 2024

Emulating and Detecting Scattered Spider-like Attacks

Explore a use-case scenario demonstrating how to detect scattered spider attacks in AWS environments and enhance your cloud security.

By
Threat Detection & Research Team
By
Mitigant
By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Kennedy TORKURA
& more
View more
Threat Research & Intelligence
TDR
April 18, 2024

AWS Detection Engineering

A broad introduction to AWS logs sources and relevant events for detection engineering

By
Threat Detection & Research Team
By
Guillaume COUCHARD
By
Erwan CHEVALIER
& more
View more
Threat Research & Intelligence
TDR
December 6, 2023

When a Botnet Cries: Detecting Botnet Infection Chains

Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used as first-stage malicious code, allowing…

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
March 24, 2021

Hunting and detecting Cobalt Strike

In this blogpost, we describe step by step how to ensure a proactive and defensive posture against Cobalt Strike.

By
Erwan CHEVALIER
By
Narimane LAVAY
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
October 3, 2022

XDR detection engineering at scale: crafting detection rules for SecOps efficiency

In this blogpost we present Sekoia’s process to create detection rules, which first requires explaining our detection workflow as well as understanding Sekoia XDR history and specificities.

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
July 28, 2022

Sekoia Mid-2022 Ransomware Threat Landscape

Sekoia presents its Ransomware threat landscape for the first semester of 2022, with the following key points:

By
Livia TIBIRNA
By
Erwan CHEVALIER
By
Pierre-Antoine DUCHANGE
By
Narimane LAVAY
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
July 8, 2022

Vice Society: a discreet but steady double extortion ransomware group

Vice Society is a little-known double extortion group that exfiltrates its victims' data and threatens its victims to leak their information.

By
Erwan CHEVALIER
By
Narimane LAVAY
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
August 17, 2021

An insider insights into Conti operations - Part One

In this part 2, we focus on the Conti ransomware group whose training material was recently leaked on a cybercrime forum.

By
Guillaume COUCHARD
By
Livia TIBIRNA
By
Erwan CHEVALIER
By
Narimane LAVAY
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
August 19, 2021

An insider insights into Conti operations – Part Two

This is the second part of our blogpost about Conti, here we'll see how to detect Conti Operations techniques and much more.

By
Quentin BOURGUE
By
Erwan CHEVALIER
By
Guillaume COUCHARD
By
Threat Detection & Research Team
& more
View more