Grégoire CLERMONT

Security Engineer

Articles by
Grégoire CLERMONT

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Detection Engineering
Threat Research & Intelligence
October 21, 2025

Decoding UserAuthenticationMethod in Microsoft 365 audit logs: the bitfield mapping

This undocumented field of sign-in events is a number where each bit represents a different authentication method.

By
Grégoire CLERMONT
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
June 11, 2025

Global analysis of Adversary-in-the-Middle phishing threats

This report explores current trends in the AitM phishing landscape and the prevalence of leading kits.

By
Quentin BOURGUE
By
Grégoire CLERMONT
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
January 16, 2025

Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service

In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.

By
Quentin BOURGUE
By
Grégoire CLERMONT
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
October 7, 2024

Mamba 2FA: A new contender in the AiTM phishing ecosystem

Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit, sold as phishing-as-a-service (PhaaS).

By
Grégoire CLERMONT
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
July 23, 2024

Solving the 7777 Botnet enigma: A cybersecurity quest

Discover 7777 botnet (aka Quad7) and its activity, targets, and use of TP-Link routers in Microsoft 365 attacks in our latest investigation.

By
Threat Detection & Research Team
By
Félix AIME
By
Pierre-Antoine DUCHANGE
By
Charles MESLAY
By
Grégoire CLERMONT
& more
View more
Threat Research & Intelligence
TDR
March 14, 2024

Unveiling the depths of Residential Proxies providers

Discover the growing threat of residential proxies, their role in hiding among legitimate traffic and the challenges they pose in cyberspace.

By
Threat Detection & Research Team
By
Amaury-Jacques GARCON
By
Livia TIBIRNA
By
Grégoire CLERMONT
By
OCD CERT
& more
View more
Threat Research & Intelligence
TDR
February 6, 2024

Adversary infrastructures tracked in 2023

Sekoia.io C2 Trackers identified more than 85,000 IP addresses used as C2 servers in 2023, an increase of more than 30% compared to 2022.

By
Threat Detection & Research Team
By
Marc NEBOUT
By
Quentin BOURGUE
By
Amaury-Jacques GARCON
By
Grégoire CLERMONT
& more
View more