Guillaume COUCHARD

Principal Threat Researcher

Articles by
Guillaume COUCHARD

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Detection Engineering
Threat Research & Intelligence
TDR
January 14, 2026

Leveraging Landlock telemetry for Linux detection engineering

This blogpost explore how Landlock as an interesting security mechanism and a valuable source of telemetry for detection engineering.

By
Threat Detection & Research Team
By
Erwan CHEVALIER
By
Guillaume COUCHARD
& more
View more
SOC Insights & Other News
December 18, 2025

Sekoia.io Strengthens Collective Cyber Defense at NATO CCDCOE’s Crossed Swords 2025 Exercise

Sekoia.io delivered its technology and expertise to the NATO CCDCOE’s Crossed Swords 2025 (XS25) exercise to gather critical insights and validate our defensive capabilities in a military-grade environment. Hosted by the NATO Cooperative…

By
Arnaud DECHOUX
By
Erwan CHEVALIER
By
Guillaume COUCHARD
& more
View more
Detection Engineering
TDR
March 5, 2025

Detection engineering at scale: one step closer (part three)

Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
February 4, 2025

Detection engineering at scale: one step closer (part two)

In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines.

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
December 16, 2024

Detection engineering at scale: one step closer (part one)

Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer nu

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
July 24, 2024

Emulating and Detecting Scattered Spider-like Attacks

Explore a use-case scenario demonstrating how to detect scattered spider attacks in AWS environments and enhance your cloud security.

By
Threat Detection & Research Team
By
Mitigant
By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Kennedy TORKURA
& more
View more
Threat Research & Intelligence
TDR
April 18, 2024

AWS Detection Engineering

A broad introduction to AWS logs sources and relevant events for detection engineering

By
Threat Detection & Research Team
By
Guillaume COUCHARD
By
Erwan CHEVALIER
& more
View more
Threat Research & Intelligence
TDR
December 6, 2023

When a Botnet Cries: Detecting Botnet Infection Chains

Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used as first-stage malicious code, allowing…

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
December 1, 2022

Lucky Mouse: Incident Response to Detection Engineering

This blogpost discusses how the Tactics, Techniques and Procedures (TTPs) used by the APT27 (Lucky Mouse) intrusion set in the last incident reported by Intrinsec, a Sekoia Managed Security Service Provider (MSSP) partner, are detected using SEKOI

By
Guillaume COUCHARD
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
October 3, 2022

XDR detection engineering at scale: crafting detection rules for SecOps efficiency

In this blogpost we present Sekoia’s process to create detection rules, which first requires explaining our detection workflow as well as understanding Sekoia XDR history and specificities.

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
May 23, 2022

TURLA’s new phishing-based reconnaissance campaign in Eastern Europe

Sekoia's Threat & Detection Researchers expose a reconnaissance and espionage campaign from TURLA against eastern-EU institutions

By
Guillaume COUCHARD
By
Maxime ARQUILLIERE
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
August 17, 2021

An insider insights into Conti operations - Part One

In this part 2, we focus on the Conti ransomware group whose training material was recently leaked on a cybercrime forum.

By
Guillaume COUCHARD
By
Livia TIBIRNA
By
Erwan CHEVALIER
By
Narimane LAVAY
By
Threat Detection & Research Team
& more
View more
Detection Engineering
TDR
August 19, 2021

An insider insights into Conti operations – Part Two

This is the second part of our blogpost about Conti, here we'll see how to detect Conti Operations techniques and much more.

By
Quentin BOURGUE
By
Erwan CHEVALIER
By
Guillaume COUCHARD
By
Threat Detection & Research Team
& more
View more