My current research avenues are the prioritization of security threats in SOCs and the detection and mitigation of malicious attacks. My previous research projects include the various aspects of the malicious infection chain, notably the detection of spam in social networks, malicious infrastructure classification through redirection chains, exploit kit and downloader analysis, and click fraud.

ExploitabilityBirthMark: An Early Predictor of the Likelihood of Exploitation
Kobra Khanmohammadi, Zakeya Namrud, François Labrèche, Raphaël Khoury. In Proceedings of the 2025 International Symposium on Foundations and Practice of Security.

Identifying Key Expert Actors in Cybercrime Forums Based on Their Technical Expertise
Estelle Ruellan, François Labrèche, Masarah Paquet-Clouston. In Proceedings of the 2024 APWG Symposium on Electronic Crime Research (eCrime).

Threat Class Predictor: An explainable framework for predicting vulnerability threat using topic and trend modeling
François Labrèche, Serge-Olivier Paquette. In Proceedings of the 2022 Conference on Applied Machine Learning in Information Security (CAMLIS), Arlington, VA, USA, 2022.

Shedding Light on the Targeted Victim Profiles of Malicious Downloaders
François Labrèche, Enrico Mariconti, Gianluca Stringhini. In Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES '22 - IWCC), Vienna, Austria, 2022.

Better Understanding Malware through a Deep Analysis of the Infection Chain
François Labrèche. PhD thesis, École Polytechnique de Montréal, Montréal, Canada, 2021.

POISED: Spotting Twitter Spam Off the Beaten Paths
Shirin Nilizadeh, François Labrèche, Alireza Sedighian, Ali Zand, José Fernandez, Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna. In Proceedings of ACM Conference on Computer and Communications Security (CCS '17), Texas, USA, 2017.

Follow the traffic: stopping click fraud by disrupting the value chain
Matthieu Faou, Antoine Lemay, David Decary-Hetu, Joan Calvet, François Labrèche, Militza Jean, Benoit Dupont, and Jose Fernandez. Privacy, Security and Trust 2016, 2016.

Previous : NorthSec
NorthSec is a computer security event in Montreal with training sessions, conferences and a Capture The Flag. I was part of the organizing committee and also worked as a challenge designer for a machine-learning challenge in the CTF.

Previous : Montréhack
A free IT security workshop hosted on every third Wednesday of the month, where participants solve technical security challenges.
Montréhack.ca
Github

Speaker
Northsec 2026 (Montreal, Canada)
ACSAC 2025 (Waikiki, Hawaii)
Northsec 2025 (Montreal, Canada)
ACSAC 2024 (Waikiki, Hawaii)
CAMLIS 2022 (Arlington VA)
BSides Montreal 2021
UCL Seminar 2017