Thunt Labs Security
    Senior practitioners, not salespeople

    About Thunt

    Thunt follows an elite boutique DFIR model: agile, senior-only technical deep-dives. We are not a managed service provider or a SOC vendor. We are practitioners who investigate, hunt, and build—delivering expert analysis alongside custom automation.
    François Khourbiga, founder and lead analyst at Thunt, expert in threat hunting and DFIR
    20+ Years Experience
    National-level Missions
    Meet the Founder

    François Khourbiga

    Founder & Lead Security Consultant

    Senior cybersecurity consultant with over 20 years of expertise in incident response and digital forensics. I have led national-level and large-enterprise investigations for government agencies and Fortune 500 clients.

    Former incident responder at ANSSI (French National Cybersecurity Agency) and Mandiant (now part of Google Cloud), I specialize in host-based forensics, malware reverse engineering, and threat hunting.

    I also founded Defants, a Gartner-recognized automated incident response platform. My goal with Thunt is to return to what I love most: hands-on investigation and helping organizations solve complex security challenges.

    Former Experience & Recognition

    ANSSI — French National Cybersecurity AgencyMandiant — Threat Intelligence & Incident ResponseDGA — French Defence Procurement AgencyOrange Cyberdefense — European cybersecurity leaderGartner — IT research and advisory
    Connect on LinkedIn

    Our methodology

    Every engagement follows a structured, hypothesis-driven approach for incident preparedness. We start with clear questions, collect evidence methodically, analyze with expertise, and deliver transparent findings with actionable recommendations. No black boxes, just proven investigative methodology adapted to your context.

    Hypothesis Driven

    We don't guess. We test.

    Evidence Based

    Facts over assumptions.

    Actionable

    Real results you can use.

    Career & Recognition

    A journey dedicated to defensive security.

    Defants logo
    2023

    Gartner Cool Vendor

    Defants

    Recognized for innovation in SOC automation.

    Ministère de la Recherche logo
    2023

    i-Lab Winner

    Ministère de la Recherche

    National innovation competition winner.

    Defants logo
    2022 — 2025

    Founder & CEO

    Defants

    Deeptech startup specialized in semantic investigation using an automated incident response SaaS platform.

    Mandiant (now part of Google Cloud) logo
    2020 — 2022

    Incident Response Consultant

    Mandiant (now part of Google Cloud)

    Frontline investigations for Fortune 500.

    Orange Cyberdefense logo
    2018 — 2020

    R&D Project Manager

    Orange Cyberdefense

    Malware intelligence platform engineering.

    Recon Montreal logo
    2018

    Speaker

    Recon Montreal

    Talk on taint-based approach for return oriented programming.

    Ministère des Armées (DGA) logo
    2012 — 2018

    Cyber Defense Engineer

    Ministère des Armées (DGA)

    Advanced threat hunting and reverse engineering.

    ANSSI logo
    2003 — 2012

    Forensic Engineer

    ANSSI

    National incident response, crisis management and malware reverse engineering.

    Our principles

    Hypothesis-driven

    Every hunt and investigation starts with a clear hypothesis. We test, validate, or refute — never fish blindly.

    Evidence-based

    Findings backed by artifacts, logs, and documented analysis. No assumptions presented as facts.

    Transparent delivery

    Regular status updates, clear scope boundaries, and reports that non-specialists can understand.

    Independent expertise

    Expert services under separate contracts by independent consultants. No vendor lock-in, no upsell.

    Leverage our internal arsenal

    Our clients benefit directly from our custom tooling and research. Enhanced detection, faster triage, deeper insights.

    Start an investigation