Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Open Source

Kochi - the concept

So... how exactly does Kochi help to mitigate the sort of responses your users may send when answering spear phishing attacks?

To take a step back, almost every email system run by a sizeable organisation the world over is now covered by multiple layers of inbound filtering. These may be managed in-house, or they may be outsourced - but the outcome is the same, in that the filters are designed to prevent a large proportion (ideally all) of the messages inbound to your system which could be deemed unsolicited, carrying malware (or links to malicious sites), trying to exhort your users to give up their bank details in various interesting ways or requesting that your users pass on their login details.

Relatively few of these systems, however, have the filters applied in reverse - to the messages sent out by the systems users. This is where Kochi fits in.

In short, Kochi is a set of Perl modules designed to scan outgoing message as follows:

  • Detect trigger terms in the message
  • Match strings according to local username policy
  • Match candidate strings according to local password policy
  • Attempt to authenticate using the username/password candidates detected
  • If authentication succeeds, then (hopefully this part is relatively obvious) the system has detected valid local credentials in the message. This is the mitigating factor.


  • Background
  • Concept
  • Detail
  • Download
  • SVN
  • Support