Independent Security Research

We break things
to understand
how they work.

HexRoot is an independent security research group. We dig deep into vulnerabilities, malware, and the underlying mechanics of systems — not to exploit, but to understand, document, and defend.

Our Research Work With Us
hexroot ~ research
root@hexroot:~$ whoami
independent_security_researcher

root@hexroot:~$ cat mission.txt
// Research. Disclose. Defend.
No black hats here.
Only deep curiosity.

root@hexroot:~$ ls research/
0day/  malware/  OT_ICS/
AI_sec/  forensics/

root@hexroot:~$
CVE+Coordinated Disclosures
0dayOriginal Research
OSSOpen Tools Released
100%Defensive Focus
What we do

Research Areas

From architectural vulnerabilities to firmware analysis — we follow the signal wherever it leads.

Vulnerability Research
0-Day Discovery & Responsible Disclosure
Original vulnerability research with full responsible disclosure to vendors and CVE submission. We find it, document it, and make sure it gets fixed.
Malware Analysis
Reverse Engineering & Threat Intelligence
Static and dynamic analysis of malware samples, behavioral profiling, IOC extraction and STIX 2.1 output. We dissect threats so defenders can build better tools.
OT / ICS Security
Critical Infrastructure Research
Industrial control systems, SCADA protocols, and operational technology security. The attack surface nobody wants to touch — we do.
AI Security
Adversarial ML & Model Security
Prompt injection, adversarial attacks, model extraction, and the security implications of AI systems deployed in critical and high-stakes contexts.
Digital Forensics
Incident Analysis & Evidence Integrity
Forensic acquisition, chain of custody, artifact analysis, and memory forensics. When something breaks, we reconstruct what happened and why.
Privacy Engineering
Metadata Leakage & Protocol Analysis
Deep analysis of communication protocols, metadata exposure, and architectural privacy failures in systems that claim to be secure.
Work With Us

Want to
cooperate?

We collaborate with researchers, security teams, and organisations that share our commitment to responsible, defensive security work.

Access to our codebase and research is granted on evaluation only.
No exceptions. No shortcuts. Just send us an email and we'll talk.

Responsible Disclosure Joint Research Academic Collaboration Threat Intelligence Sharing No Offensive Contracts No Black Hat