HexRoot is an independent security research group. We dig deep into vulnerabilities, malware, and the underlying mechanics of systems — not to exploit, but to understand, document, and defend.
From architectural vulnerabilities to firmware analysis — we follow the signal wherever it leads.
Tools we build for our own research — released for evaluation to researchers and organisations that share our approach.
A production-grade honeypot covering IT, SCADA/ICS, IoT and Medical protocols — with real-time semantic threat intelligence, CVE feed matching, YARA binary scanning, and a multi-tab analyst dashboard. No LLM. No cloud. No noise.





Un honeypot di livello produzione che copre protocolli IT, SCADA/ICS, IoT e Medical — con threat intelligence semantica in tempo reale, matching CVE feed, scansione YARA e una dashboard analitica multi-tab. Nessun LLM. Nessun cloud. Nessun rumore.





Produkcyjny honeypot obejmujący protokoły IT, SCADA/ICS, IoT i medyczne — z semantyczną analizą zagrożeń w czasie rzeczywistym, dopasowywaniem CVE feed, skanowaniem YARA i wielozakładkowym dashboardem analitycznym. Żadnego LLM. Żadnej chmury. Żadnego szumu.





HexRoot Honeypot is not a public download. Access is granted after evaluation — consistent with our policy on all tools and research. Send an email describing your context and intended use.
RootKill is a defensive threat surface scanner designed to continuously map IP ranges of known bullet-proof hosting providers and identify active C2 servers, phishing infrastructure, webshells, and backdoors — before they are used against you. No feeds of known IOCs. No shared data. No cloud. It finds what nobody has catalogued yet.
RootKill è uno scanner difensivo della superficie di attacco progettato per mappare continuamente i range IP di provider bullet-proof noti e identificare server C2 attivi, infrastruttura phishing, webshell e backdoor — prima che vengano usati contro di te. Nessun feed di IOC noti. Nessun dato condiviso. Nessun cloud. Trova quello che nessuno ha ancora catalogato.
RootKill is not a public download. Designed for CSIRT teams, threat intelligence researchers, and security organisations. Access is granted after evaluation of context and intended use.
We collaborate with researchers, security teams, and organisations that share our commitment to responsible, defensive security work.
Access to our codebase and research is granted on evaluation only.
No exceptions. No shortcuts. Just send us an email and we'll talk.