HexGuard & DeathWeb is a proactive cyber defense engine combining automated OSINT collection, distributed honeypot intelligence, and real-time IOC enrichment. Built on industry standards such as OWASP, MITRE ATT&CK, STIX/TAXII, it delivers actionable threat intelligence for integration into TIPs and SIEMs.

HexGuard detects suspicious network behavior, identifies intrusion vectors (reconnaissance, exploitation, exfiltration), and enables early-stage threat response. Designed for critical infrastructure environments, the platform is lightweight, modular, and Zero Trust-oriented.

📸 Platform Screenshots

🛠️ Technology Stack & Roadmap

• Python + backend Flask
• SQL (SingleStore) for real-time IOC storage and analytics
• Apache Kafka for streaming IOC ingestion and processing
• Modular microservices: ingestion, enrichment, classification
• Dockerized deployment with Gunicorn WSGI
• OSINT parsing pipelines & ASN/GeoIP/Reverse DNS enrichment
• Integrated support for STIX/TAXII and MITRE ATT&CK mappings
• Random Forest-based IOC classification using enriched threat features
• Frontend API integration and live threat dashboards

🧠 Ongoing AI Research & Prototyping

• Behavioral classification via Random Forest models
• GRU / LSTM detection of anomalous traffic patterns
• KMeans & DEC clustering of darkweb intel
• DistilBERT M7B for multilingual threat NLP
• Real-time mapping of GSM and VoIP infrastructure IOCs
• Darknet/Deepweb crawler integration for enriched context

📸 Real Time Intel