Sentinel
A Tor-aware threat-intelligence platform that watches Tier-1 ransomware leak sites and dark-web search engines for your exposure, scans suspect URLs, captures endpoint telemetry, and uses an on-device LLM to turn it all into forensic intelligence.
Overview
Sentinel continuously monitors a curated set of Tier-1 ransomware leak portals and dark-web search engines, every request routed through Tor, and alerts the moment a watched term surfaces: a domain, a brand, an employee identity, a project codename. The posture is strictly defensive and read-only; it reports exposure, it never touches leaked data.
Around that core sits a full operations layer: brand-protection registries that auto-derive what to monitor, a URL reputation scanner backed by VirusTotal, and an endpoint agent, a browser extension plus a native daemon, that intercepts navigation, captures traffic metadata, and streams enrolled-device telemetry back to a hardened, token-authenticated server.
An agentic AI forensics engine closes the loop: an on-device LLM continuously summarises each endpoint's activity into severity-ranked forensic intelligence, so analysts read conclusions instead of logs. The platform runs autonomously and self-heals across reboots.
Capabilities
- Tor-routed monitoring of Tier-1 leak sites + dark-web search engines
- Real-time exposure alerts on domains, brands, identities, and codenames
- Brand-protection registries that auto-seed monitoring terms
- VirusTotal-backed URL reputation scanning, fully audit-logged
- Endpoint agent: browser extension + native daemon for traffic capture
- Agentic AI forensics, an on-device LLM ranks telemetry into intelligence
Next project