Building a small IOC extraction tool
Parsing IPs, URLs and hashes is a small project, but it feels close to real blue-team work.
IOC extraction is a good student project because the problem is small but realistic. Reports and logs often mix normal text with IPs, domains, URLs and hashes.
The first version should be predictable. I care more about clean output and duplicate removal than trying to detect everything.
I also learned that output format matters. A tool is more useful if the result can become CSV, JSON, or input for another investigation workflow.
Later I want to add tests, sample logs, and maybe reputation API lookup. But the base should stay simple enough that I can explain it.