← Articles

Building a small IOC extraction tool

May 8, 2026 Blue Team 3 min updated 5/8/2026

Parsing IPs, URLs and hashes is a small project, but it feels close to real blue-team work.

IOC extraction is a good student project because the problem is small but realistic. Reports and logs often mix normal text with IPs, domains, URLs and hashes.

The first version should be predictable. I care more about clean output and duplicate removal than trying to detect everything.

I also learned that output format matters. A tool is more useful if the result can become CSV, JSON, or input for another investigation workflow.

Later I want to add tests, sample logs, and maybe reputation API lookup. But the base should stay simple enough that I can explain it.

Previous

Using AI tools without losing my own thinking

Next

What I learned from a small open source PR