Welcome to the start of this new series on building threat hunting tools with Python!
In this series I will be showcasing a variety of threat hunting tools which you can use to hunt for threats, automate tedious processes, and extend to create your own toolkit! The majority of these tools will be simple with a focus on being easy to understand and implement. This is so that you, the reader, can learn from these tools and begin to develop your own. There will be no cookie-cutter tutorial on programming fundamentals, instead this series will focus on the practical implementation of scripting/programming through small projects. It is encouraged that you play with these scripts, figure out ways to break or extend them, and try to improve on their basic design to fit your needs. I find this approach the best way to learn any new programming language/concept.
Before we delve into any technical details let’s consider why we should develop our own threat hunting tools in the first place.
The Why
So why would you need your own tools when a simple Google search will reveal tons of free and paid options?
