What I Learned Developing KYE

SOC Analysts often spend a lot of time manually looking up indicators of compromise (IOCs) across multiple OSINT tools like VirusTotal, AbuseIPDB, and MalwareBazaar. This repetitive process slows down triage and investigation.

CorpseChasm-KnowYourEnemy is a CLI tool I developed to automate this process and save time. You pass an IOC (Indicator of Compromise) to the tool, and it automatically detects whether it’s an IP address, domain, or file hash. Then, it uses multiple OSINT APIs to enrich the IOC with relevant intelligence to speed up analysis.

This was my first time developing a tool using APIs, and I learned a TON in the process.

I learned:

• How to work with APIs! I had never developed with APIs before, and was surprised at how approachable it turned out to be.

• How to build clean CLI applications. By using Python libraries like rich, I was able to create a user-friendly interface inspired by some of my favorite infosec tools.

• Why automation matters. Once I understood the manual process, automating it with Python made everything smoother and more scalable. This project gave me a deeper appreciation for scripting and tooling in cybersecurity.