https://polymathmonkey.github.io/weblog/tags/securityresearch/index.htmlHugoen-usFri, 05 Jun 2026 12:32:13 +0200https://polymathmonkey.github.io/weblog/securityresearch/threathuntinglikeanerd/index.htmlFri, 05 Jun 2026 12:04:00 +0200https://polymathmonkey.github.io/weblog/securityresearch/threathuntinglikeanerd/index.htmlThe Tooling Problem Most threat hunters use one of three things to document their work: a Word document, a Jupyter notebook, or a dedicated platform like TheHive or Aurora. Word documents are fine until you want to run a query from inside the document. Jupyter notebooks are fine until you want to write prose that does not look like a GitHub README. TheHive is fine until you are a solo analyst running a homelab and you do not want to maintain another service.