A curated list of analysis tools and resources created or maintained by Swisscom CSIRT.

Besides the tool mentioned below, our team contributes to various tools, among others to Sigma, KapeFiles, forensic artifacts, RECmd and RegRipper.

Here's a list of internet articles from various activities around the Swisscom CSIRT.

• Die guten Hacker [DE], 31 August 2016
• Mr Red v. Mr Blue – a stress test for Swisscom, 8 November 2018
• Paying a visit to the IT fire brigade, 15 May 2020
• On the hunt for hidden attackers, 18 September 2020

• PowerGRR - PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
• PowerSponse - PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
• ArtifactCollectionMatrix - Forensic Artifact Collection Tool Matrix.
• Invoke-Forensics - Invoke-Forensics provides PowerShell scripts to simplify working with KAPE's targets and modules (KapeFiles) and RegRipper's plugins.

• detections - This repo contains threat intelligence information and threat detection indicators (IOC, IOA) shared by Swisscom CSIRT.

• PowerShell Splunk Addon - Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.

• Twitter - Swisscom CSIRT on Twitter.
• FIRST - FIRST team page.

• Bug Bounty - Our Bug Bounty programme supports the reporting and quick elimination of security gaps (bugs) in our products and services. We invite both private individuals and organisations to report weak points to our Computer Security Incident Response Team (CSIRT).