$100daysofYARA is a little challenge created by Greg Lesnewich (@greglesnewich) to prompt Yara enthusiasts (and wannabe enthusiasts) to create a new Yara signature every day for three-ish months.
I am admittedly behind on this already for the year, bu I'm hoping to catch up!
This specific repo (100 Days of Yara for OT) will eventually contain 100 Operational Technology related yara rules.
For about a year, I have been thinking about creating Yara rules to make it easier to hunt down PLC program data, firmware, logs, and other files that will make my life as an OT cybersecurity analyst easier. I hope they will make yours easier too.
So, without further ado, here are the first three "days" of rules:
- DAY 001: IEC 61131-3 Structured Text files
- DAY 002: Allen-Bradley Structured Logic (.L5K) Files
- DAY 003: L5K but now with more XML
- Coming Soon: Some love for other flavors of Structured Text...
Thanks for reading! John