update

pre-commit checks
2025-11-28 22:36:47 -05:00 · 2025-11-26 00:13:06 -05:00
70 changed files with 536 additions and 1410 deletions
@@ -1,6 +1,6 @@
 ---
 name: Idea
-about: An idea for a feature or improvement to Atomic Red Team. 
+about: An idea for a feature or improvement to Atomic Red Team.
 title: 'Idea: '
 labels: 'idea'
 assignees: ''
@@ -7,7 +7,7 @@ assignees: ''

 ---

-### Why the change? 
+### Why the change?


 ### A summary of the change
@@ -5,12 +5,12 @@

 version: 2
 updates:
-  - package-ecosystem: "pip" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "weekly"
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
+- package-ecosystem: "pip" # See documentation for possible values
+  directory: "/" # Location of package manifests
+  schedule:
+    interval: "weekly"
+# Maintain dependencies for GitHub Actions
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
@@ -2,58 +2,59 @@ name: assign-labels

 on:
  workflow_run:
-    workflows: ["validate-atomics"]
+    workflows:
+    - "validate-atomics"
    types:
-      - completed
+    - completed

 jobs:
  assign-labels:
    runs-on: ubuntu-latest
    steps:
-      - name: download-artifact
-        uses: actions/github-script@v8
-        with:
-          script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id,
-            });
-            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "labels.json"
-            })[0];
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/labels.zip`, Buffer.from(download.data));
+    - name: download-artifact
+      uses: actions/github-script@v8
+      with:
+        script: |
+          let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+             owner: context.repo.owner,
+             repo: context.repo.repo,
+             run_id: context.payload.workflow_run.id,
+          });
+          let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+            return artifact.name == "labels.json"
+          })[0];
+          let download = await github.rest.actions.downloadArtifact({
+             owner: context.repo.owner,
+             repo: context.repo.repo,
+             artifact_id: matchArtifact.id,
+             archive_format: 'zip',
+          });
+          let fs = require('fs');
+          fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/labels.zip`, Buffer.from(download.data));

-      - name: unzip-artifact
-        run: unzip labels.zip
+    - name: unzip-artifact
+      run: unzip labels.zip

-      - name: assign-labels-and-reviewers
-        uses: actions/github-script@v8
-        with:
-          script: |
-            let fs = require('fs');
-            const obj = JSON.parse(fs.readFileSync('./labels.json'));
-            console.log(obj)
-            if(obj.labels.length > 0){
-              await github.rest.issues.addLabels({
-                issue_number: obj.pr,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                labels: obj.labels
-               })
-            }
-            if(obj.maintainers.length > 0){
-              await github.rest.issues.addAssignees({
-                issue_number: obj.pr,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                assignees: obj.maintainers
-              });
-            }
+    - name: assign-labels-and-reviewers
+      uses: actions/github-script@v8
+      with:
+        script: |-
+          let fs = require('fs');
+          const obj = JSON.parse(fs.readFileSync('./labels.json'));
+          console.log(obj)
+          if(obj.labels.length > 0){
+            await github.rest.issues.addLabels({
+              issue_number: obj.pr,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: obj.labels
+             })
+          }
+          if(obj.maintainers.length > 0){
+            await github.rest.issues.addAssignees({
+              issue_number: obj.pr,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              assignees: obj.maintainers
+            });
+          }
@@ -1,69 +1,70 @@
 name: generate-docs
 on:
  push:
-    branches: [ "master" ]
+    branches:
+    - "master"

 jobs:
  generate-docs:
    runs-on: ubuntu-latest
    steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-        with:
-          token: ${{ secrets.PROTECTED_BRANCH_PUSH_TOKEN }}
+    - name: checkout repo
+      uses: actions/checkout@v6
+      with:
+        token: ${{ secrets.PROTECTED_BRANCH_PUSH_TOKEN }}

-      - name: Install poetry
-        run: pipx install poetry
-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.11.2"
-          cache: "poetry"
-      - name: Install dependencies
-        run: poetry install --no-interaction
+    - name: Install poetry
+      run: pipx install poetry
+    - uses: actions/setup-python@v6
+      with:
+        python-version: "3.11.2"
+        cache: "poetry"
+    - name: Install dependencies
+      run: poetry install --no-interaction

-      - name: Generate shields.io URL
-        run: poetry run python runner.py generate-counter
-        id: counter
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: Generate shields.io URL
+      run: poetry run python runner.py generate-counter
+      id: counter
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}

-      - name: Update README
-        run: |
-          echo ${{ steps.counter.outputs.result }}
-          sed -i "s|https://img.shields.io/badge/Atomics-.*-flat.svg|${{ steps.counter.outputs.result }}|" README.md
-        shell: bash
+    - name: Update README
+      run: |
+        echo ${{ steps.counter.outputs.result }}
+        sed -i "s|https://img.shields.io/badge/Atomics-.*-flat.svg|${{ steps.counter.outputs.result }}|" README.md
+      shell: bash

-      - name: Generate and commit unique GUIDs for each atomic test
-        run: poetry run python runner.py generate-guids
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: Generate and commit unique GUIDs for each atomic test
+      run: poetry run python runner.py generate-guids
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}

-      - name: setup ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.0
-          bundler-cache: true
+    - name: setup ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 3.0
+        bundler-cache: true

-      - name: generate markdown docs for atomics
-        run: |
-          bin/generate-atomic-docs.rb
-          echo ""
-          echo ""
-          git status
-          echo ""
-          echo ""
-          git diff-index HEAD --
+    - name: generate markdown docs for atomics
+      run: |-
+        bin/generate-atomic-docs.rb
+        echo ""
+        echo ""
+        git status
+        echo ""
+        echo ""
+        git diff-index HEAD --

-          if git diff-index --quiet HEAD -- ; then
-            echo "Not committing documentation because there are no changes"
-          else
-            git config credential.helper 'cache --timeout=120'
-            git config user.email "opensource@redcanary.com"
-            git config user.name "Atomic Red Team doc generator"
-            git add README.md
-            git add atomics
-            git commit -am "Generated docs from job=$GITHUB_JOB branch=$GITHUB_REF_NAME [ci skip]"
-            git push origin $GITHUB_REF_NAME -f
-          fi
+        if git diff-index --quiet HEAD -- ; then
+          echo "Not committing documentation because there are no changes"
+        else
+          git config credential.helper 'cache --timeout=120'
+          git config user.email "opensource@redcanary.com"
+          git config user.name "Atomic Red Team doc generator"
+          git add README.md
+          git add atomics
+          git commit -am "Generated docs from job=$GITHUB_JOB branch=$GITHUB_REF_NAME [ci skip]"
+          git push origin $GITHUB_REF_NAME -f
+        fi
@@ -3,27 +3,27 @@ name: validate-python-file-changes
 on:
  pull_request:
    branches:
-      - master
+    - master
    paths:
-      - "atomic_red_team/**/*.py"
+    - "atomic_red_team/**/*.py"

 jobs:
  validate-python-file-changes:
    runs-on: macos-latest
    steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-      - name: Install poetry
-        run: pipx install poetry
-      - name: setup python3.11
-        uses: actions/setup-python@v6
-        id: setup-python
-        with:
-          python-version: "3.12.4"
-          cache: "poetry"
+    - name: checkout repo
+      uses: actions/checkout@v6
+    - name: Install poetry
+      run: pipx install poetry
+    - name: setup python3.11
+      uses: actions/setup-python@v6
+      id: setup-python
+      with:
+        python-version: "3.12.4"
+        cache: "poetry"

-      - name: Install dependencies
-        run: poetry install --no-interaction
+    - name: Install dependencies
+      run: poetry install --no-interaction

-      - name: Run pytest
-        run: poetry run pytest atomic_red_team/tests
+    - name: Run pytest
+      run: poetry run pytest atomic_red_team/tests
@@ -1,19 +1,19 @@
 name: 'Close stale issues and PRs'
 on:
  schedule:
-    - cron: '30 1 * * *'
+  - cron: '30 1 * * *'

 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v10
-        with:
-          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
-          stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
-          close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
-          close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.'
-          days-before-issue-stale: 30
-          days-before-pr-stale: 45
-          days-before-issue-close: 10
-          days-before-pr-close: 10
+    - uses: actions/stale@v10
+      with:
+        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+        stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
+        close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
+        close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.'
+        days-before-issue-stale: 30
+        days-before-pr-stale: 45
+        days-before-issue-close: 10
+        days-before-pr-close: 10
@@ -3,73 +3,73 @@ name: validate-atomics
 on:
  pull_request:
    branches:
-      - master
+    - master

 jobs:
  validate-atomics:
    runs-on: ubuntu-latest
    steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-      - name: Install poetry
-        run: pipx install poetry
-      - name: setup python3.11
-        uses: actions/setup-python@v6
-        id: setup-python
-        with:
-          python-version: "3.11.2"
-          cache: "poetry"
+    - name: checkout repo
+      uses: actions/checkout@v6
+    - name: Install poetry
+      run: pipx install poetry
+    - name: setup python3.11
+      uses: actions/setup-python@v6
+      id: setup-python
+      with:
+        python-version: "3.11.2"
+        cache: "poetry"

-      - name: Install dependencies
-        run: poetry install --no-interaction
+    - name: Install dependencies
+      run: poetry install --no-interaction

-      - name: validate the format of atomics tests against the spec
-        run: poetry run python runner.py validate
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: validate the format of atomics tests against the spec
+      run: poetry run python runner.py validate
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}

  upload:
    runs-on: ubuntu-latest
    steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-      - name: Install poetry
-        run: pipx install poetry
-      - name: setup python3.11
-        uses: actions/setup-python@v6
-        id: setup-python
-        with:
-          python-version: "3.11.2"
-          cache: "poetry"
-      - uses: actions/github-script@v8
-        id: get_pr_number
-        with:
-          script: |
-            if (context.issue.number) {
-              // Return issue number if present
-              return context.issue.number;
-            } else {
-              // Otherwise return issue number from commit
-              return (
-                await github.rest.repos.listPullRequestsAssociatedWithCommit({
-                  commit_sha: context.sha,
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                })
-              ).data[0].number;
-            }
-          result-encoding: string
-      - name: Install dependencies
-        run: poetry install --no-interaction --no-root
-      - name: save labels and reviewers into a file.
-        run: |
-          poetry run python runner.py generate-labels --pr '${{steps.get_pr_number.outputs.result}}' --token ${{ secrets.GITHUB_TOKEN }}
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: checkout repo
+      uses: actions/checkout@v6
+    - name: Install poetry
+      run: pipx install poetry
+    - name: setup python3.11
+      uses: actions/setup-python@v6
+      id: setup-python
+      with:
+        python-version: "3.11.2"
+        cache: "poetry"
+    - uses: actions/github-script@v8
+      id: get_pr_number
+      with:
+        script: |
+          if (context.issue.number) {
+            // Return issue number if present
+            return context.issue.number;
+          } else {
+            // Otherwise return issue number from commit
+            return (
+              await github.rest.repos.listPullRequestsAssociatedWithCommit({
+                commit_sha: context.sha,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+              })
+            ).data[0].number;
+          }
+        result-encoding: string
+    - name: Install dependencies
+      run: poetry install --no-interaction --no-root
+    - name: save labels and reviewers into a file.
+      run: |
+        poetry run python runner.py generate-labels --pr '${{steps.get_pr_number.outputs.result}}' --token ${{ secrets.GITHUB_TOKEN }}
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}

-      - uses: actions/upload-artifact@v5
-        with:
-          name: labels.json
-          path: atomic_red_team/pr/
+    - uses: actions/upload-artifact@v5
+      with:
+        name: labels.json
+        path: atomic_red_team/pr/
@@ -3,18 +3,18 @@ name: validate-terraform
 on:
  pull_request:
    branches:
-      - master
+    - master
    paths:
-      - "**/*.tf"
+    - "**/*.tf"

 jobs:
  validate-terraform:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
-      - uses: hashicorp/setup-terraform@v3
+    - uses: actions/checkout@v6
+    - uses: hashicorp/setup-terraform@v3

-      - name: Terraform fmt
-        id: fmt
-        run: terraform fmt -recursive -check
-        continue-on-error: false
+    - name: Terraform fmt
+      id: fmt
+      run: terraform fmt -recursive -check
+      continue-on-error: false
@@ -0,0 +1,21 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v6.0.0
+  hooks:
+  - id: trailing-whitespace
+  - id: check-yaml
+  - id: check-added-large-files
+    args:
+    - "--maxkb=10000"
+  - id: check-merge-conflict
+  - id: check-json
+  - id: mixed-line-ending
+  - id: fix-byte-order-marker
+  - id: debug-statements
+
+- repo: https://github.com/google/yamlfmt
+  rev: v0.20.0
+  hooks:
+  - id: yamlfmt
+    args:
+    - "--verbose"
@@ -0,0 +1,14 @@
+# yamlfmt configuration file
+# See https://github.com/google/yamlfmt for more options
+
+formatter:
+  indent: 2
+  trim_trailing_whitespace: true
+  eof_newline: true
+  force_array_style: block
+  retain_line_breaks_single: true
+  indentless_arrays: true
+  verbose: true
+
+exclude:
+  - ".git/**"
@@ -1,6 +1,6 @@
 # Contributor Code of Conduct

-Welcome to the [Atomic Red Team online community](https://atomicredteam.io/). Our goal is to foster an open, safe, and welcoming environment. As a collective, we—as contributors, maintainers, and the Open Source Projects team of Red Canary—pledge to encourage our project and community to be a harassment-free space. We invite you to collaborate, exchange thoughts or information, and engage with one another. Atomic Red Team is meant for everyone, regardless of age, personal appearance, body size, disability, nationality, race, ethnicity, gender identity and expression, level of experience or academics, religion, or sexual identity and orientation. 
+Welcome to the [Atomic Red Team online community](https://atomicredteam.io/). Our goal is to foster an open, safe, and welcoming environment. As a collective, we—as contributors, maintainers, and the Open Source Projects team of Red Canary—pledge to encourage our project and community to be a harassment-free space. We invite you to collaborate, exchange thoughts or information, and engage with one another. Atomic Red Team is meant for everyone, regardless of age, personal appearance, body size, disability, nationality, race, ethnicity, gender identity and expression, level of experience or academics, religion, or sexual identity and orientation.

 ## Our Guidelines

@@ -27,7 +27,7 @@ If you see anything that you believe breaks our community guidelines, no matter

 ## Enforcement & Consequences

-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the Community Manager. Unacceptable behavior will not be tolerated by community members, maintainers, and Red Canary team members.  The Atomic Red Team Community Manager and maintainers will review and investigate all complaints. 
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the Community Manager. Unacceptable behavior will not be tolerated by community members, maintainers, and Red Canary team members.  The Atomic Red Team Community Manager and maintainers will review and investigate all complaints.

 Anyone asked to stop unacceptable behavior is expected to comply immediately. If an Atomic Red Team community member (anyone contributing to our [GitHub Repo](https://github.com/redcanaryco/atomic-red-team) or [Community Slack](https://slack.atomicredteam.io/)) engages in unacceptable behavior, the Community Manager may take any temporary or permanent action they deem appropriate, up to and including immediate expulsion from the Atomic Red Team community without warning.

@@ -49,10 +49,10 @@ This Code of Conduct applies to all of the Atomic Red Team, and “Atomic Family

 * [Atomic Red Team GitHub](https://github.com/redcanaryco/atomic-red-team)

-* **Atomic Family**  
-  * [Invoke-AtomicRedTeam](https://github.com/redcanaryco/invoke-atomicredteam) 
-  * [AtomicTestHarnesses](https://github.com/redcanaryco/atomictestharnesses) 
-  * [Chain Reactor](https://github.com/redcanaryco/chain-reactor) 
+* **Atomic Family**
+  * [Invoke-AtomicRedTeam](https://github.com/redcanaryco/invoke-atomicredteam)
+  * [AtomicTestHarnesses](https://github.com/redcanaryco/atomictestharnesses)
+  * [Chain Reactor](https://github.com/redcanaryco/chain-reactor)

 ## Attribution

@@ -2,7 +2,7 @@

 # Atomic Red Team

-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1761-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1750-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)


 Atomic Red Team™ is a library of tests mapped to the
@@ -3,7 +3,7 @@
 ## [Description from ATT&CK](https://attack.mitre.org/techniques/<%= technique['identifier'].gsub(/\./, '/') %>)
 <blockquote>

-<%= technique['description'].gsub("%\\<", "%<").gsub(/<code>.*?<\/code>/) { |match| match.gsub('~', '\~') } %>
+<%= technique['description'].gsub("%\\<", "%<") %>

 </blockquote>

@@ -10,7 +10,7 @@ class AtomicRedTeam

  # TODO- should these all be relative URLs?
  ROOT_GITHUB_URL = "https://github.com/redcanaryco/atomic-red-team"
-  
+
  #
  # Returns a list of paths that contain Atomic Tests
  #
@@ -19,10 +19,10 @@ class AtomicRedTeam
  end

  #
-  # Returns a list of Atomic Tests in Atomic Red Team (as Hashes from source YAML) 
+  # Returns a list of Atomic Tests in Atomic Red Team (as Hashes from source YAML)
  #
  def atomic_tests
-    @atomic_tests ||= atomic_test_paths.collect do |path| 
+    @atomic_tests ||= atomic_test_paths.collect do |path|
      atomic_yaml = YAML.load(File.read path)
      atomic_yaml['atomic_yaml_path'] = path
      atomic_yaml
@@ -40,7 +40,7 @@ class AtomicRedTeam
    end

    test_list = Array.new
-    atomic_tests.find do |atomic_yaml| 
+    atomic_tests.find do |atomic_yaml|
      if atomic_yaml.fetch('attack_technique').upcase == technique_identifier.upcase
        atomic_yaml['atomic_tests'].each do |a_test|
          if a_test["supported_platforms"].include?(platform[:platform])
@@ -62,13 +62,13 @@ class AtomicRedTeam
      technique_or_technique_identifier
    end

-    atomic_tests.find do |atomic_yaml| 
+    atomic_tests.find do |atomic_yaml|
      atomic_yaml.fetch('attack_technique').upcase == technique_identifier.upcase
    end.to_h.fetch('atomic_tests', [])
  end

  #
-  # Returns a Markdown formatted Github link to a technique. This will be to the edit page for 
+  # Returns a Markdown formatted Github link to a technique. This will be to the edit page for
  # techniques that already have one or more Atomic Red Team tests, or the create page for
  # techniques that have no existing tests for the given OS.
  #
@@ -103,17 +103,17 @@ class AtomicRedTeam

  def validate_atomic_yaml!(yaml, used_guids_file, unique_guid_array)
    raise("YAML file has no elements") if yaml.nil?
-  
+
    raise('`attack_technique` element is required') unless yaml.has_key?('attack_technique')
    raise('`attack_technique` element must be a string') unless yaml['attack_technique'].is_a?(String)
-  
+
    raise('`display_name` element is required') unless yaml.has_key?('display_name')
    raise('`display_name` element must be an array') unless yaml['display_name'].is_a?(String)
-  
+
    raise('`atomic_tests` element is required') unless yaml.has_key?('atomic_tests')
    raise('`atomic_tests` element must be an array') unless yaml['atomic_tests'].is_a?(Array)
    raise('`atomic_tests` element is empty - you have no tests') unless yaml['atomic_tests'].count > 0
-  
+
    yaml['atomic_tests'].each_with_index do |atomic, i|
      raise("`atomic_tests[#{i}].name` element is required") unless atomic.has_key?('name')
      raise("`atomic_tests[#{i}].name` element must be a string") unless atomic['name'].is_a?(String)
@@ -127,10 +127,10 @@ class AtomicRedTeam

      raise("`atomic_tests[#{i}].description` element is required") unless atomic.has_key?('description')
      raise("`atomic_tests[#{i}].description` element must be a string") unless atomic['description'].is_a?(String)
-  
+
      raise("`atomic_tests[#{i}].supported_platforms` element is required") unless atomic.has_key?('supported_platforms')
      raise("`atomic_tests[#{i}].supported_platforms` element must be an Array (was a #{atomic['supported_platforms'].class.name})") unless atomic['supported_platforms'].is_a?(Array)
-  
+
      valid_supported_platforms = ['windows', 'macos', 'linux', 'office-365', 'azure-ad', 'google-workspace', 'saas', 'iaas', 'containers', 'iaas:aws', 'iaas:azure', 'iaas:gcp']
      atomic['supported_platforms'].each do |platform|
        if !valid_supported_platforms.include?(platform)
@@ -149,22 +149,22 @@ class AtomicRedTeam
        arg_name, arg = arg_kvp
        raise("`atomic_tests[#{i}].input_arguments[#{iai}].description` element is required") unless arg.has_key?('description')
        raise("`atomic_tests[#{i}].input_arguments[#{iai}].description` element must be a string") unless arg['description'].is_a?(String)
-  
+
        raise("`atomic_tests[#{i}].input_arguments[#{iai}].type` element is required") unless arg.has_key?('type')
        raise("`atomic_tests[#{i}].input_arguments[#{iai}].type` element must be a string") unless arg['type'].is_a?(String)
        raise("`atomic_tests[#{i}].input_arguments[#{iai}].type` element must be lowercased and underscored (was #{arg['type']})") unless arg['type'] =~ /[a-z_]+/
-  
+
        # TODO: determine if we think default values are required for EVERY input argument
        # raise("`atomic_tests[#{i}].input_arguments[#{iai}].default` element is required") unless arg.has_key?('default')
        # raise("`atomic_tests[#{i}].input_arguments[#{iai}].default` element must be a string (was a #{arg['default'].class.name})") unless arg['default'].is_a?(String)
      end
-  
+
      raise("`atomic_tests[#{i}].executor` element is required") unless atomic.has_key?('executor')
      executor = atomic['executor']
      raise("`atomic_tests[#{i}].executor.name` element is required") unless executor.has_key?('name')
      raise("`atomic_tests[#{i}].executor.name` element must be a string") unless executor['name'].is_a?(String)
      raise("`atomic_tests[#{i}].executor.name` element must be lowercased and underscored (was #{executor['name']})") unless executor['name'] =~ /[a-z_]+/
-  
+
      valid_executor_types = ['command_prompt', 'sh', 'bash', 'powershell', 'manual', 'aws', 'az', 'gcloud', 'kubectl']
      case executor['name']
        when 'manual'
@@ -192,7 +192,7 @@ class AtomicRedTeam

  def record_used_guids!(yaml, used_guids_file)
    return unless !yaml.nil?
- 
+
    yaml['atomic_tests'].each_with_index do |atomic, i|
      next unless atomic.has_key?('auto_generated_guid')
      guid = atomic["auto_generated_guid"].to_s
@@ -201,7 +201,7 @@ class AtomicRedTeam
  end

  def generate_guids_for_yaml!(path, used_guids_file)
-    text = File.read(path) 
+    text = File.read(path)
    # add the "auto_generated_guid:" element after the "- name:" element if it isn't already there
    text.gsub!(/(?i)(^([ \t]*-[ \t]*)name:.*$(?!\s*auto_generated_guid))/) { |m| "#{$1}\n#{$2.gsub(/-/," ")}auto_generated_guid:"}
    # fill the "auto_generated_guid:" element in if it doesn't contain a guid
@@ -218,7 +218,7 @@ class AtomicRedTeam
      break unless !is_unique_guid(new_guid, used_guids_file)
    end
    # add this new unique guid to the used guids file
-    add_guid_to_used_guid_file(new_guid, used_guids_file) 
+    add_guid_to_used_guid_file(new_guid, used_guids_file)
    return new_guid
  end

@@ -2,14 +2,14 @@ require 'open-uri'
 require 'json'

 #
-# Attack is an API class that loads information about ATT&CK techniques from MITRE'S ATT&CK 
+# Attack is an API class that loads information about ATT&CK techniques from MITRE'S ATT&CK
 # STIX representation. It makes it very simple to do common things with ATT&CK.
 #
 class Attack
-  # 
+  #
  # Tactics as presented in the order that the ATT&CK matrics uses
  #
-  def ordered_tactics 
+  def ordered_tactics
    [
      'initial-access',
      'execution',
@@ -26,27 +26,27 @@ class Attack
    ]
  end

-  # 
+  #
  # Returns the technique identifier (T1234) for a Technique object
  #
  def technique_identifier_for_technique(technique)
-    technique.fetch('external_references', []).find do |refs| 
+    technique.fetch('external_references', []).find do |refs|
      refs['source_name'] == 'mitre-attack'
    end['external_id'].upcase
  end

-  # 
+  #
  # Returns a Technique object given a technique identifier (T1234)
  #
  def technique_info(technique_id)
-    techniques.find do |item| 
+    techniques.find do |item|
      item.fetch('external_references', []).find do |references|
        references['external_id'] == technique_id.upcase
      end
    end
  end
-  
-  # 
+
+  #
  # Returns the ATT&CK Matrix as a 2D array, in order by `ordered_tactics`
  #
  def ordered_tactic_to_technique_matrix(only_platform: /.*/)
@@ -68,7 +68,7 @@ class Attack
    all_techniques_in_tactic_order.transpose
  end

-  # 
+  #
  # Returns a map of all [ ATT&CK Tactic name ] => [ List of ATT&CK techniques associated with that tactic]
  #
  def techniques_by_tactic(only_platform: /.*/)
@@ -84,7 +84,7 @@ class Attack
      end
    end
    techniques_by_tactic
-  end 
+  end

  #
  # Returns a list of all ATT&CK techniques
@@ -10,4 +10,4 @@ atomic_tests:
  executor:
    command: |
      sudo -i
-    name: bash
+    name: bash
@@ -17,4 +17,4 @@ atomic_tests:
      "#{gsecdump_exe}" -a
    name: command_prompt
    elevation_required: true
-  dependency_executor_name:
+  dependency_executor_name:
@@ -17,4 +17,4 @@ atomic_tests:
      "#{gsecdump_exe}" -a
    name: command_prompt
    elevation_required: true
-  dependency_executor_name: "bash"
+  dependency_executor_name: "bash"
@@ -1861,10 +1861,6 @@ discovery,T1615,Group Policy Discovery,3,WinPwn - GPOAudit,bc25c04b-841e-4965-85
 discovery,T1615,Group Policy Discovery,4,WinPwn - GPORemoteAccessPolicy,7230d01a-0a72-4bd5-9d7f-c6d472bc6a59,powershell
 discovery,T1615,Group Policy Discovery,5,MSFT Get-GPO Cmdlet,52778a8f-a10b-41a4-9eae-52ddb74072bf,powershell
 discovery,T1652,Device Driver Discovery,1,Device Driver Discovery,235b30a2-e5b1-441f-9705-be6231c88ddd,powershell
-discovery,T1652,Device Driver Discovery,2,Device Driver Discovery (Linux),d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1,bash
-discovery,T1652,Device Driver Discovery,3,Enumerate Kernel Driver Files (Linux),13c0fef5-9be9-4d7f-9c6b-901624e53770,bash
-discovery,T1652,Device Driver Discovery,4,List loaded kernel extensions (macOS),71eab73d-5d7d-4681-9a72-7873489a5b85,bash
-discovery,T1652,Device Driver Discovery,5,Find Kernel Extensions (macOS),c63bbe52-6f17-4832-b221-f07ba8b1736f,bash
 discovery,T1087.002,Account Discovery: Domain Account,1,Enumerate all accounts (Domain),6fbc9e68-5ad7-444a-bd11-8bf3136c477e,command_prompt
 discovery,T1087.002,Account Discovery: Domain Account,2,Enumerate all accounts via PowerShell (Domain),8b8a6449-be98-4f42-afd2-dedddc7453b2,powershell
 discovery,T1087.002,Account Discovery: Domain Account,3,Enumerate logged on users via CMD (Domain),161dcd85-d014-4f5e-900c-d3eaae82a0f7,command_prompt
@@ -1927,10 +1923,6 @@ discovery,T1007,System Service Discovery,1,System Service Discovery,89676ba1-b1f
 discovery,T1007,System Service Discovery,2,System Service Discovery - net.exe,5f864a3f-8ce9-45c0-812c-bdf7d8aeacc3,command_prompt
 discovery,T1007,System Service Discovery,3,System Service Discovery - systemctl/service,f4b26bce-4c2c-46c0-bcc5-fce062d38bef,bash
 discovery,T1007,System Service Discovery,4,Get-Service Execution,51f17016-d8fa-4360-888a-df4bf92c4a04,command_prompt
-discovery,T1007,System Service Discovery,5,System Service Discovery - macOS launchctl,9b378962-a75e-4856-b117-2503d6dcebba,sh
-discovery,T1007,System Service Discovery,6,System Service Discovery - Windows Scheduled Tasks (schtasks),7cd7eaa3-9ccc-460d-96d2-c6fb13e6d58a,command_prompt
-discovery,T1007,System Service Discovery,7,System Service Discovery - Services Registry Enumeration,d70d82bd-bb00-4837-b146-b40d025551b2,powershell
-discovery,T1007,System Service Discovery,8,System Service Discovery - Linux init scripts,8f2a5d2b-4018-46d4-8f3f-0fea53754690,sh
 discovery,T1040,Network Sniffing,1,Packet Capture Linux using tshark or tcpdump,7fe741f7-b265-4951-a7c7-320889083b3e,bash
 discovery,T1040,Network Sniffing,2,Packet Capture FreeBSD using tshark or tcpdump,c93f2492-9ebe-44b5-8b45-36574cccfe67,sh
 discovery,T1040,Network Sniffing,3,Packet Capture macOS using tcpdump or tshark,9d04efee-eff5-4240-b8d2-07792b873608,bash
@@ -2047,11 +2039,8 @@ discovery,T1083,File and Directory Discovery,8,Identifying Network Shares - Linu
 discovery,T1083,File and Directory Discovery,9,Recursive Enumerate Files And Directories By Powershell,95a21323-770d-434c-80cd-6f6fbf7af432,powershell
 discovery,T1049,System Network Connections Discovery,1,System Network Connections Discovery,0940a971-809a-48f1-9c4d-b1d785e96ee5,command_prompt
 discovery,T1049,System Network Connections Discovery,2,System Network Connections Discovery with PowerShell,f069f0f1-baad-4831-aa2b-eddac4baac4a,powershell
-discovery,T1049,System Network Connections Discovery,3,System Network Connections Discovery via PowerShell (Process Mapping),b52c8233-8f71-4bd7-9928-49fec8215cf5,powershell
-discovery,T1049,System Network Connections Discovery,4,System Network Connections Discovery via ss or lsof (Linux/MacOS),bcf05343-ef1d-4052-8a27-b00c9be42b9f,bash
-discovery,T1049,System Network Connections Discovery,5,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
-discovery,T1049,System Network Connections Discovery,6,"System Network Connections Discovery via sockstat (Linux, FreeBSD)",997bb0a6-421e-40c7-b5d2-0f493904ef9b,sh
-discovery,T1049,System Network Connections Discovery,7,System Discovery using SharpView,96f974bb-a0da-4d87-a744-ff33e73367e9,powershell
+discovery,T1049,System Network Connections Discovery,3,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
+discovery,T1049,System Network Connections Discovery,4,System Discovery using SharpView,96f974bb-a0da-4d87-a744-ff33e73367e9,powershell
 discovery,T1619,Cloud Storage Object Discovery,1,AWS S3 Enumeration,3c7094f8-71ec-4917-aeb8-a633d7ec4ef5,sh
 discovery,T1619,Cloud Storage Object Discovery,2,Azure - Enumerate Storage Account Objects via Shared Key authorization using Azure CLI,070322a4-2c60-4c50-8ffb-c450a34fe7bf,powershell
 discovery,T1619,Cloud Storage Object Discovery,3,Azure - Scan for Anonymous Access to Azure Storage (Powershell),146af1f1-b74e-4aa7-9895-505eb559b4b0,powershell
@@ -332,8 +332,6 @@ credential-access,T1003.008,"OS Credential Dumping: /etc/passwd, /etc/master.pas
 credential-access,T1003.008,"OS Credential Dumping: /etc/passwd, /etc/master.passwd and /etc/shadow",5,"Access /etc/{shadow,passwd,master.passwd} with shell builtins",f5aa6543-6cb2-4fae-b9c2-b96e14721713,sh
 discovery,T1033,System Owner/User Discovery,2,System Owner/User Discovery,2a9b677d-a230-44f4-ad86-782df1ef108c,sh
 discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,2,"Check internet connection using ping freebsd, linux or macos",be8f4019-d8b6-434c-a814-53123cdcc11e,bash
-discovery,T1652,Device Driver Discovery,2,Device Driver Discovery (Linux),d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1,bash
-discovery,T1652,Device Driver Discovery,3,Enumerate Kernel Driver Files (Linux),13c0fef5-9be9-4d7f-9c6b-901624e53770,bash
 discovery,T1087.002,Account Discovery: Domain Account,23,Active Directory Domain Search,096b6d2a-b63f-4100-8fa0-525da4cd25ca,sh
 discovery,T1087.002,Account Discovery: Domain Account,24,Account Enumeration with LDAPDomainDump,a54d497e-8dbe-4558-9895-44944baa395f,sh
 discovery,T1087.001,Account Discovery: Local Account,1,Enumerate all accounts (Local),f8aab3dd-5990-4bf8-b8ab-2226c951696f,sh
@@ -346,7 +344,6 @@ discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,1,Detect Virtu
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,2,Detect Virtualization Environment (FreeBSD),e129d73b-3e03-4ae9-bf1e-67fc8921e0fd,sh
 discovery,T1069.002,Permission Groups Discovery: Domain Groups,15,Active Directory Domain Search Using LDAP - Linux (Ubuntu)/macOS,d58d749c-4450-4975-a9e9-8b1d562755c2,sh
 discovery,T1007,System Service Discovery,3,System Service Discovery - systemctl/service,f4b26bce-4c2c-46c0-bcc5-fce062d38bef,bash
-discovery,T1007,System Service Discovery,8,System Service Discovery - Linux init scripts,8f2a5d2b-4018-46d4-8f3f-0fea53754690,sh
 discovery,T1040,Network Sniffing,1,Packet Capture Linux using tshark or tcpdump,7fe741f7-b265-4951-a7c7-320889083b3e,bash
 discovery,T1040,Network Sniffing,2,Packet Capture FreeBSD using tshark or tcpdump,c93f2492-9ebe-44b5-8b45-36574cccfe67,sh
 discovery,T1040,Network Sniffing,10,Packet Capture FreeBSD using /dev/bpfN with sudo,e2028771-1bfb-48f5-b5e6-e50ee0942a14,sh
@@ -372,9 +369,7 @@ discovery,T1016,System Network Configuration Discovery,3,System Network Configur
 discovery,T1083,File and Directory Discovery,3,Nix File and Directory Discovery,ffc8b249-372a-4b74-adcd-e4c0430842de,sh
 discovery,T1083,File and Directory Discovery,4,Nix File and Directory Discovery 2,13c5e1ae-605b-46c4-a79f-db28c77ff24e,sh
 discovery,T1083,File and Directory Discovery,8,Identifying Network Shares - Linux,361fe49d-0c19-46ec-a483-ccb92d38e88e,sh
-discovery,T1049,System Network Connections Discovery,4,System Network Connections Discovery via ss or lsof (Linux/MacOS),bcf05343-ef1d-4052-8a27-b00c9be42b9f,bash
-discovery,T1049,System Network Connections Discovery,5,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
-discovery,T1049,System Network Connections Discovery,6,"System Network Connections Discovery via sockstat (Linux, FreeBSD)",997bb0a6-421e-40c7-b5d2-0f493904ef9b,sh
+discovery,T1049,System Network Connections Discovery,3,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
 discovery,T1057,Process Discovery,1,Process Discovery - ps,4ff64f0b-aaf2-4866-b39d-38d9791407cc,sh
 discovery,T1069.001,Permission Groups Discovery: Local Groups,1,Permission Groups Discovery (Local),952931a4-af0b-4335-bbbe-73c8c5b327ae,sh
 discovery,T1201,Password Policy Discovery,1,Examine password complexity policy - Ubuntu,085fe567-ac84-47c7-ac4c-2688ce28265b,bash
@@ -221,8 +221,6 @@ credential-access,T1056.002,Input Capture: GUI Input Capture,3,AppleScript - Spo
 credential-access,T1110.004,Brute Force: Credential Stuffing,2,SSH Credential Stuffing From MacOS,d546a3d9-0be5-40c7-ad82-5a7d79e1b66b,bash
 discovery,T1033,System Owner/User Discovery,2,System Owner/User Discovery,2a9b677d-a230-44f4-ad86-782df1ef108c,sh
 discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,2,"Check internet connection using ping freebsd, linux or macos",be8f4019-d8b6-434c-a814-53123cdcc11e,bash
-discovery,T1652,Device Driver Discovery,4,List loaded kernel extensions (macOS),71eab73d-5d7d-4681-9a72-7873489a5b85,bash
-discovery,T1652,Device Driver Discovery,5,Find Kernel Extensions (macOS),c63bbe52-6f17-4832-b221-f07ba8b1736f,bash
 discovery,T1087.001,Account Discovery: Local Account,2,View sudoers access,fed9be70-0186-4bde-9f8a-20945f9370c2,sh
 discovery,T1087.001,Account Discovery: Local Account,3,View accounts with UID 0,c955a599-3653-4fe5-b631-f11c00eb0397,sh
 discovery,T1087.001,Account Discovery: Local Account,4,List opened files by user,7e46c7a5-0142-45be-a858-1a3ecb4fd3cb,sh
@@ -232,7 +230,6 @@ discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,4,Detect Virtu
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,6,Detect Virtualization Environment using sysctl (hw.model),6beae646-eb4c-4730-95be-691a4094408c,sh
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,7,Check if System Integrity Protection is enabled,2b73cd9b-b2fb-4357-b9d7-c73c41d9e945,sh
 discovery,T1497.001,Virtualization/Sandbox Evasion: System Checks,8,Detect Virtualization Environment using system_profiler,e04d2e89-de15-4d90-92f9-a335c7337f0f,sh
-discovery,T1007,System Service Discovery,5,System Service Discovery - macOS launchctl,9b378962-a75e-4856-b117-2503d6dcebba,sh
 discovery,T1040,Network Sniffing,3,Packet Capture macOS using tcpdump or tshark,9d04efee-eff5-4240-b8d2-07792b873608,bash
 discovery,T1040,Network Sniffing,8,Packet Capture macOS using /dev/bpfN with sudo,e6fe5095-545d-4c8b-a0ae-e863914be3aa,bash
 discovery,T1040,Network Sniffing,9,Filtered Packet Capture macOS using /dev/bpfN with sudo,e2480aee-23f3-4f34-80ce-de221e27cd19,bash
@@ -251,8 +248,7 @@ discovery,T1016,System Network Configuration Discovery,3,System Network Configur
 discovery,T1016,System Network Configuration Discovery,8,List macOS Firewall Rules,ff1d8c25-2aa4-4f18-a425-fede4a41ee88,bash
 discovery,T1083,File and Directory Discovery,3,Nix File and Directory Discovery,ffc8b249-372a-4b74-adcd-e4c0430842de,sh
 discovery,T1083,File and Directory Discovery,4,Nix File and Directory Discovery 2,13c5e1ae-605b-46c4-a79f-db28c77ff24e,sh
-discovery,T1049,System Network Connections Discovery,4,System Network Connections Discovery via ss or lsof (Linux/MacOS),bcf05343-ef1d-4052-8a27-b00c9be42b9f,bash
-discovery,T1049,System Network Connections Discovery,5,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
+discovery,T1049,System Network Connections Discovery,3,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
 discovery,T1057,Process Discovery,1,Process Discovery - ps,4ff64f0b-aaf2-4866-b39d-38d9791407cc,sh
 discovery,T1069.001,Permission Groups Discovery: Local Groups,1,Permission Groups Discovery (Local),952931a4-af0b-4335-bbbe-73c8c5b327ae,sh
 discovery,T1201,Password Policy Discovery,8,Examine password policy - macOS,4b7fa042-9482-45e1-b348-4b756b2a0742,bash
@@ -1329,8 +1329,6 @@ discovery,T1069.002,Permission Groups Discovery: Domain Groups,14,Active Directo
 discovery,T1007,System Service Discovery,1,System Service Discovery,89676ba1-b1f8-47ee-b940-2e1a113ebc71,command_prompt
 discovery,T1007,System Service Discovery,2,System Service Discovery - net.exe,5f864a3f-8ce9-45c0-812c-bdf7d8aeacc3,command_prompt
 discovery,T1007,System Service Discovery,4,Get-Service Execution,51f17016-d8fa-4360-888a-df4bf92c4a04,command_prompt
-discovery,T1007,System Service Discovery,6,System Service Discovery - Windows Scheduled Tasks (schtasks),7cd7eaa3-9ccc-460d-96d2-c6fb13e6d58a,command_prompt
-discovery,T1007,System Service Discovery,7,System Service Discovery - Services Registry Enumeration,d70d82bd-bb00-4837-b146-b40d025551b2,powershell
 discovery,T1040,Network Sniffing,4,Packet Capture Windows Command Prompt,a5b2f6a0-24b4-493e-9590-c699f75723ca,command_prompt
 discovery,T1040,Network Sniffing,5,Windows Internal Packet Capture,b5656f67-d67f-4de8-8e62-b5581630f528,command_prompt
 discovery,T1040,Network Sniffing,6,Windows Internal pktmon capture,c67ba807-f48b-446e-b955-e4928cd1bf91,command_prompt
@@ -1408,8 +1406,7 @@ discovery,T1083,File and Directory Discovery,7,ESXi - Enumerate VMDKs available
 discovery,T1083,File and Directory Discovery,9,Recursive Enumerate Files And Directories By Powershell,95a21323-770d-434c-80cd-6f6fbf7af432,powershell
 discovery,T1049,System Network Connections Discovery,1,System Network Connections Discovery,0940a971-809a-48f1-9c4d-b1d785e96ee5,command_prompt
 discovery,T1049,System Network Connections Discovery,2,System Network Connections Discovery with PowerShell,f069f0f1-baad-4831-aa2b-eddac4baac4a,powershell
-discovery,T1049,System Network Connections Discovery,3,System Network Connections Discovery via PowerShell (Process Mapping),b52c8233-8f71-4bd7-9928-49fec8215cf5,powershell
-discovery,T1049,System Network Connections Discovery,7,System Discovery using SharpView,96f974bb-a0da-4d87-a744-ff33e73367e9,powershell
+discovery,T1049,System Network Connections Discovery,4,System Discovery using SharpView,96f974bb-a0da-4d87-a744-ff33e73367e9,powershell
 discovery,T1654,Log Enumeration,1,Get-EventLog To Enumerate Windows Security Log,a9030b20-dd4b-4405-875e-3462c6078fdc,powershell
 discovery,T1654,Log Enumeration,2,Enumerate Windows Security Log via WevtUtil,fef0ace1-3550-4bf1-a075-9fea55a778dd,command_prompt
 discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
@@ -2557,10 +2557,6 @@
  - Atomic Test #5: MSFT Get-GPO Cmdlet [windows]
 - [T1652 Device Driver Discovery](../../T1652/T1652.md)
  - Atomic Test #1: Device Driver Discovery [windows]
-  - Atomic Test #2: Device Driver Discovery (Linux) [linux]
-  - Atomic Test #3: Enumerate Kernel Driver Files (Linux) [linux]
-  - Atomic Test #4: List loaded kernel extensions (macOS) [macos]
-  - Atomic Test #5: Find Kernel Extensions (macOS) [macos]
 - [T1087.002 Account Discovery: Domain Account](../../T1087.002/T1087.002.md)
  - Atomic Test #1: Enumerate all accounts (Domain) [windows]
  - Atomic Test #2: Enumerate all accounts via PowerShell (Domain) [windows]
@@ -2628,10 +2624,6 @@
  - Atomic Test #2: System Service Discovery - net.exe [windows]
  - Atomic Test #3: System Service Discovery - systemctl/service [linux]
  - Atomic Test #4: Get-Service Execution [windows]
-  - Atomic Test #5: System Service Discovery - macOS launchctl [macos]
-  - Atomic Test #6: System Service Discovery - Windows Scheduled Tasks (schtasks) [windows]
-  - Atomic Test #7: System Service Discovery - Services Registry Enumeration [windows]
-  - Atomic Test #8: System Service Discovery - Linux init scripts [linux]
 - [T1040 Network Sniffing](../../T1040/T1040.md)
  - Atomic Test #1: Packet Capture Linux using tshark or tcpdump [linux]
  - Atomic Test #2: Packet Capture FreeBSD using tshark or tcpdump [linux]
@@ -2765,11 +2757,8 @@
 - [T1049 System Network Connections Discovery](../../T1049/T1049.md)
  - Atomic Test #1: System Network Connections Discovery [windows]
  - Atomic Test #2: System Network Connections Discovery with PowerShell [windows]
-  - Atomic Test #3: System Network Connections Discovery via PowerShell (Process Mapping) [windows]
-  - Atomic Test #4: System Network Connections Discovery via ss or lsof (Linux/MacOS) [linux, macos]
-  - Atomic Test #5: System Network Connections Discovery FreeBSD, Linux & MacOS [linux, macos]
-  - Atomic Test #6: System Network Connections Discovery via sockstat (Linux, FreeBSD) [linux]
-  - Atomic Test #7: System Discovery using SharpView [windows]
+  - Atomic Test #3: System Network Connections Discovery FreeBSD, Linux & MacOS [linux, macos]
+  - Atomic Test #4: System Discovery using SharpView [windows]
 - T1497 Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1619 Cloud Storage Object Discovery](../../T1619/T1619.md)
  - Atomic Test #1: AWS S3 Enumeration [iaas:aws]
@@ -732,9 +732,7 @@
  - Atomic Test #2: Check internet connection using ping freebsd, linux or macos [macos, linux]
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1615 Group Policy Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1652 Device Driver Discovery](../../T1652/T1652.md)
-  - Atomic Test #2: Device Driver Discovery (Linux) [linux]
-  - Atomic Test #3: Enumerate Kernel Driver Files (Linux) [linux]
+- T1652 Device Driver Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1087.002 Account Discovery: Domain Account](../../T1087.002/T1087.002.md)
  - Atomic Test #23: Active Directory Domain Search [linux]
  - Atomic Test #24: Account Enumeration with LDAPDomainDump [linux]
@@ -752,7 +750,6 @@
  - Atomic Test #15: Active Directory Domain Search Using LDAP - Linux (Ubuntu)/macOS [linux]
 - [T1007 System Service Discovery](../../T1007/T1007.md)
  - Atomic Test #3: System Service Discovery - systemctl/service [linux]
-  - Atomic Test #8: System Service Discovery - Linux init scripts [linux]
 - [T1040 Network Sniffing](../../T1040/T1040.md)
  - Atomic Test #1: Packet Capture Linux using tshark or tcpdump [linux]
  - Atomic Test #2: Packet Capture FreeBSD using tshark or tcpdump [linux]
@@ -794,9 +791,7 @@
  - Atomic Test #4: Nix File and Directory Discovery 2 [linux, macos]
  - Atomic Test #8: Identifying Network Shares - Linux [linux]
 - [T1049 System Network Connections Discovery](../../T1049/T1049.md)
-  - Atomic Test #4: System Network Connections Discovery via ss or lsof (Linux/MacOS) [linux, macos]
-  - Atomic Test #5: System Network Connections Discovery FreeBSD, Linux & MacOS [linux, macos]
-  - Atomic Test #6: System Network Connections Discovery via sockstat (Linux, FreeBSD) [linux]
+  - Atomic Test #3: System Network Connections Discovery FreeBSD, Linux & MacOS [linux, macos]
 - T1497 Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1654 Log Enumeration [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1057 Process Discovery](../../T1057/T1057.md)
@@ -655,9 +655,7 @@
  - Atomic Test #2: Check internet connection using ping freebsd, linux or macos [macos, linux]
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1615 Group Policy Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1652 Device Driver Discovery](../../T1652/T1652.md)
-  - Atomic Test #4: List loaded kernel extensions (macOS) [macos]
-  - Atomic Test #5: Find Kernel Extensions (macOS) [macos]
+- T1652 Device Driver Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1087.002 Account Discovery: Domain Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1087.001 Account Discovery: Local Account](../../T1087.001/T1087.001.md)
  - Atomic Test #2: View sudoers access [linux, macos]
@@ -671,8 +669,7 @@
  - Atomic Test #7: Check if System Integrity Protection is enabled [macos]
  - Atomic Test #8: Detect Virtualization Environment using system_profiler [macos]
 - T1069.002 Permission Groups Discovery: Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1007 System Service Discovery](../../T1007/T1007.md)
-  - Atomic Test #5: System Service Discovery - macOS launchctl [macos]
+- T1007 System Service Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1040 Network Sniffing](../../T1040/T1040.md)
  - Atomic Test #3: Packet Capture macOS using tcpdump or tshark [macos]
  - Atomic Test #8: Packet Capture macOS using /dev/bpfN with sudo [macos]
@@ -707,8 +704,7 @@
  - Atomic Test #3: Nix File and Directory Discovery [linux, macos]
  - Atomic Test #4: Nix File and Directory Discovery 2 [linux, macos]
 - [T1049 System Network Connections Discovery](../../T1049/T1049.md)
-  - Atomic Test #4: System Network Connections Discovery via ss or lsof (Linux/MacOS) [linux, macos]
-  - Atomic Test #5: System Network Connections Discovery FreeBSD, Linux & MacOS [linux, macos]
+  - Atomic Test #3: System Network Connections Discovery FreeBSD, Linux & MacOS [linux, macos]
 - T1497 Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1654 Log Enumeration [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1057 Process Discovery](../../T1057/T1057.md)
@@ -1861,8 +1861,6 @@
  - Atomic Test #1: System Service Discovery [windows]
  - Atomic Test #2: System Service Discovery - net.exe [windows]
  - Atomic Test #4: Get-Service Execution [windows]
-  - Atomic Test #6: System Service Discovery - Windows Scheduled Tasks (schtasks) [windows]
-  - Atomic Test #7: System Service Discovery - Services Registry Enumeration [windows]
 - [T1040 Network Sniffing](../../T1040/T1040.md)
  - Atomic Test #4: Packet Capture Windows Command Prompt [windows]
  - Atomic Test #5: Windows Internal Packet Capture [windows]
@@ -1956,8 +1954,7 @@
 - [T1049 System Network Connections Discovery](../../T1049/T1049.md)
  - Atomic Test #1: System Network Connections Discovery [windows]
  - Atomic Test #2: System Network Connections Discovery with PowerShell [windows]
-  - Atomic Test #3: System Network Connections Discovery via PowerShell (Process Mapping) [windows]
-  - Atomic Test #7: System Discovery using SharpView [windows]
+  - Atomic Test #4: System Discovery using SharpView [windows]
 - T1497 Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1654 Log Enumeration](../../T1654/T1654.md)
  - Atomic Test #1: Get-EventLog To Enumerate Windows Security Log [windows]
@@ -4,7 +4,7 @@
 | External Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Server Software Component [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Socket Filters [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Socket Filters [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Adversary-in-the-Middle [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [System Owner/User Discovery](../../T1033/T1033.md) | Remote Services:VNC [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Archive Collected Data: Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Web Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Socket Filters [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disk Structure Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Command and Scripting Interpreter: JavaScript [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Fileless Storage [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Modify Authentication Process: Pluggable Authentication Modules](../../T1556.003/T1556.003.md) | [System Network Configuration Discovery: Internet Connection Discovery](../../T1016.001/T1016.001.md) | Taint Shared Content [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Screen Capture](../../T1113/T1113.md) | Exfiltration Over Webhook [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Data Encoding: Standard Encoding](../../T1132.001/T1132.001.md) | Direct Network Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Phishing: Spearphishing Link [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | User Execution: Malicious File [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Modify Authentication Process: Pluggable Authentication Modules](../../T1556.003/T1556.003.md) | Create or Modify System Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Embedded Payloads [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Input Capture: Keylogging](../../T1056.001/T1056.001.md) | Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Remote Services: SSH [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Adversary-in-the-Middle [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scheduled Transfer [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Generation Algorithms [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | External Defacement [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
-| Phishing: Spearphishing Attachment [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task/Job: Cron](../../T1053.003/T1053.003.md) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Abuse Elevation Control Mechanism: Sudo and Sudo Caching](../../T1548.003/T1548.003.md) | [Modify Authentication Process: Pluggable Authentication Modules](../../T1556.003/T1556.003.md) | [Brute Force: Password Guessing](../../T1110.001/T1110.001.md) | [Device Driver Discovery](../../T1652/T1652.md) | SSH Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Input Capture: Keylogging](../../T1056.001/T1056.001.md) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Layer Protocol: DNS [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | OS Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
+| Phishing: Spearphishing Attachment [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task/Job: Cron](../../T1053.003/T1053.003.md) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Abuse Elevation Control Mechanism: Sudo and Sudo Caching](../../T1548.003/T1548.003.md) | [Modify Authentication Process: Pluggable Authentication Modules](../../T1556.003/T1556.003.md) | [Brute Force: Password Guessing](../../T1110.001/T1110.001.md) | Device Driver Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | SSH Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Input Capture: Keylogging](../../T1056.001/T1056.001.md) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Layer Protocol: DNS [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | OS Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Compromise Hardware Supply Chain [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Create or Modify System Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Autostart Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | File/Path Exclusions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | OS Credential Dumping [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Account Discovery: Domain Account](../../T1087.002/T1087.002.md) | Use Alternate Authentication Material [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Audio Capture [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Publish/Subscribe Protocols [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Supply Chain Compromise [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Native API [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | External Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task/Job: Cron](../../T1053.003/T1053.003.md) | [File and Directory Permissions Modification: FreeBSD, Linux and Mac File and Directory Permissions Modification](../../T1222.002/T1222.002.md) | Steal Web Session Cookie [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Account Discovery: Local Account](../../T1087.001/T1087.001.md) | Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Archive via Custom Method [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Automated Exfiltration [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Symmetric Cryptography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disk Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Exploit Public-Facing Application [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Systemctl [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Bootkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Securityd Memory [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Virtualization/Sandbox Evasion: System Checks](../../T1497.001/T1497.001.md) | Remote Service Session Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Email Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration Over Symmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Fast Flux DNS [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Stored Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
@@ -4,12 +4,12 @@
 | External Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Server Software Component [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Socket Filters [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Socket Filters [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Adversary-in-the-Middle [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [System Owner/User Discovery](../../T1033/T1033.md) | [Remote Services:VNC](../../T1021.005/T1021.005.md) | [Archive Collected Data: Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Web Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Socket Filters [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disk Structure Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Command and Scripting Interpreter: JavaScript [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Embedded Payloads [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Modify Authentication Process: Pluggable Authentication Modules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [System Network Configuration Discovery: Internet Connection Discovery](../../T1016.001/T1016.001.md) | Taint Shared Content [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Screen Capture](../../T1113/T1113.md) | Exfiltration Over Webhook [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Data Encoding: Standard Encoding](../../T1132.001/T1132.001.md) | Direct Network Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Phishing: Spearphishing Link [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | User Execution: Malicious File [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Modify Authentication Process: Pluggable Authentication Modules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Create or Modify System Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Modify Authentication Process: Pluggable Authentication Modules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Input Capture: Keylogging](../../T1056.001/T1056.001.md) | Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Remote Services: SSH [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Adversary-in-the-Middle [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scheduled Transfer [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Generation Algorithms [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | External Defacement [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
-| Phishing: Spearphishing Attachment [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task/Job: Cron](../../T1053.003/T1053.003.md) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | LC_LOAD_DYLIB Addition [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | File/Path Exclusions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Brute Force: Password Guessing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Device Driver Discovery](../../T1652/T1652.md) | SSH Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Input Capture: Keylogging](../../T1056.001/T1056.001.md) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Layer Protocol: DNS [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | OS Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
+| Phishing: Spearphishing Attachment [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task/Job: Cron](../../T1053.003/T1053.003.md) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | LC_LOAD_DYLIB Addition [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | File/Path Exclusions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Brute Force: Password Guessing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Device Driver Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | SSH Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Input Capture: Keylogging](../../T1056.001/T1056.001.md) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Layer Protocol: DNS [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | OS Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Compromise Hardware Supply Chain [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Create or Modify System Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Abuse Elevation Control Mechanism: Sudo and Sudo Caching](../../T1548.003/T1548.003.md) | [File and Directory Permissions Modification: FreeBSD, Linux and Mac File and Directory Permissions Modification](../../T1222.002/T1222.002.md) | OS Credential Dumping [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Account Discovery: Domain Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Audio Capture](../../T1123/T1123.md) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Publish/Subscribe Protocols [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Supply Chain Compromise [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Command and Scripting Interpreter: AppleScript](../../T1059.002/T1059.002.md) | External Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Autostart Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Steal Web Session Cookie](../../T1539/T1539.md) | [Account Discovery: Local Account](../../T1087.001/T1087.001.md) | Remote Service Session Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Archive via Custom Method [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Automated Exfiltration [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Symmetric Cryptography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disk Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Exploit Public-Facing Application [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Native API [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | LC_LOAD_DYLIB Addition [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task/Job: Cron](../../T1053.003/T1053.003.md) | Hide Artifacts: Email Hiding Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Securityd Memory [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Virtualization/Sandbox Evasion: System Checks](../../T1497.001/T1497.001.md) | Software Deployment Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Email Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration Over Symmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Fast Flux DNS [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Stored Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Content Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Input Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Autostart Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Obfuscated Files or Information: Encrypted/Encoded File](../../T1027.013/T1027.013.md) | Brute Force: Password Cracking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Permission Groups Discovery: Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exploitation of Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data from Removable Media [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration to Code Repository [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Layer Protocol [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Service Stop [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
-| [Valid Accounts: Default Accounts](../../T1078.001/T1078.001.md) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Browser Extensions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Additional Local or Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Rootkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Credentials from Password Stores: Keychain](../../T1555.001/T1555.001.md) | [System Service Discovery](../../T1007/T1007.md) | Internal Spearphishing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Data Staged: Local Data Staging](../../T1074.001/T1074.001.md) | [Exfiltration Over Alternative Protocol - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](../../T1048.002/T1048.002.md) | Remote Access Software [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
+| [Valid Accounts: Default Accounts](../../T1078.001/T1078.001.md) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Browser Extensions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Additional Local or Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Rootkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Credentials from Password Stores: Keychain](../../T1555.001/T1555.001.md) | System Service Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Internal Spearphishing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Data Staged: Local Data Staging](../../T1074.001/T1074.001.md) | [Exfiltration Over Alternative Protocol - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](../../T1048.002/T1048.002.md) | Remote Access Software [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Trusted Relationship [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Malicious Library [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task/Job: Cron](../../T1053.003/T1053.003.md) | [Boot or Logon Initialization Scripts: Logon Script (Mac)](../../T1037.002/T1037.002.md) | [Abuse Elevation Control Mechanism: Sudo and Sudo Caching](../../T1548.003/T1548.003.md) | Password Managers [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Network Sniffing](../../T1040/T1040.md) | Lateral Tool Transfer [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Databases [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration Over C2 Channel [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Content Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Runtime Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Phishing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [System Services: Launchctl](../../T1569.001/T1569.001.md) | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Process Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Masquerading: Match Legitimate Name or Location](../../T1036.005/T1036.005.md) | [Network Sniffing](../../T1040/T1040.md) | [Network Share Discovery](../../T1135/T1135.md) |  | Automated Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Exfiltration Over Alternative Protocol](../../T1048/T1048.md) | Traffic Signaling [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Reflection Amplification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
 | Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | XPC Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Browser Extensions](../../T1176/T1176.md) | [Create or Modify System Process: Launch Daemon](../../T1543.004/T1543.004.md) | Masquerade File Type [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Ccache Files [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Peripheral Device Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  | [Clipboard Data](../../T1115/T1115.md) | Exfiltration over USB [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Protocol Tunneling](../../T1572/T1572.md) | Service Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
@@ -100070,61 +100070,6 @@ discovery:
        cleanup_command:
        name: powershell
        elevation_required: false
-    - name: Device Driver Discovery (Linux)
-      auto_generated_guid: d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1
-      description: 'Displays a list of loaded kernel modules on a Linux system, which
-        is used to enumerate drivers.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'lsmod
-
-          '
-        name: bash
-        elevation_required: false
-    - name: Enumerate Kernel Driver Files (Linux)
-      auto_generated_guid: 13c0fef5-9be9-4d7f-9c6b-901624e53770
-      description: 'Finds and lists all kernel driver files on a Linux system in order
-        to provide a broader view of available drivers, not just loaded ones.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'find /lib/modules/$(uname -r)/kernel/drivers -name "*.ko*"
-
-          '
-        name: bash
-        elevation_required: false
-    - name: List loaded kernel extensions (macOS)
-      auto_generated_guid: 71eab73d-5d7d-4681-9a72-7873489a5b85
-      description: 'Displays a list of loaded kernel extensions (kexts) on a macOS
-        system.
-
-        '
-      supported_platforms:
-      - macos
-      executor:
-        command: 'kextstat
-
-          '
-        name: bash
-        elevation_required: false
-    - name: Find Kernel Extensions (macOS)
-      auto_generated_guid: c63bbe52-6f17-4832-b221-f07ba8b1736f
-      description: 'Searches for kernel extension (kext) files on a macOS system.
-
-        '
-      supported_platforms:
-      - macos
-      executor:
-        command: 'kextfind
-
-          '
-        name: bash
-        elevation_required: false
  T1087.002:
    technique:
      type: attack-pattern
@@ -101709,7 +101654,7 @@ discovery:
      - windows
      executor:
        command: |
-          tasklist.exe /svc
+          tasklist.exe
          sc query
          sc query state= all
        name: command_prompt
@@ -101757,62 +101702,6 @@ discovery:
      executor:
        name: command_prompt
        command: powershell.exe Get-Service
-    - name: System Service Discovery - macOS launchctl
-      auto_generated_guid: 9b378962-a75e-4856-b117-2503d6dcebba
-      description: |
-        Enumerates services on macOS using launchctl. Used by adversaries for
-        identifying daemons, background services, and persistence mechanisms.
-      supported_platforms:
-      - macos
-      executor:
-        name: sh
-        command: launchctl list
-    - name: System Service Discovery - Windows Scheduled Tasks (schtasks)
-      auto_generated_guid: 7cd7eaa3-9ccc-460d-96d2-c6fb13e6d58a
-      description: 'Enumerates scheduled tasks on Windows using schtasks.exe.
-
-        '
-      supported_platforms:
-      - windows
-      executor:
-        name: command_prompt
-        command: schtasks /query /fo LIST /v
-    - name: System Service Discovery - Services Registry Enumeration
-      auto_generated_guid: d70d82bd-bb00-4837-b146-b40d025551b2
-      description: |
-        Enumerates Windows services by reading the Services registry key
-        (HKLM\SYSTEM\CurrentControlSet\Services) instead of using Service Control
-        Manager APIs or CLI tools such as sc.exe or Get-Service.
-      supported_platforms:
-      - windows
-      executor:
-        name: powershell
-        command: |
-          Get-ChildItem -Path 'HKLM:\SYSTEM\CurrentControlSet\Services' |
-            ForEach-Object {
-              $p = Get-ItemProperty -Path $_.PSPath -ErrorAction SilentlyContinue
-              [PSCustomObject]@{
-                Name        = $_.PSChildName
-                DisplayName = $p.DisplayName
-                ImagePath   = $p.ImagePath
-                StartType   = $p.Start
-              }
-            }
-    - name: System Service Discovery - Linux init scripts
-      auto_generated_guid: 8f2a5d2b-4018-46d4-8f3f-0fea53754690
-      description: |
-        Enumerates system services by listing SysV init scripts and runlevel
-        symlinks under /etc/init.d and /etc/rc*.d.
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        command: |
-          echo "[*] Listing SysV init scripts (/etc/init.d):"
-          if [ -d /etc/init.d ]; then ls -l /etc/init.d; else echo "/etc/init.d not present on this system"; fi
-          echo
-          echo "[*] Listing runlevel directories (/etc/rc*.d):"
-          ls -ld /etc/rc*.d 2>/dev/null || echo "No /etc/rc*.d directories found"
  T1040:
    technique:
      type: attack-pattern
@@ -105475,20 +105364,20 @@ discovery:
      description: |
        Get a listing of network connections.

-        Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. `net sessions` requires
-        elevated privileges; on standard user accounts this command may not return results. Results will output via stdout.
+        Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. Results will output via stdout.
      supported_platforms:
      - windows
      executor:
        command: |
-          netstat -ano
+          netstat
          net use
-          net sessions 2>nul
+          net sessions
        name: command_prompt
    - name: System Network Connections Discovery with PowerShell
      auto_generated_guid: f069f0f1-baad-4831-aa2b-eddac4baac4a
      description: |
        Get a listing of network connections.
+
        Upon successful execution, powershell.exe will execute `get-NetTCPConnection`. Results will output via stdout.
      supported_platforms:
      - windows
@@ -105497,42 +105386,6 @@ discovery:

          '
        name: powershell
-    - name: System Network Connections Discovery via PowerShell (Process Mapping)
-      auto_generated_guid: b52c8233-8f71-4bd7-9928-49fec8215cf5
-      description: 'Enumerate TCP connections and map to owning process names via
-        PowerShell.
-
-        '
-      supported_platforms:
-      - windows
-      executor:
-        name: powershell
-        command: |
-          Get-NetTCPConnection | ForEach-Object {
-            $p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
-            [pscustomobject]@{
-              Local   = "$($_.LocalAddress):$($_.LocalPort)"
-              Remote  = "$($_.RemoteAddress):$($_.RemotePort)"
-              State   = $_.State
-              PID     = $_.OwningProcess
-              Process = if ($p) { $p.ProcessName } else { $null }
-            }
-          } | Sort-Object State,Process | Format-Table -AutoSize
-    - name: System Network Connections Discovery via ss or lsof (Linux/MacOS)
-      auto_generated_guid: bcf05343-ef1d-4052-8a27-b00c9be42b9f
-      description: |
-        List active TCP/UDP network connections using ss, with lsof as a fallback
-        when ss is unavailable. Serves as an alternative to the netstat-based test.
-      supported_platforms:
-      - linux
-      - macos
-      executor:
-        name: bash
-        command: 'if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss
-          -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true;
-          fi
-
-          '
    - name: System Network Connections Discovery FreeBSD, Linux & MacOS
      auto_generated_guid: 9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2
      description: |
@@ -105559,19 +105412,6 @@ discovery:
          netstat
          who -a
        name: sh
-    - name: System Network Connections Discovery via sockstat (Linux, FreeBSD)
-      auto_generated_guid: 997bb0a6-421e-40c7-b5d2-0f493904ef9b
-      description: 'Enumerate IPv4/IPv6 network endpoints on FreeBSD using sockstat.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        command: |
-          sockstat -4
-          sockstat -6 2>/dev/null || true
-          sockstat -l 2>/dev/null || true
    - name: System Discovery using SharpView
      auto_generated_guid: 96f974bb-a0da-4d87-a744-ff33e73367e9
      description: "Get a listing of network connections, domains, domain users, and
@@ -55788,35 +55788,7 @@ discovery:
      - Windows
      x_mitre_version: '1.0'
      identifier: T1652
-    atomic_tests:
-    - name: Device Driver Discovery (Linux)
-      auto_generated_guid: d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1
-      description: 'Displays a list of loaded kernel modules on a Linux system, which
-        is used to enumerate drivers.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'lsmod
-
-          '
-        name: bash
-        elevation_required: false
-    - name: Enumerate Kernel Driver Files (Linux)
-      auto_generated_guid: 13c0fef5-9be9-4d7f-9c6b-901624e53770
-      description: 'Finds and lists all kernel driver files on a Linux system in order
-        to provide a broader view of available drivers, not just loaded ones.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        command: 'find /lib/modules/$(uname -r)/kernel/drivers -name "*.ko*"
-
-          '
-        name: bash
-        elevation_required: false
+    atomic_tests: []
  T1087.002:
    technique:
      type: attack-pattern
@@ -56413,21 +56385,6 @@ discovery:

          '
        name: bash
-    - name: System Service Discovery - Linux init scripts
-      auto_generated_guid: 8f2a5d2b-4018-46d4-8f3f-0fea53754690
-      description: |
-        Enumerates system services by listing SysV init scripts and runlevel
-        symlinks under /etc/init.d and /etc/rc*.d.
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        command: |
-          echo "[*] Listing SysV init scripts (/etc/init.d):"
-          if [ -d /etc/init.d ]; then ls -l /etc/init.d; else echo "/etc/init.d not present on this system"; fi
-          echo
-          echo "[*] Listing runlevel directories (/etc/rc*.d):"
-          ls -ld /etc/rc*.d 2>/dev/null || echo "No /etc/rc*.d directories found"
  T1040:
    technique:
      type: attack-pattern
@@ -58211,21 +58168,6 @@ discovery:
      x_mitre_version: '2.5'
      identifier: T1049
    atomic_tests:
-    - name: System Network Connections Discovery via ss or lsof (Linux/MacOS)
-      auto_generated_guid: bcf05343-ef1d-4052-8a27-b00c9be42b9f
-      description: |
-        List active TCP/UDP network connections using ss, with lsof as a fallback
-        when ss is unavailable. Serves as an alternative to the netstat-based test.
-      supported_platforms:
-      - linux
-      - macos
-      executor:
-        name: bash
-        command: 'if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss
-          -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true;
-          fi
-
-          '
    - name: System Network Connections Discovery FreeBSD, Linux & MacOS
      auto_generated_guid: 9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2
      description: |
@@ -58252,19 +58194,6 @@ discovery:
          netstat
          who -a
        name: sh
-    - name: System Network Connections Discovery via sockstat (Linux, FreeBSD)
-      auto_generated_guid: 997bb0a6-421e-40c7-b5d2-0f493904ef9b
-      description: 'Enumerate IPv4/IPv6 network endpoints on FreeBSD using sockstat.
-
-        '
-      supported_platforms:
-      - linux
-      executor:
-        name: sh
-        command: |
-          sockstat -4
-          sockstat -6 2>/dev/null || true
-          sockstat -l 2>/dev/null || true
  T1497:
    technique:
      type: attack-pattern
@@ -51341,34 +51341,7 @@ discovery:
      - Windows
      x_mitre_version: '1.0'
      identifier: T1652
-    atomic_tests:
-    - name: List loaded kernel extensions (macOS)
-      auto_generated_guid: 71eab73d-5d7d-4681-9a72-7873489a5b85
-      description: 'Displays a list of loaded kernel extensions (kexts) on a macOS
-        system.
-
-        '
-      supported_platforms:
-      - macos
-      executor:
-        command: 'kextstat
-
-          '
-        name: bash
-        elevation_required: false
-    - name: Find Kernel Extensions (macOS)
-      auto_generated_guid: c63bbe52-6f17-4832-b221-f07ba8b1736f
-      description: 'Searches for kernel extension (kext) files on a macOS system.
-
-        '
-      supported_platforms:
-      - macos
-      executor:
-        command: 'kextfind
-
-          '
-        name: bash
-        elevation_required: false
+    atomic_tests: []
  T1087.002:
    technique:
      type: attack-pattern
@@ -51815,17 +51788,7 @@ discovery:
      - Windows
      x_mitre_version: '1.6'
      identifier: T1007
-    atomic_tests:
-    - name: System Service Discovery - macOS launchctl
-      auto_generated_guid: 9b378962-a75e-4856-b117-2503d6dcebba
-      description: |
-        Enumerates services on macOS using launchctl. Used by adversaries for
-        identifying daemons, background services, and persistence mechanisms.
-      supported_platforms:
-      - macos
-      executor:
-        name: sh
-        command: launchctl list
+    atomic_tests: []
  T1040:
    technique:
      type: attack-pattern
@@ -53371,21 +53334,6 @@ discovery:
      x_mitre_version: '2.5'
      identifier: T1049
    atomic_tests:
-    - name: System Network Connections Discovery via ss or lsof (Linux/MacOS)
-      auto_generated_guid: bcf05343-ef1d-4052-8a27-b00c9be42b9f
-      description: |
-        List active TCP/UDP network connections using ss, with lsof as a fallback
-        when ss is unavailable. Serves as an alternative to the netstat-based test.
-      supported_platforms:
-      - linux
-      - macos
-      executor:
-        name: bash
-        command: 'if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss
-          -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true;
-          fi
-
-          '
    - name: System Network Connections Discovery FreeBSD, Linux & MacOS
      auto_generated_guid: 9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2
      description: |
@@ -82761,7 +82761,7 @@ discovery:
      - windows
      executor:
        command: |
-          tasklist.exe /svc
+          tasklist.exe
          sc query
          sc query state= all
        name: command_prompt
@@ -82796,37 +82796,6 @@ discovery:
      executor:
        name: command_prompt
        command: powershell.exe Get-Service
-    - name: System Service Discovery - Windows Scheduled Tasks (schtasks)
-      auto_generated_guid: 7cd7eaa3-9ccc-460d-96d2-c6fb13e6d58a
-      description: 'Enumerates scheduled tasks on Windows using schtasks.exe.
-
-        '
-      supported_platforms:
-      - windows
-      executor:
-        name: command_prompt
-        command: schtasks /query /fo LIST /v
-    - name: System Service Discovery - Services Registry Enumeration
-      auto_generated_guid: d70d82bd-bb00-4837-b146-b40d025551b2
-      description: |
-        Enumerates Windows services by reading the Services registry key
-        (HKLM\SYSTEM\CurrentControlSet\Services) instead of using Service Control
-        Manager APIs or CLI tools such as sc.exe or Get-Service.
-      supported_platforms:
-      - windows
-      executor:
-        name: powershell
-        command: |
-          Get-ChildItem -Path 'HKLM:\SYSTEM\CurrentControlSet\Services' |
-            ForEach-Object {
-              $p = Get-ItemProperty -Path $_.PSPath -ErrorAction SilentlyContinue
-              [PSCustomObject]@{
-                Name        = $_.PSChildName
-                DisplayName = $p.DisplayName
-                ImagePath   = $p.ImagePath
-                StartType   = $p.Start
-              }
-            }
  T1040:
    technique:
      type: attack-pattern
@@ -85425,20 +85394,20 @@ discovery:
      description: |
        Get a listing of network connections.

-        Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. `net sessions` requires
-        elevated privileges; on standard user accounts this command may not return results. Results will output via stdout.
+        Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. Results will output via stdout.
      supported_platforms:
      - windows
      executor:
        command: |
-          netstat -ano
+          netstat
          net use
-          net sessions 2>nul
+          net sessions
        name: command_prompt
    - name: System Network Connections Discovery with PowerShell
      auto_generated_guid: f069f0f1-baad-4831-aa2b-eddac4baac4a
      description: |
        Get a listing of network connections.
+
        Upon successful execution, powershell.exe will execute `get-NetTCPConnection`. Results will output via stdout.
      supported_platforms:
      - windows
@@ -85447,27 +85416,6 @@ discovery:

          '
        name: powershell
-    - name: System Network Connections Discovery via PowerShell (Process Mapping)
-      auto_generated_guid: b52c8233-8f71-4bd7-9928-49fec8215cf5
-      description: 'Enumerate TCP connections and map to owning process names via
-        PowerShell.
-
-        '
-      supported_platforms:
-      - windows
-      executor:
-        name: powershell
-        command: |
-          Get-NetTCPConnection | ForEach-Object {
-            $p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
-            [pscustomobject]@{
-              Local   = "$($_.LocalAddress):$($_.LocalPort)"
-              Remote  = "$($_.RemoteAddress):$($_.RemotePort)"
-              State   = $_.State
-              PID     = $_.OwningProcess
-              Process = if ($p) { $p.ProcessName } else { $null }
-            }
-          } | Sort-Object State,Process | Format-Table -AutoSize
    - name: System Discovery using SharpView
      auto_generated_guid: 96f974bb-a0da-4d87-a744-ff33e73367e9
      description: "Get a listing of network connections, domains, domain users, and
@@ -18,14 +18,6 @@ Adversaries may use the information from [System Service Discovery](https://atta

 - [Atomic Test #4 - Get-Service Execution](#atomic-test-4---get-service-execution)

- [Atomic Test #5 - System Service Discovery - macOS launchctl](#atomic-test-5---system-service-discovery---macos-launchctl)
-
- [Atomic Test #6 - System Service Discovery - Windows Scheduled Tasks (schtasks)](#atomic-test-6---system-service-discovery---windows-scheduled-tasks-schtasks)
-
- [Atomic Test #7 - System Service Discovery - Services Registry Enumeration](#atomic-test-7---system-service-discovery---services-registry-enumeration)
-
- [Atomic Test #8 - System Service Discovery - Linux init scripts](#atomic-test-8---system-service-discovery---linux-init-scripts)
-

 <br/>

@@ -48,7 +40,7 @@ Upon successful execution, cmd.exe will execute service commands with expected r


 ```cmd
-tasklist.exe /svc
+tasklist.exe
 sc query
 sc query state= all
 ```
@@ -153,133 +145,4 @@ powershell.exe Get-Service



-<br/>
-<br/>
-
-## Atomic Test #5 - System Service Discovery - macOS launchctl
-Enumerates services on macOS using launchctl. Used by adversaries for
-identifying daemons, background services, and persistence mechanisms.
-
-**Supported Platforms:** macOS
-
-
-**auto_generated_guid:** 9b378962-a75e-4856-b117-2503d6dcebba
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-launchctl list
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #6 - System Service Discovery - Windows Scheduled Tasks (schtasks)
-Enumerates scheduled tasks on Windows using schtasks.exe.
-
-**Supported Platforms:** Windows
-
-
-**auto_generated_guid:** 7cd7eaa3-9ccc-460d-96d2-c6fb13e6d58a
-
-
-
-
-
-
-#### Attack Commands: Run with `command_prompt`! 
-
-
-```cmd
-schtasks /query /fo LIST /v
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #7 - System Service Discovery - Services Registry Enumeration
-Enumerates Windows services by reading the Services registry key
-(HKLM\SYSTEM\CurrentControlSet\Services) instead of using Service Control
-Manager APIs or CLI tools such as sc.exe or Get-Service.
-
-**Supported Platforms:** Windows
-
-
-**auto_generated_guid:** d70d82bd-bb00-4837-b146-b40d025551b2
-
-
-
-
-
-
-#### Attack Commands: Run with `powershell`! 
-
-
-```powershell
-Get-ChildItem -Path 'HKLM:\SYSTEM\CurrentControlSet\Services' |
-  ForEach-Object {
-    $p = Get-ItemProperty -Path $_.PSPath -ErrorAction SilentlyContinue
-    [PSCustomObject]@{
-      Name        = $_.PSChildName
-      DisplayName = $p.DisplayName
-      ImagePath   = $p.ImagePath
-      StartType   = $p.Start
-    }
-  }
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #8 - System Service Discovery - Linux init scripts
-Enumerates system services by listing SysV init scripts and runlevel
-symlinks under /etc/init.d and /etc/rc*.d.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 8f2a5d2b-4018-46d4-8f3f-0fea53754690
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-echo "[*] Listing SysV init scripts (/etc/init.d):"
-if [ -d /etc/init.d ]; then ls -l /etc/init.d; else echo "/etc/init.d not present on this system"; fi
-echo
-echo "[*] Listing runlevel directories (/etc/rc*.d):"
-ls -ld /etc/rc*.d 2>/dev/null || echo "No /etc/rc*.d directories found"
-```
-
-
-
-
-
-
 <br/>
@@ -11,7 +11,7 @@ atomic_tests:
  - windows
  executor:
    command: |
-      tasklist.exe /svc
+      tasklist.exe
      sc query
      sc query state= all
    name: command_prompt
@@ -53,60 +53,3 @@ atomic_tests:
  executor:
    name: command_prompt
    command: powershell.exe Get-Service
- name: System Service Discovery - macOS launchctl
-  auto_generated_guid: 9b378962-a75e-4856-b117-2503d6dcebba
-  description: |
-    Enumerates services on macOS using launchctl. Used by adversaries for
-    identifying daemons, background services, and persistence mechanisms.
-  supported_platforms:
-    - macos
-  executor:
-    name: sh
-    command: launchctl list
- name: System Service Discovery - Windows Scheduled Tasks (schtasks)
-  auto_generated_guid: 7cd7eaa3-9ccc-460d-96d2-c6fb13e6d58a
-  description: |
-    Enumerates scheduled tasks on Windows using schtasks.exe.
-  supported_platforms:
-  - windows
-  executor:
-    name: command_prompt
-    command: schtasks /query /fo LIST /v
-
- name: System Service Discovery - Services Registry Enumeration
-  auto_generated_guid: d70d82bd-bb00-4837-b146-b40d025551b2
-  description: |
-    Enumerates Windows services by reading the Services registry key
-    (HKLM\SYSTEM\CurrentControlSet\Services) instead of using Service Control
-    Manager APIs or CLI tools such as sc.exe or Get-Service.
-  supported_platforms:
-  - windows
-  executor:
-    name: powershell
-    command: |
-      Get-ChildItem -Path 'HKLM:\SYSTEM\CurrentControlSet\Services' |
-        ForEach-Object {
-          $p = Get-ItemProperty -Path $_.PSPath -ErrorAction SilentlyContinue
-          [PSCustomObject]@{
-            Name        = $_.PSChildName
-            DisplayName = $p.DisplayName
-            ImagePath   = $p.ImagePath
-            StartType   = $p.Start
-          }
-        }
-
- name: System Service Discovery - Linux init scripts
-  auto_generated_guid: 8f2a5d2b-4018-46d4-8f3f-0fea53754690
-  description: |
-    Enumerates system services by listing SysV init scripts and runlevel
-    symlinks under /etc/init.d and /etc/rc*.d.
-  supported_platforms:
-  - linux
-  executor:
-    name: sh
-    command: |
-      echo "[*] Listing SysV init scripts (/etc/init.d):"
-      if [ -d /etc/init.d ]; then ls -l /etc/init.d; else echo "/etc/init.d not present on this system"; fi
-      echo
-      echo "[*] Listing runlevel directories (/etc/rc*.d):"
-      ls -ld /etc/rc*.d 2>/dev/null || echo "No /etc/rc*.d directories found"
@@ -193,11 +193,10 @@ atomic_tests:
      fsutil file createnew C:\Users\Public\Downloads\exfil.zip 20485760
  - description: 'Check if rclone zip exists'
    prereq_command: |
-      if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\rclone-current-windows-amd64.zip) {exit 0} else {exit 1}
+      if (Test-Path C:\Users\Public\Downloads\rclone-current-windows-amd64.zip) {exit 0} else {exit 1}
    get_prereq_command: |
-      New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
-      Invoke-WebRequest -Uri "https://downloads.rclone.org/rclone-current-windows-amd64.zip" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\rclone-current-windows-amd64.zip"
-      Expand-Archive PathToAtomicsFolder\..\ExternalPayloads\rclone-current-windows-amd64.zip -DestinationPath PathToAtomicsFolder\..\ExternalPayloads\
+      Invoke-WebRequest -Uri "https://downloads.rclone.org/rclone-current-windows-amd64.zip" -OutFile "C:\Users\Public\Downloads\rclone-current-windows-amd64.zip"
+      Expand-Archive C:\Users\Public\Downloads\rclone-current-windows-amd64.zip -DestinationPath C:\Users\Public\Downloads\
  executor:
    command: |-
      $rclone_bin = Get-ChildItem C:\Users\Public\Downloads\ -Recurse -Include "rclone.exe" | Select-Object -ExpandProperty FullName
@@ -16,15 +16,9 @@ Utilities and commands that acquire this information include [netstat](https://a

 - [Atomic Test #2 - System Network Connections Discovery with PowerShell](#atomic-test-2---system-network-connections-discovery-with-powershell)

- [Atomic Test #3 - System Network Connections Discovery via PowerShell (Process Mapping)](#atomic-test-3---system-network-connections-discovery-via-powershell-process-mapping)
+- [Atomic Test #3 - System Network Connections Discovery FreeBSD, Linux & MacOS](#atomic-test-3---system-network-connections-discovery-freebsd-linux--macos)

- [Atomic Test #4 - System Network Connections Discovery via ss or lsof (Linux/MacOS)](#atomic-test-4---system-network-connections-discovery-via-ss-or-lsof-linuxmacos)
-
- [Atomic Test #5 - System Network Connections Discovery FreeBSD, Linux & MacOS](#atomic-test-5---system-network-connections-discovery-freebsd-linux--macos)
-
- [Atomic Test #6 - System Network Connections Discovery via sockstat (Linux, FreeBSD)](#atomic-test-6---system-network-connections-discovery-via-sockstat-linux-freebsd)
-
- [Atomic Test #7 - System Discovery using SharpView](#atomic-test-7---system-discovery-using-sharpview)
+- [Atomic Test #4 - System Discovery using SharpView](#atomic-test-4---system-discovery-using-sharpview)


 <br/>
@@ -32,8 +26,7 @@ Utilities and commands that acquire this information include [netstat](https://a
 ## Atomic Test #1 - System Network Connections Discovery
 Get a listing of network connections.

-Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. `net sessions` requires
-elevated privileges; on standard user accounts this command may not return results. Results will output via stdout.
+Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. Results will output via stdout.

 **Supported Platforms:** Windows

@@ -49,9 +42,9 @@ elevated privileges; on standard user accounts this command may not return resul


 ```cmd
-netstat -ano
+netstat
 net use
-net sessions 2>nul
+net sessions
 ```


@@ -64,6 +57,7 @@ net sessions 2>nul

 ## Atomic Test #2 - System Network Connections Discovery with PowerShell
 Get a listing of network connections.
+
 Upon successful execution, powershell.exe will execute `get-NetTCPConnection`. Results will output via stdout.

 **Supported Platforms:** Windows
@@ -91,73 +85,7 @@ Get-NetTCPConnection
 <br/>
 <br/>

-## Atomic Test #3 - System Network Connections Discovery via PowerShell (Process Mapping)
-Enumerate TCP connections and map to owning process names via PowerShell.
-
-**Supported Platforms:** Windows
-
-
-**auto_generated_guid:** b52c8233-8f71-4bd7-9928-49fec8215cf5
-
-
-
-
-
-
-#### Attack Commands: Run with `powershell`! 
-
-
-```powershell
-Get-NetTCPConnection | ForEach-Object {
-  $p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
-  [pscustomobject]@{
-    Local   = "$($_.LocalAddress):$($_.LocalPort)"
-    Remote  = "$($_.RemoteAddress):$($_.RemotePort)"
-    State   = $_.State
-    PID     = $_.OwningProcess
-    Process = if ($p) { $p.ProcessName } else { $null }
-  }
-} | Sort-Object State,Process | Format-Table -AutoSize
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #4 - System Network Connections Discovery via ss or lsof (Linux/MacOS)
-List active TCP/UDP network connections using ss, with lsof as a fallback
-when ss is unavailable. Serves as an alternative to the netstat-based test.
-
-**Supported Platforms:** Linux, macOS
-
-
-**auto_generated_guid:** bcf05343-ef1d-4052-8a27-b00c9be42b9f
-
-
-
-
-
-
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true; fi
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #5 - System Network Connections Discovery FreeBSD, Linux & MacOS
+## Atomic Test #3 - System Network Connections Discovery FreeBSD, Linux & MacOS
 Get a listing of network connections.

 Upon successful execution, sh will execute `netstat` and `who -a`. Results will output via stdout.
@@ -200,37 +128,7 @@ echo "Install netstat on the machine."; exit 1;
 <br/>
 <br/>

-## Atomic Test #6 - System Network Connections Discovery via sockstat (Linux, FreeBSD)
-Enumerate IPv4/IPv6 network endpoints on FreeBSD using sockstat.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 997bb0a6-421e-40c7-b5d2-0f493904ef9b
-
-
-
-
-
-
-#### Attack Commands: Run with `sh`! 
-
-
-```sh
-sockstat -4
-sockstat -6 2>/dev/null || true
-sockstat -l 2>/dev/null || true
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #7 - System Discovery using SharpView
+## Atomic Test #4 - System Discovery using SharpView
 Get a listing of network connections, domains, domain users, and etc.  
 sharpview.exe located in the bin folder, an opensource red-team tool.
 Upon successful execution, cmd.exe will execute sharpview.exe <method>. Results will output via stdout.
@@ -5,21 +5,21 @@ atomic_tests:
  auto_generated_guid: 0940a971-809a-48f1-9c4d-b1d785e96ee5
  description: |
    Get a listing of network connections.
-    
-    Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. `net sessions` requires
-    elevated privileges; on standard user accounts this command may not return results. Results will output via stdout.
+
+    Upon successful execution, cmd.exe will execute `netstat`, `net use` and `net sessions`. Results will output via stdout.
  supported_platforms:
  - windows
  executor:
    command: |
-      netstat -ano
+      netstat
      net use
-      net sessions 2>nul
+      net sessions
    name: command_prompt
 - name: System Network Connections Discovery with PowerShell
  auto_generated_guid: f069f0f1-baad-4831-aa2b-eddac4baac4a
  description: |
    Get a listing of network connections.
+
    Upon successful execution, powershell.exe will execute `get-NetTCPConnection`. Results will output via stdout.
  supported_platforms:
  - windows
@@ -27,40 +27,6 @@ atomic_tests:
    command: |
      Get-NetTCPConnection
    name: powershell
-
- name: System Network Connections Discovery via PowerShell (Process Mapping)
-  auto_generated_guid: b52c8233-8f71-4bd7-9928-49fec8215cf5
-  description: |
-    Enumerate TCP connections and map to owning process names via PowerShell.
-  supported_platforms: 
-  - windows
-  executor:
-    name: powershell
-    command: |
-      Get-NetTCPConnection | ForEach-Object {
-        $p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
-        [pscustomobject]@{
-          Local   = "$($_.LocalAddress):$($_.LocalPort)"
-          Remote  = "$($_.RemoteAddress):$($_.RemotePort)"
-          State   = $_.State
-          PID     = $_.OwningProcess
-          Process = if ($p) { $p.ProcessName } else { $null }
-        }
-      } | Sort-Object State,Process | Format-Table -AutoSize
-      
- name: System Network Connections Discovery via ss or lsof (Linux/MacOS)
-  auto_generated_guid: bcf05343-ef1d-4052-8a27-b00c9be42b9f
-  description: |
-    List active TCP/UDP network connections using ss, with lsof as a fallback
-    when ss is unavailable. Serves as an alternative to the netstat-based test.
-  supported_platforms: 
-  - linux
-  - macos
-  executor:
-    name: bash
-    command: |
-      if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true; fi
-      
 - name: System Network Connections Discovery FreeBSD, Linux & MacOS
  auto_generated_guid: 9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2
  description: |
@@ -83,19 +49,6 @@ atomic_tests:
      netstat
      who -a
    name: sh
-    
- name: System Network Connections Discovery via sockstat (Linux, FreeBSD)
-  auto_generated_guid: 997bb0a6-421e-40c7-b5d2-0f493904ef9b
-  description: |
-    Enumerate IPv4/IPv6 network endpoints on FreeBSD using sockstat.
-  supported_platforms:
-  - linux
-  executor:
-    name: sh
-    command: |
-      sockstat -4
-      sockstat -6 2>/dev/null || true
-      sockstat -l 2>/dev/null || true

 - name: System Discovery using SharpView
  auto_generated_guid: 96f974bb-a0da-4d87-a744-ff33e73367e9
@@ -4,7 +4,7 @@

 Adversaries may abuse systemd timers to perform task scheduling for initial or recurring execution of malicious code. Systemd timers are unit files with file extension <code>.timer</code> that control services. Timers can be set to run on a calendar event or after a time span relative to a starting point. They can be used as an alternative to [Cron](https://attack.mitre.org/techniques/T1053/003) in Linux environments.(Citation: archlinux Systemd Timers Aug 2020) Systemd timers may be activated remotely via the <code>systemctl</code> command line utility, which operates over [SSH](https://attack.mitre.org/techniques/T1021/004).(Citation: Systemd Remote Control)

-Each <code>.timer</code> file must have a corresponding <code>.service</code> file with the same name, e.g., <code>example.timer</code> and <code>example.service</code>. <code>.service</code> files are [Systemd Service](https://attack.mitre.org/techniques/T1543/002) unit files that are managed by the systemd system and service manager.(Citation: Linux man-pages: systemd January 2014) Privileged timers are written to <code>/etc/systemd/system/</code> and <code>/usr/lib/systemd/system</code> while user level are written to <code>\~/.config/systemd/user/</code>.
+Each <code>.timer</code> file must have a corresponding <code>.service</code> file with the same name, e.g., <code>example.timer</code> and <code>example.service</code>. <code>.service</code> files are [Systemd Service](https://attack.mitre.org/techniques/T1543/002) unit files that are managed by the systemd system and service manager.(Citation: Linux man-pages: systemd January 2014) Privileged timers are written to <code>/etc/systemd/system/</code> and <code>/usr/lib/systemd/system</code> while user level are written to <code>~/.config/systemd/user/</code>.

 An adversary may use systemd timers to execute malicious code at system startup or on a scheduled basis for persistence.(Citation: Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018)(Citation: gist Arch package compromise 10JUL2018)(Citation: acroread package compromised Arch Linux Mail 8JUL2018) Timers installed using privileged paths may be used to maintain root level persistence. Adversaries may also install user level timers to achieve user level persistence.(Citation: Falcon Sandbox smp: 28553b3a9d)

@@ -103,10 +103,10 @@ atomic_tests:
      if (Test-Path "c:\Program Files\Process Hacker 2\#{processhacker_exe}") {exit 0} else {exit 1}
    get_prereq_command: |-
      Write-Host Downloading Process Hacker
-      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
-      Invoke-WebRequest "https://versaweb.dl.sourceforge.net/project/processhacker/processhacker2/processhacker-2.39-setup.exe" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\processhacker-2.39-setup.exe"
+      New-Item -Type Directory "C:\Temp\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+      Invoke-WebRequest "https://versaweb.dl.sourceforge.net/project/processhacker/processhacker2/processhacker-2.39-setup.exe" -OutFile "C:\Temp\ExternalPayloads\processhacker-2.39-setup.exe"
      Write-Host Installing Process Hacker
-      Start-Process "PathToAtomicsFolder\..\ExternalPayloads\processhacker-2.39-setup.exe" -Wait -ArgumentList "/s"
+      Start-Process "c:\Temp\ExternalPayloads\processhacker-2.39-setup.exe" -Wait -ArgumentList "/s"
  executor:
    command: Start-Process -FilePath "$Env:ProgramFiles\Process Hacker 2\#{processhacker_exe}"
    name: powershell
@@ -125,15 +125,15 @@ atomic_tests:
  dependencies:
  - description: PCHunter must be present in device
    prereq_command: |
-      if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free\#{pchunter64_exe}) {exit 0} else {exit 1}
+      if (Get-ChildItem -Path C:\ -Include *PCHunter64* -File -Recurse -ErrorAction SilentlyContinue) {exit 0} else {exit 1}
    get_prereq_command: |-
      Write-Host Downloading PC Hunter
-      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
-      Invoke-WebRequest "https://www.snapfiles.com/directdl/PCHunter_free.zip" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free.zip"
-      Expand-Archive -LiteralPath 'PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free.zip' -DestinationPath PathToAtomicsFolder\..\ExternalPayloads
+      New-Item -Type Directory "C:\Temp\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+      Invoke-WebRequest "https://www.snapfiles.com/directdl/PCHunter_free.zip" -OutFile "C:\Temp\ExternalPayloads\PCHunter_free.zip"
+      Expand-Archive -LiteralPath 'C:\Temp\ExternalPayloads\PCHunter_free.zip' -DestinationPath C:\Temp\ExternalPayloads
      Write-Host Unzipping Installing Process Hunter
  executor:
-    command: Start-Process -FilePath "PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free\#{pchunter64_exe}"
+    command: Start-Process -FilePath "C:\Temp\ExternalPayloads\PCHunter_free\#{pchunter64_exe}"
    name: powershell
    elevation_required: true
 - name: Launch Taskmgr from cmd to View running processes  
@@ -52,7 +52,7 @@ atomic_tests:
    autosuid:
      description: Path to the autosuid shell script
      type: path
-      default: PathToAtomicsFolder/../ExternalPayloads/AutoSUID.sh
+      default: PathToAtomicsFolder/T1059.004/src/AutoSUID.sh
    autosuid_url:
      description: Path to download autosuid shell script
      type: url
@@ -82,7 +82,7 @@ atomic_tests:
    linenum:
      description: Path to the LinEnum shell script
      type: path
-      default: PathToAtomicsFolder/../ExternalPayloads/LinEnum.sh
+      default: PathToAtomicsFolder/T1059.004/src/LinEnum.sh
    linenum_url:
      description: Path to download LinEnum shell script
      type: url
@@ -4,7 +4,7 @@

 In addition to clearing system logs, an adversary may clear the command history of a compromised account to conceal the actions undertaken during an intrusion. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they've done.

-On Linux and macOS, these command histories can be accessed in a few different ways. While logged in, this command history is tracked in a file pointed to by the environment variable <code>HISTFILE</code>. When a user logs off a system, this information is flushed to a file in the user's home directory called <code>\~/.bash_history</code>. The benefit of this is that it allows users to go back to commands they've used before in different sessions. Adversaries may delete their commands from these logs by manually clearing the history (<code>history -c</code>) or deleting the bash history file <code>rm \~/.bash_history</code>.  
+On Linux and macOS, these command histories can be accessed in a few different ways. While logged in, this command history is tracked in a file pointed to by the environment variable <code>HISTFILE</code>. When a user logs off a system, this information is flushed to a file in the user's home directory called <code>~/.bash_history</code>. The benefit of this is that it allows users to go back to commands they've used before in different sessions. Adversaries may delete their commands from these logs by manually clearing the history (<code>history -c</code>) or deleting the bash history file <code>rm ~/.bash_history</code>.  

 Adversaries may also leverage a [Network Device CLI](https://attack.mitre.org/techniques/T1059/008) on network devices to clear command history data (<code>clear logging</code> and/or <code>clear history</code>).(Citation: US-CERT-TA18-106A) On ESXi servers, command history may be manually removed from the `/var/log/shell.log` file.(Citation: Broadcom ESXi Shell Audit)

@@ -3,7 +3,7 @@ display_name: 'Brute Force: Password Spraying'
 atomic_tests:
 - name: Password Spray all Domain Users
  auto_generated_guid: 90bc2e54-6c84-47a5-9439-0a2a92b4b175
-  description:
+  description: |
    CAUTION! Be very careful to not exceed the password lockout threshold for users in the domain by running this test too frequently.

    This atomic attempts to map the IPC$ share on one of the Domain Controllers using a password of Spring2020 for each user in the %temp%\users.txt list.
@@ -8,16 +8,15 @@ atomic_tests:
  - windows
  executor:
    command: |-
-      New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
-      IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.003/src/qbot-test.iso" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso")
-      Mount-DiskImage -ImagePath "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso"
-      $mountedpath = (Get-DiskImage -ImagePath "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso" | Get-Volume).DriveLetter
+      IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.003/src/qbot-test.iso" -OutFile "$env:TEMP\qbot-test.iso")
+      Mount-DiskImage -ImagePath "$env:TEMP\qbot-test.iso"
+      $mountedpath = (Get-DiskImage -ImagePath "$env:TEMP\qbot-test.iso" | Get-Volume).DriveLetter
      $finalpath = $mountedpath + ":\"
      cd $finalpath
      .\calc.exe.lnk
    cleanup_command: |-
      start-sleep -s 5
      stop-process -Name "Calculatorapp" -Force 
-      dismount-diskimage -ImagePath "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso"
+      dismount-diskimage -ImagePath "$env:TEMP\qbot-test.iso"
    name: powershell
    elevation_required: true
@@ -333,10 +333,10 @@ atomic_tests:
      if (Test-Path "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\#{srserver_exe}") {exit 0} else {exit 1}
    get_prereq_command: |-
      Write-Host Downloading Splashtop Streamer
-      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
-      Invoke-WebRequest "https://download.splashtop.com/win/Splashtop_Streamer_Win_INSTALLER_v3.6.4.1.exe" -OutFile  "PathToAtomicsFolder\..\ExternalPayloads\Splashtop.exe"
+      New-Item -Type Directory "C:\Temp\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+      Invoke-WebRequest "https://download.splashtop.com/win/Splashtop_Streamer_Win_INSTALLER_v3.6.4.1.exe" -OutFile  "C:\Temp\ExternalPayloads\Splashtop.exe"
      Write-Host Installing Splashtop Streamer
-      Start-Process "PathToAtomicsFolder\..\ExternalPayloads\Splashtop.exe" -Wait -ArgumentList "/s"
+      Start-Process "c:\Temp\ExternalPayloads\Splashtop.exe" -Wait -ArgumentList "/s"
  executor:
    command: |-
      Start-Process -FilePath "C:Program Files (x86)\Splashtop\Splashtop Remote\Server\#{srserver_exe}"
@@ -158,9 +158,9 @@ atomic_tests:
      prereq_command: |
        if (Test-Path "Test-Path C:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe") {exit 0} else {exit 1}
      get_prereq_command: |-
-        New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
-        Invoke-WebRequest #{SubInAclDownloadPath} -OutFile PathToAtomicsFolder\..\ExternalPayloads\SubInAcl.msi
-        msiexec.exe /i "PathToAtomicsFolder\..\ExternalPayloads\SubInAcl.msi" /qn
+        New-Item -Path C:\Users\Public\SubInAcl -ItemType Directory | Out-Null
+        Invoke-WebRequest #{SubInAclDownloadPath} -OutFile C:\Users\Public\SubInAcl\SubInAcl.msi
+        msiexec.exe /i "C:\Users\Public\SubInAcl\SubInAcl.msi" /qn
  executor:
    command: '"C:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe"'
    name: command_prompt
@@ -2,7 +2,7 @@
 ## [Description from ATT&CK](https://attack.mitre.org/techniques/T1543/001)
 <blockquote>

-Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence. When a user logs in, a per-user launchd process is started which loads the parameters for each launch-on-demand user agent from the property list (.plist) file found in <code>/System/Library/LaunchAgents</code>, <code>/Library/LaunchAgents</code>, and <code>\~/Library/LaunchAgents</code>.(Citation: AppleDocs Launch Agent Daemons)(Citation: OSX Keydnap malware) (Citation: Antiquated Mac Malware) Property list files use the <code>Label</code>, <code>ProgramArguments </code>, and <code>RunAtLoad</code> keys to identify the Launch Agent's name, executable location, and execution time.(Citation: OSX.Dok Malware) Launch Agents are often installed to perform updates to programs, launch user specified programs at login, or to conduct other developer tasks.
+Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence. When a user logs in, a per-user launchd process is started which loads the parameters for each launch-on-demand user agent from the property list (.plist) file found in <code>/System/Library/LaunchAgents</code>, <code>/Library/LaunchAgents</code>, and <code>~/Library/LaunchAgents</code>.(Citation: AppleDocs Launch Agent Daemons)(Citation: OSX Keydnap malware) (Citation: Antiquated Mac Malware) Property list files use the <code>Label</code>, <code>ProgramArguments </code>, and <code>RunAtLoad</code> keys to identify the Launch Agent's name, executable location, and execution time.(Citation: OSX.Dok Malware) Launch Agents are often installed to perform updates to programs, launch user specified programs at login, or to conduct other developer tasks.

 Launch Agents can also be executed using the [Launchctl](https://attack.mitre.org/techniques/T1569/001) command.
 
@@ -2,11 +2,11 @@
 ## [Description from ATT&CK](https://attack.mitre.org/techniques/T1546/004)
 <blockquote>

-Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User [Unix Shell](https://attack.mitre.org/techniques/T1059/004)s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system (<code>/etc</code>) and the user’s home directory (<code>\~/</code>) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately. 
+Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User [Unix Shell](https://attack.mitre.org/techniques/T1059/004)s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system (<code>/etc</code>) and the user’s home directory (<code>~/</code>) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately. 

-Adversaries may attempt to establish persistence by inserting commands into scripts automatically executed by shells. Using bash as an example, the default shell for most GNU/Linux systems, adversaries may add commands that launch malicious binaries into the <code>/etc/profile</code> and <code>/etc/profile.d</code> files.(Citation: intezer-kaiji-malware)(Citation: bencane blog bashrc) These files typically require root permissions to modify and are executed each time any shell on a system launches. For user level permissions, adversaries can insert malicious commands into <code>\~/.bash_profile</code>, <code>\~/.bash_login</code>, or <code>\~/.profile</code> which are sourced when a user opens a command-line interface or connects remotely.(Citation: anomali-rocke-tactics)(Citation: Linux manual bash invocation) Since the system only executes the first existing file in the listed order, adversaries have used <code>\~/.bash_profile</code> to ensure execution. Adversaries have also leveraged the <code>\~/.bashrc</code> file which is additionally executed if the connection is established remotely or an additional interactive shell is opened, such as a new tab in the command-line interface.(Citation: Tsunami)(Citation: anomali-rocke-tactics)(Citation: anomali-linux-rabbit)(Citation: Magento) Some malware targets the termination of a program to trigger execution, adversaries can use the <code>\~/.bash_logout</code> file to execute malicious commands at the end of a session. 
+Adversaries may attempt to establish persistence by inserting commands into scripts automatically executed by shells. Using bash as an example, the default shell for most GNU/Linux systems, adversaries may add commands that launch malicious binaries into the <code>/etc/profile</code> and <code>/etc/profile.d</code> files.(Citation: intezer-kaiji-malware)(Citation: bencane blog bashrc) These files typically require root permissions to modify and are executed each time any shell on a system launches. For user level permissions, adversaries can insert malicious commands into <code>~/.bash_profile</code>, <code>~/.bash_login</code>, or <code>~/.profile</code> which are sourced when a user opens a command-line interface or connects remotely.(Citation: anomali-rocke-tactics)(Citation: Linux manual bash invocation) Since the system only executes the first existing file in the listed order, adversaries have used <code>~/.bash_profile</code> to ensure execution. Adversaries have also leveraged the <code>~/.bashrc</code> file which is additionally executed if the connection is established remotely or an additional interactive shell is opened, such as a new tab in the command-line interface.(Citation: Tsunami)(Citation: anomali-rocke-tactics)(Citation: anomali-linux-rabbit)(Citation: Magento) Some malware targets the termination of a program to trigger execution, adversaries can use the <code>~/.bash_logout</code> file to execute malicious commands at the end of a session. 

-For macOS, the functionality of this technique is similar but may leverage zsh, the default shell for macOS 10.15+. When the Terminal.app is opened, the application launches a zsh login shell and a zsh interactive shell. The login shell configures the system environment using <code>/etc/profile</code>, <code>/etc/zshenv</code>, <code>/etc/zprofile</code>, and <code>/etc/zlogin</code>.(Citation: ScriptingOSX zsh)(Citation: PersistentJXA_leopitt)(Citation: code_persistence_zsh)(Citation: macOS MS office sandbox escape) The login shell then configures the user environment with <code>\~/.zprofile</code> and <code>\~/.zlogin</code>. The interactive shell uses the <code>\~/.zshrc</code> to configure the user environment. Upon exiting, <code>/etc/zlogout</code> and <code>\~/.zlogout</code> are executed. For legacy programs, macOS executes <code>/etc/bashrc</code> on startup.
+For macOS, the functionality of this technique is similar but may leverage zsh, the default shell for macOS 10.15+. When the Terminal.app is opened, the application launches a zsh login shell and a zsh interactive shell. The login shell configures the system environment using <code>/etc/profile</code>, <code>/etc/zshenv</code>, <code>/etc/zprofile</code>, and <code>/etc/zlogin</code>.(Citation: ScriptingOSX zsh)(Citation: PersistentJXA_leopitt)(Citation: code_persistence_zsh)(Citation: macOS MS office sandbox escape) The login shell then configures the user environment with <code>~/.zprofile</code> and <code>~/.zlogin</code>. The interactive shell uses the <code>~/.zshrc</code> to configure the user environment. Upon exiting, <code>/etc/zlogout</code> and <code>~/.zlogout</code> are executed. For legacy programs, macOS executes <code>/etc/bashrc</code> on startup.

 </blockquote>

@@ -2,7 +2,7 @@
 ## [Description from ATT&CK](https://attack.mitre.org/techniques/T1547/007)
 <blockquote>

-Adversaries may modify plist files to automatically run an application when a user logs in. When a user logs out or restarts via the macOS Graphical User Interface (GUI), a prompt is provided to the user with a checkbox to "Reopen windows when logging back in".(Citation: Re-Open windows on Mac) When selected, all applications currently open are added to a property list file named <code>com.apple.loginwindow.[UUID].plist</code> within the <code>\~/Library/Preferences/ByHost</code> directory.(Citation: Methods of Mac Malware Persistence)(Citation: Wardle Persistence Chapter) Applications listed in this file are automatically reopened upon the user’s next logon.
+Adversaries may modify plist files to automatically run an application when a user logs in. When a user logs out or restarts via the macOS Graphical User Interface (GUI), a prompt is provided to the user with a checkbox to "Reopen windows when logging back in".(Citation: Re-Open windows on Mac) When selected, all applications currently open are added to a property list file named <code>com.apple.loginwindow.[UUID].plist</code> within the <code>~/Library/Preferences/ByHost</code> directory.(Citation: Methods of Mac Malware Persistence)(Citation: Wardle Persistence Chapter) Applications listed in this file are automatically reopened upon the user’s next logon.

 Adversaries can establish [Persistence](https://attack.mitre.org/tactics/TA0003) by adding a malicious application path to the <code>com.apple.loginwindow.[UUID].plist</code> file to execute payloads when a user logs in.

@@ -6,7 +6,7 @@ Adversaries may add login items to execute upon user login to gain persistence o

 Login items installed using the Service Management Framework leverage <code>launchd</code>, are not visible in the System Preferences, and can only be removed by the application that created them.(Citation: Adding Login Items)(Citation: SMLoginItemSetEnabled Schroeder 2013) Login items created using a shared file list are visible in System Preferences, can hide the application when it launches, and are executed through LaunchServices, not launchd, to open applications, documents, or URLs without using Finder.(Citation: Launch Services Apple Developer) Users and applications use login items to configure their user environment to launch commonly used services or applications, such as email, chat, and music applications.

-Adversaries can utilize [AppleScript](https://attack.mitre.org/techniques/T1059/002) and [Native API](https://attack.mitre.org/techniques/T1106) calls to create a login item to spawn malicious executables.(Citation: ELC Running at startup) Prior to version 10.5 on macOS, adversaries can add login items by using [AppleScript](https://attack.mitre.org/techniques/T1059/002) to send an Apple events to the “System Events” process, which has an AppleScript dictionary for manipulating login items.(Citation: Login Items AE) Adversaries can use a command such as <code>tell application “System Events” to make login item at end with properties /path/to/executable</code>.(Citation: Startup Items Eclectic)(Citation: hexed osx.dok analysis 2019)(Citation: Add List Remove Login Items Apple Script) This command adds the path of the malicious executable to the login item file list located in <code>\~/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm</code>.(Citation: Startup Items Eclectic) Adversaries can also use login items to launch executables that can be used to control the victim system remotely or as a means to gain privilege escalation by prompting for user credentials.(Citation: objsee mac malware 2017)(Citation: CheckPoint Dok)(Citation: objsee netwire backdoor 2019)
+Adversaries can utilize [AppleScript](https://attack.mitre.org/techniques/T1059/002) and [Native API](https://attack.mitre.org/techniques/T1106) calls to create a login item to spawn malicious executables.(Citation: ELC Running at startup) Prior to version 10.5 on macOS, adversaries can add login items by using [AppleScript](https://attack.mitre.org/techniques/T1059/002) to send an Apple events to the “System Events” process, which has an AppleScript dictionary for manipulating login items.(Citation: Login Items AE) Adversaries can use a command such as <code>tell application “System Events” to make login item at end with properties /path/to/executable</code>.(Citation: Startup Items Eclectic)(Citation: hexed osx.dok analysis 2019)(Citation: Add List Remove Login Items Apple Script) This command adds the path of the malicious executable to the login item file list located in <code>~/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm</code>.(Citation: Startup Items Eclectic) Adversaries can also use login items to launch executables that can be used to control the victim system remotely or as a means to gain privilege escalation by prompting for user credentials.(Citation: objsee mac malware 2017)(Citation: CheckPoint Dok)(Citation: objsee netwire backdoor 2019)

 </blockquote>

@@ -4,7 +4,7 @@

 Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials. Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures.(Citation: Wikipedia Public Key Crypto) Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, .pfx, .cer, .p7b, .asc. 

-Adversaries may also look in common key directories, such as <code>\~/.ssh</code> for SSH keys on * nix-based systems or <code>C:&#92;Users&#92;(username)&#92;.ssh&#92;</code> on Windows. Adversary tools may also search compromised systems for file extensions relating to cryptographic keys and certificates.(Citation: Kaspersky Careto)(Citation: Palo Alto Prince of Persia)
+Adversaries may also look in common key directories, such as <code>~/.ssh</code> for SSH keys on * nix-based systems or <code>C:&#92;Users&#92;(username)&#92;.ssh&#92;</code> on Windows. Adversary tools may also search compromised systems for file extensions relating to cryptographic keys and certificates.(Citation: Kaspersky Careto)(Citation: Palo Alto Prince of Persia)

 When a device is registered to Entra ID, a device key and a transport key are generated and used to verify the device’s identity.(Citation: Microsoft Primary Refresh Token) An adversary with access to the device may be able to export the keys in order to impersonate the device.(Citation: AADInternals Azure AD Device Identities)

@@ -13,7 +13,7 @@ atomic_tests:
    stratus_path:
      description: Path of stratus binary
      type: path
-      default: $PathToAtomicsFolder/../ExternalPayloads
+      default: $PathToAtomicsFolder/T1552/src
    aws_region:
      description: AWS region to detonate
      type: string
@@ -25,7 +25,6 @@ atomic_tests:
    prereq_command: |
      if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
    get_prereq_command: |
-      mkdir -p #{stratus_path}
      if [ "$(uname)" == "Darwin" ]
      then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
        tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
@@ -4,9 +4,9 @@

 Adversaries may acquire credentials from Keychain. Keychain (or Keychain Services) is the macOS credential management system that stores account names, passwords, private keys, certificates, sensitive application data, payment data, and secure notes. There are three types of Keychains: Login Keychain, System Keychain, and Local Items (iCloud) Keychain. The default Keychain is the Login Keychain, which stores user passwords and information. The System Keychain stores items accessed by the operating system, such as items shared among users on a host. The Local Items (iCloud) Keychain is used for items synced with Apple’s iCloud service. 

-Keychains can be viewed and edited through the Keychain Access application or using the command-line utility <code>security</code>. Keychain files are located in <code>\~/Library/Keychains/</code>, <code>/Library/Keychains/</code>, and <code>/Network/Library/Keychains/</code>.(Citation: Keychain Services Apple)(Citation: Keychain Decryption Passware)(Citation: OSX Keychain Schaumann)
+Keychains can be viewed and edited through the Keychain Access application or using the command-line utility <code>security</code>. Keychain files are located in <code>~/Library/Keychains/</code>, <code>/Library/Keychains/</code>, and <code>/Network/Library/Keychains/</code>.(Citation: Keychain Services Apple)(Citation: Keychain Decryption Passware)(Citation: OSX Keychain Schaumann)

-Adversaries may gather user credentials from Keychain storage/memory. For example, the command <code>security dump-keychain –d</code> will dump all Login Keychain credentials from <code>\~/Library/Keychains/login.keychain-db</code>. Adversaries may also directly read Login Keychain credentials from the <code>\~/Library/Keychains/login.keychain</code> file. Both methods require a password, where the default password for the Login Keychain is the current user’s password to login to the macOS host.(Citation: External to DA, the OS X Way)(Citation: Empire Keychain Decrypt)  
+Adversaries may gather user credentials from Keychain storage/memory. For example, the command <code>security dump-keychain –d</code> will dump all Login Keychain credentials from <code>~/Library/Keychains/login.keychain-db</code>. Adversaries may also directly read Login Keychain credentials from the <code>~/Library/Keychains/login.keychain</code> file. Both methods require a password, where the default password for the Login Keychain is the current user’s password to login to the macOS host.(Citation: External to DA, the OS X Way)(Citation: Empire Keychain Decrypt)  

 </blockquote>

@@ -34,7 +34,6 @@ atomic_tests:
 - name: DDEAUTO
  auto_generated_guid: cf91174c-4e74-414e-bec0-8d60a104d181
  description: |
-
    TrustedSec - Unicorn - https://github.com/trustedsec/unicorn

    SensePost DDEAUTO - https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
@@ -4,7 +4,7 @@

 Adversaries may impair command history logging to hide commands they run on a compromised system. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they've done. 

-On Linux and macOS, command history is tracked in a file pointed to by the environment variable <code>HISTFILE</code>. When a user logs off a system, this information is flushed to a file in the user's home directory called <code>\~/.bash_history</code>. The <code>HISTCONTROL</code> environment variable keeps track of what should be saved by the <code>history</code> command and eventually into the <code>\~/.bash_history</code> file when a user logs out. <code>HISTCONTROL</code> does not exist by default on macOS, but can be set by the user and will be respected. The `HISTFILE` environment variable is also used in some ESXi systems.(Citation: Google Cloud Threat Intelligence ESXi VIBs 2022)
+On Linux and macOS, command history is tracked in a file pointed to by the environment variable <code>HISTFILE</code>. When a user logs off a system, this information is flushed to a file in the user's home directory called <code>~/.bash_history</code>. The <code>HISTCONTROL</code> environment variable keeps track of what should be saved by the <code>history</code> command and eventually into the <code>~/.bash_history</code> file when a user logs out. <code>HISTCONTROL</code> does not exist by default on macOS, but can be set by the user and will be respected. The `HISTFILE` environment variable is also used in some ESXi systems.(Citation: Google Cloud Threat Intelligence ESXi VIBs 2022)

 Adversaries may clear the history environment variable (<code>unset HISTFILE</code>) or set the command history size to zero (<code>export HISTFILESIZE=0</code>) to prevent logging of commands. Additionally, <code>HISTCONTROL</code> can be configured to ignore commands that start with a space by simply setting it to "ignorespace". <code>HISTCONTROL</code> can also be set to ignore duplicate commands by setting it to "ignoredups". In some Linux systems, this is set by default to "ignoreboth" which covers both of the previous examples. This means that “ ls” will not be saved, but “ls” would be saved by history. Adversaries can abuse this to operate without leaving traces by simply prepending a space to all of their terminal commands. 

@@ -173,7 +173,7 @@ atomic_tests:
    stratus_path:
      description: Path of stratus binary
      type: path
-      default: $PathToAtomicsFolder/../ExternalPayloads
+      default: $PathToAtomicsFolder/T1562.008/src
    aws_region:
      description: AWS region to detonate
      type: string
@@ -185,7 +185,6 @@ atomic_tests:
    prereq_command: |
      if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
    get_prereq_command: |
-      mkdir -p #{stratus_path}
      if [ "$(uname)" == "Darwin" ]
      then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
        tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
@@ -229,7 +228,7 @@ atomic_tests:
    stratus_path:
      description: Path of stratus binary
      type: path
-      default: $PathToAtomicsFolder/../ExternalPayloads
+      default: $PathToAtomicsFolder/T1562.008/src
    aws_region:
      description: AWS region to detonate
      type: string
@@ -241,7 +240,6 @@ atomic_tests:
    prereq_command: |
      if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
    get_prereq_command: |
-      mkdir -p #{stratus_path}
      if [ "$(uname)" == "Darwin" ]
      then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
        tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
@@ -284,7 +282,7 @@ atomic_tests:
    stratus_path:
      description: Path of stratus binary
      type: path
-      default: $PathToAtomicsFolder/../ExternalPayloads
+      default: $PathToAtomicsFolder/T1562.008/src
    aws_region:
      description: AWS region to detonate
      type: string
@@ -296,7 +294,6 @@ atomic_tests:
    prereq_command: |
      if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
    get_prereq_command: |
-      mkdir -p #{stratus_path}
      if [ "$(uname)" == "Darwin" ]
      then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
        tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
@@ -12,11 +12,10 @@ atomic_tests:
    command: |
      $url = 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1566.001/bin/PhishingAttachment.xlsm'
      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-      New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
-      Invoke-WebRequest -Uri $url -OutFile PathToAtomicsFolder\..\ExternalPayloads\PhishingAttachment.xlsm
+      Invoke-WebRequest -Uri $url -OutFile $env:TEMP\PhishingAttachment.xlsm
    name: powershell
    cleanup_command: |
-      Remove-Item PathToAtomicsFolder\..\ExternalPayloads\PhishingAttachment.xlsm -ErrorAction Ignore
+      Remove-Item $env:TEMP\PhishingAttachment.xlsm -ErrorAction Ignore

 - name: Word spawned a command shell and used an IP address in the command line
  auto_generated_guid: cbb6799a-425c-4f83-9194-5447a909d67f
@@ -216,15 +216,16 @@ atomic_tests:
  dependency_executor_name: powershell
  dependencies:
  - description: |
-     PsExec tool from Sysinternals must exist in the ExternalPayloads directory
+     PsExec tool from Sysinternals must exist in the '\Users\Public\Temp\' directory
    prereq_command: |
-     if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe) {exit 0} else {exit 1}
+     if (Get-ChildItem -Path C:\ -Include *psexec* -File -Recurse -ErrorAction SilentlyContinue) {exit 0} else {exit 1}
    get_prereq_command: |
-      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
-      Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\PSTools.zip"
-      Expand-Archive "PathToAtomicsFolder\..\ExternalPayloads\PsTools.zip" "PathToAtomicsFolder\..\ExternalPayloads\" -Force
+      New-Item -Type Directory "C:\Users\Public\Temp\" -ErrorAction Ignore -Force | Out-Null
+      Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\Users\Public\Temp\PSTools.zip"
+      Expand-Archive "C:\Users\Public\Temp\PsTools.zip" "C:\Users\Public\Temp\" -Force
  executor:
    command: |-
-      PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe -i -s cmd  -accepteula
+      cd C:\Users\Public\Temp\ 
+      .\PsExec.exe -i -s cmd  -accepteula
    name: powershell
    elevation_required: true
@@ -131,19 +131,19 @@ atomic_tests:
  - description: |
      Download ngrok
    prereq_command: |
-      if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\ngrok) {exit 0} else {exit 1}
+      if (Test-Path C:\Users\Public\ngrok) {exit 0} else {exit 1}
    get_prereq_command: |
-      New-Item -Path PathToAtomicsFolder\..\ExternalPayloads\ngrok -ItemType Directory -Force | Out-Null
-      Invoke-WebRequest #{download} -OutFile PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok-v3-stable-windows-amd64.zip
-      Expand-Archive PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok-v3-stable-windows-amd64.zip -DestinationPath PathToAtomicsFolder\..\ExternalPayloads\ngrok
+      New-Item -Path C:\Users\Public\ngrok -ItemType Directory | Out-Null
+      Invoke-WebRequest #{download} -OutFile C:\Users\Public\ngrok\ngrok-v3-stable-windows-amd64.zip
+      Expand-Archive C:\Users\Public\ngrok\ngrok-v3-stable-windows-amd64.zip -DestinationPath C:\Users\Public\ngrok
  executor:
    command: |
-      PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok.exe config add-authtoken #{api_token} | Out-Null
-      Start-Job -ScriptBlock { PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok.exe tcp #{port_num} } | Out-Null
+      C:\Users\Public\ngrok\ngrok.exe config add-authtoken #{api_token} | Out-Null
+      Start-Job -ScriptBlock { C:\Users\Public\ngrok\ngrok.exe tcp #{port_num} } | Out-Null
      Start-Sleep -s 5 
      Stop-Job -Name Job1 | Out-Null
    cleanup_command: |
-      Remove-Item PathToAtomicsFolder\..\ExternalPayloads\ngrok -Recurse -ErrorAction Ignore
+      Remove-Item C:\Users\Public\ngrok -Recurse -ErrorAction Ignore
      Remove-Item C:\%userprofile%\AppData\Local\ngrok -ErrorAction Ignore
    name: powershell
    elevation_required: true
@@ -13,7 +13,7 @@ atomic_tests:
    stratus_path:
      description: Path of stratus binary
      type: path
-      default: $PathToAtomicsFolder/../ExternalPayloads
+      default: $PathToAtomicsFolder/T1580/src
    aws_region:
      description: AWS region to detonate
      type: string
@@ -25,7 +25,6 @@ atomic_tests:
    prereq_command: |
      if test -f "#{stratus_path}/stratus"; then exit 0; else exit 1; fi
    get_prereq_command: |
-      mkdir -p #{stratus_path}
      if [ "$(uname)" = "Darwin" ]
      then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep -i Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
        tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
@@ -14,14 +14,6 @@ On Linux/macOS, device drivers (in the form of kernel modules) may be visible wi

 - [Atomic Test #1 - Device Driver Discovery](#atomic-test-1---device-driver-discovery)

- [Atomic Test #2 - Device Driver Discovery (Linux)](#atomic-test-2---device-driver-discovery-linux)
-
- [Atomic Test #3 - Enumerate Kernel Driver Files (Linux)](#atomic-test-3---enumerate-kernel-driver-files-linux)
-
- [Atomic Test #4 - List loaded kernel extensions (macOS)](#atomic-test-4---list-loaded-kernel-extensions-macos)
-
- [Atomic Test #5 - Find Kernel Extensions (macOS)](#atomic-test-5---find-kernel-extensions-macos)
-

 <br/>

@@ -54,116 +46,4 @@ driverquery /si /fo list



-<br/>
-<br/>
-
-## Atomic Test #2 - Device Driver Discovery (Linux)
-Displays a list of loaded kernel modules on a Linux system, which is used to enumerate drivers.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1
-
-
-
-
-
-
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-lsmod
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #3 - Enumerate Kernel Driver Files (Linux)
-Finds and lists all kernel driver files on a Linux system in order to provide a broader view of available drivers, not just loaded ones.
-
-**Supported Platforms:** Linux
-
-
-**auto_generated_guid:** 13c0fef5-9be9-4d7f-9c6b-901624e53770
-
-
-
-
-
-
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-find /lib/modules/$(uname -r)/kernel/drivers -name "*.ko*"
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #4 - List loaded kernel extensions (macOS)
-Displays a list of loaded kernel extensions (kexts) on a macOS system.
-
-**Supported Platforms:** macOS
-
-
-**auto_generated_guid:** 71eab73d-5d7d-4681-9a72-7873489a5b85
-
-
-
-
-
-
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-kextstat
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #5 - Find Kernel Extensions (macOS)
-Searches for kernel extension (kext) files on a macOS system.
-
-**Supported Platforms:** macOS
-
-
-**auto_generated_guid:** c63bbe52-6f17-4832-b221-f07ba8b1736f
-
-
-
-
-
-
-#### Attack Commands: Run with `bash`! 
-
-
-```bash
-kextfind
-```
-
-
-
-
-
-
 <br/>
@@ -18,47 +18,3 @@ atomic_tests:
    cleanup_command: 
    name: powershell
    elevation_required: false
- name: Device Driver Discovery (Linux)
-  auto_generated_guid: d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1
-  description: |
-    Displays a list of loaded kernel modules on a Linux system, which is used to enumerate drivers.
-  supported_platforms:
-  - linux
-  executor:
-    command: |
-      lsmod
-    name: bash
-    elevation_required: false
- name: Enumerate Kernel Driver Files (Linux)
-  auto_generated_guid: 13c0fef5-9be9-4d7f-9c6b-901624e53770
-  description: |
-    Finds and lists all kernel driver files on a Linux system in order to provide a broader view of available drivers, not just loaded ones.
-  supported_platforms:
-  - linux
-  executor:
-    command: |
-      find /lib/modules/$(uname -r)/kernel/drivers -name "*.ko*"
-    name: bash
-    elevation_required: false
- name: List loaded kernel extensions (macOS)
-  auto_generated_guid: 71eab73d-5d7d-4681-9a72-7873489a5b85
-  description: |
-    Displays a list of loaded kernel extensions (kexts) on a macOS system.
-  supported_platforms:
-  - macos
-  executor:
-    command: |
-      kextstat
-    name: bash
-    elevation_required: false
- name: Find Kernel Extensions (macOS)
-  auto_generated_guid: c63bbe52-6f17-4832-b221-f07ba8b1736f
-  description: |
-    Searches for kernel extension (kext) files on a macOS system.
-  supported_platforms:
-  - macos
-  executor:
-    command: |
-      kextfind
-    name: bash
-    elevation_required: false
@@ -1773,14 +1773,3 @@ d9efa6c7-6518-42b2-809a-4f2a8e242b9b
 a9604672-cd46-493b-b58f-fd4124c22dd3
 22386853-f68d-4b50-a362-de235127c443
 95a21323-770d-434c-80cd-6f6fbf7af432
-b52c8233-8f71-4bd7-9928-49fec8215cf5
-bcf05343-ef1d-4052-8a27-b00c9be42b9f
-997bb0a6-421e-40c7-b5d2-0f493904ef9b
-9b378962-a75e-4856-b117-2503d6dcebba
-7cd7eaa3-9ccc-460d-96d2-c6fb13e6d58a
-d70d82bd-bb00-4837-b146-b40d025551b2
-8f2a5d2b-4018-46d4-8f3f-0fea53754690
-d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1
-13c0fef5-9be9-4d7f-9c6b-901624e53770
-71eab73d-5d7d-4681-9a72-7873489a5b85
-c63bbe52-6f17-4832-b221-f07ba8b1736f
@@ -244,7 +244,7 @@ class AtomicRedTeamDocs
      "versions" => {	"attack": "16",	"navigator": "5.1.0",	"layer": "4.5"	},
      "description" => layer_name + " MITRE ATT&CK Navigator Layer",
      "domain" => "enterprise-attack",
-      "filters"=> filters,    
+      "filters"=> filters,
      "gradient" => {
                  "colors" => ["#ffffff",
                               "#ce232e"
@@ -265,11 +265,11 @@ class AtomicRedTeamDocs
      "techniques" => techniques
    }
  end
-  
+

  #
  # Process the current technique and update the list
-  # 
+  #
  def update_techniquesList(current_technique, current_techniqueParent, techniques_list, atomic_yaml, comments)
    if not atomic_yaml['attack_technique'].include?(".") then
      tech_parent = techniques_list.find { |h| h["techniqueID"] == atomic_yaml['attack_technique'].split('.')[0] }
@@ -298,7 +298,7 @@ class AtomicRedTeamDocs
      techniques_list.push(current_technique)
    end
  end
-  
+
  #
  # Generates a MITRE ATT&CK Navigator Layer based on contributed techniques
  #
@@ -385,7 +385,7 @@ class AtomicRedTeamDocs
            win_technique['score'] += 1
            win_technique['comment'] += "- " + atomic['name'] + "\n"
          end
-          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /macos/} then 
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /macos/} then
            has_macos_tests = true
            macos_technique['score'] += 1
            macos_technique['comment'] += "- " + atomic['name'] + "\n"
@@ -441,7 +441,7 @@ class AtomicRedTeamDocs
            esxi_technique['comment'] += "- " + atomic['name'] + "\n"
          end
        end
-        
+
        # Update full Atomic Layer
        update_techniquesList(technique, techniqueParent, techniques, atomic_yaml, false)
        # Update all other Atomic Layers
@@ -483,9 +483,9 @@ class AtomicRedTeamDocs
        end
      end
    end
-    
+
    puts techniques_iaas_gcp
-    
+
    layer = get_layer techniques, "Atomic Red Team"
    layer_win = get_layer techniques_win, "Atomic Red Team (Windows)"
    layer_mac = get_layer techniques_mac, "Atomic Red Team (macOS)"
@@ -189,24 +189,24 @@ files = [

 [[package]]
 name = "hypothesis"
-version = "6.148.7"
+version = "6.148.2"
 description = "The property-based testing library for Python"
 optional = false
-python-versions = ">=3.10"
+python-versions = ">=3.10.2"
 groups = ["main"]
 files = [
-    {file = "hypothesis-6.148.7-py3-none-any.whl", hash = "sha256:94dbd58ebf259afa3bafb1d3bf5761ac1bde6f1477de494798cbf7960aabbdee"},
-    {file = "hypothesis-6.148.7.tar.gz", hash = "sha256:b96e817e715c5b1a278411e3b9baf6d599d5b12207ba25e41a8f066929f6c2a6"},
+    {file = "hypothesis-6.148.2-py3-none-any.whl", hash = "sha256:bf8ddc829009da73b321994b902b1964bcc3e5c3f0ed9a1c1e6a1631ab97c5fa"},
+    {file = "hypothesis-6.148.2.tar.gz", hash = "sha256:07e65d34d687ddff3e92a3ac6b43966c193356896813aec79f0a611c5018f4b1"},
 ]

 [package.dependencies]
 sortedcontainers = ">=2.1.0,<3.0.0"

 [package.extras]
-all = ["black (>=20.8b0)", "click (>=7.0)", "crosshair-tool (>=0.0.99)", "django (>=4.2)", "dpcontracts (>=0.4)", "hypothesis-crosshair (>=0.0.26)", "lark (>=0.10.1)", "libcst (>=0.3.16)", "numpy (>=1.21.6)", "pandas (>=1.1)", "pytest (>=4.6)", "python-dateutil (>=1.4)", "pytz (>=2014.1)", "redis (>=3.0.0)", "rich (>=9.0.0)", "tzdata (>=2025.2) ; sys_platform == \"win32\" or sys_platform == \"emscripten\"", "watchdog (>=4.0.0)"]
+all = ["black (>=20.8b0)", "click (>=7.0)", "crosshair-tool (>=0.0.97)", "django (>=4.2)", "dpcontracts (>=0.4)", "hypothesis-crosshair (>=0.0.25)", "lark (>=0.10.1)", "libcst (>=0.3.16)", "numpy (>=1.21.6)", "pandas (>=1.1)", "pytest (>=4.6)", "python-dateutil (>=1.4)", "pytz (>=2014.1)", "redis (>=3.0.0)", "rich (>=9.0.0)", "tzdata (>=2025.2) ; sys_platform == \"win32\" or sys_platform == \"emscripten\"", "watchdog (>=4.0.0)"]
 cli = ["black (>=20.8b0)", "click (>=7.0)", "rich (>=9.0.0)"]
 codemods = ["libcst (>=0.3.16)"]
-crosshair = ["crosshair-tool (>=0.0.99)", "hypothesis-crosshair (>=0.0.26)"]
+crosshair = ["crosshair-tool (>=0.0.97)", "hypothesis-crosshair (>=0.0.25)"]
 dateutil = ["python-dateutil (>=1.4)"]
 django = ["django (>=4.2)"]
 dpcontracts = ["dpcontracts (>=0.4)"]
@@ -350,19 +350,19 @@ testing = ["coverage", "pytest", "pytest-benchmark"]

 [[package]]
 name = "pydantic"
-version = "2.12.5"
+version = "2.12.3"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "pydantic-2.12.5-py3-none-any.whl", hash = "sha256:e561593fccf61e8a20fc46dfc2dfe075b8be7d0188df33f221ad1f0139180f9d"},
-    {file = "pydantic-2.12.5.tar.gz", hash = "sha256:4d351024c75c0f085a9febbb665ce8c0c6ec5d30e903bdb6394b7ede26aebb49"},
+    {file = "pydantic-2.12.3-py3-none-any.whl", hash = "sha256:6986454a854bc3bc6e5443e1369e06a3a456af9d339eda45510f517d9ea5c6bf"},
+    {file = "pydantic-2.12.3.tar.gz", hash = "sha256:1da1c82b0fc140bb0103bc1441ffe062154c8d38491189751ee00fd8ca65ce74"},
 ]

 [package.dependencies]
 annotated-types = ">=0.6.0"
-pydantic-core = "2.41.5"
+pydantic-core = "2.41.4"
 typing-extensions = ">=4.14.1"
 typing-inspection = ">=0.4.2"

@@ -372,133 +372,129 @@ timezone = ["tzdata ; python_version >= \"3.9\" and platform_system == \"Windows

 [[package]]
 name = "pydantic-core"
-version = "2.41.5"
+version = "2.41.4"
 description = "Core functionality for Pydantic validation and serialization"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "pydantic_core-2.41.5-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:77b63866ca88d804225eaa4af3e664c5faf3568cea95360d21f4725ab6e07146"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:dfa8a0c812ac681395907e71e1274819dec685fec28273a28905df579ef137e2"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5921a4d3ca3aee735d9fd163808f5e8dd6c6972101e4adbda9a4667908849b97"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e25c479382d26a2a41b7ebea1043564a937db462816ea07afa8a44c0866d52f9"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f547144f2966e1e16ae626d8ce72b4cfa0caedc7fa28052001c94fb2fcaa1c52"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6f52298fbd394f9ed112d56f3d11aabd0d5bd27beb3084cc3d8ad069483b8941"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:100baa204bb412b74fe285fb0f3a385256dad1d1879f0a5cb1499ed2e83d132a"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:05a2c8852530ad2812cb7914dc61a1125dc4e06252ee98e5638a12da6cc6fb6c"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:29452c56df2ed968d18d7e21f4ab0ac55e71dc59524872f6fc57dcf4a3249ed2"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-musllinux_1_1_armv7l.whl", hash = "sha256:d5160812ea7a8a2ffbe233d8da666880cad0cbaf5d4de74ae15c313213d62556"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:df3959765b553b9440adfd3c795617c352154e497a4eaf3752555cfb5da8fc49"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-win32.whl", hash = "sha256:1f8d33a7f4d5a7889e60dc39856d76d09333d8a6ed0f5f1190635cbec70ec4ba"},
-    {file = "pydantic_core-2.41.5-cp310-cp310-win_amd64.whl", hash = "sha256:62de39db01b8d593e45871af2af9e497295db8d73b085f6bfd0b18c83c70a8f9"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:a3a52f6156e73e7ccb0f8cced536adccb7042be67cb45f9562e12b319c119da6"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7f3bf998340c6d4b0c9a2f02d6a400e51f123b59565d74dc60d252ce888c260b"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:378bec5c66998815d224c9ca994f1e14c0c21cb95d2f52b6021cc0b2a58f2a5a"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e7b576130c69225432866fe2f4a469a85a54ade141d96fd396dffcf607b558f8"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:6cb58b9c66f7e4179a2d5e0f849c48eff5c1fca560994d6eb6543abf955a149e"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:88942d3a3dff3afc8288c21e565e476fc278902ae4d6d134f1eeda118cc830b1"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f31d95a179f8d64d90f6831d71fa93290893a33148d890ba15de25642c5d075b"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c1df3d34aced70add6f867a8cf413e299177e0c22660cc767218373d0779487b"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:4009935984bd36bd2c774e13f9a09563ce8de4abaa7226f5108262fa3e637284"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-musllinux_1_1_armv7l.whl", hash = "sha256:34a64bc3441dc1213096a20fe27e8e128bd3ff89921706e83c0b1ac971276594"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:c9e19dd6e28fdcaa5a1de679aec4141f691023916427ef9bae8584f9c2fb3b0e"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-win32.whl", hash = "sha256:2c010c6ded393148374c0f6f0bf89d206bf3217f201faa0635dcd56bd1520f6b"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-win_amd64.whl", hash = "sha256:76ee27c6e9c7f16f47db7a94157112a2f3a00e958bc626e2f4ee8bec5c328fbe"},
-    {file = "pydantic_core-2.41.5-cp311-cp311-win_arm64.whl", hash = "sha256:4bc36bbc0b7584de96561184ad7f012478987882ebf9f9c389b23f432ea3d90f"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:f41a7489d32336dbf2199c8c0a215390a751c5b014c2c1c5366e817202e9cdf7"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:070259a8818988b9a84a449a2a7337c7f430a22acc0859c6b110aa7212a6d9c0"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e96cea19e34778f8d59fe40775a7a574d95816eb150850a85a7a4c8f4b94ac69"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ed2e99c456e3fadd05c991f8f437ef902e00eedf34320ba2b0842bd1c3ca3a75"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:65840751b72fbfd82c3c640cff9284545342a4f1eb1586ad0636955b261b0b05"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e536c98a7626a98feb2d3eaf75944ef6f3dbee447e1f841eae16f2f0a72d8ddc"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eceb81a8d74f9267ef4081e246ffd6d129da5d87e37a77c9bde550cb04870c1c"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d38548150c39b74aeeb0ce8ee1d8e82696f4a4e16ddc6de7b1d8823f7de4b9b5"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:c23e27686783f60290e36827f9c626e63154b82b116d7fe9adba1fda36da706c"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-musllinux_1_1_armv7l.whl", hash = "sha256:482c982f814460eabe1d3bb0adfdc583387bd4691ef00b90575ca0d2b6fe2294"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:bfea2a5f0b4d8d43adf9d7b8bf019fb46fdd10a2e5cde477fbcb9d1fa08c68e1"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-win32.whl", hash = "sha256:b74557b16e390ec12dca509bce9264c3bbd128f8a2c376eaa68003d7f327276d"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-win_amd64.whl", hash = "sha256:1962293292865bca8e54702b08a4f26da73adc83dd1fcf26fbc875b35d81c815"},
-    {file = "pydantic_core-2.41.5-cp312-cp312-win_arm64.whl", hash = "sha256:1746d4a3d9a794cacae06a5eaaccb4b8643a131d45fbc9af23e353dc0a5ba5c3"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:941103c9be18ac8daf7b7adca8228f8ed6bb7a1849020f643b3a14d15b1924d9"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:112e305c3314f40c93998e567879e887a3160bb8689ef3d2c04b6cc62c33ac34"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0cbaad15cb0c90aa221d43c00e77bb33c93e8d36e0bf74760cd00e732d10a6a0"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:03ca43e12fab6023fc79d28ca6b39b05f794ad08ec2feccc59a339b02f2b3d33"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:dc799088c08fa04e43144b164feb0c13f9a0bc40503f8df3e9fde58a3c0c101e"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:97aeba56665b4c3235a0e52b2c2f5ae9cd071b8a8310ad27bddb3f7fb30e9aa2"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:406bf18d345822d6c21366031003612b9c77b3e29ffdb0f612367352aab7d586"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b93590ae81f7010dbe380cdeab6f515902ebcbefe0b9327cc4804d74e93ae69d"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:01a3d0ab748ee531f4ea6c3e48ad9dac84ddba4b0d82291f87248f2f9de8d740"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-musllinux_1_1_armv7l.whl", hash = "sha256:6561e94ba9dacc9c61bce40e2d6bdc3bfaa0259d3ff36ace3b1e6901936d2e3e"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:915c3d10f81bec3a74fbd4faebe8391013ba61e5a1a8d48c4455b923bdda7858"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-win32.whl", hash = "sha256:650ae77860b45cfa6e2cdafc42618ceafab3a2d9a3811fcfbd3bbf8ac3c40d36"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-win_amd64.whl", hash = "sha256:79ec52ec461e99e13791ec6508c722742ad745571f234ea6255bed38c6480f11"},
-    {file = "pydantic_core-2.41.5-cp313-cp313-win_arm64.whl", hash = "sha256:3f84d5c1b4ab906093bdc1ff10484838aca54ef08de4afa9de0f5f14d69639cd"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-macosx_10_12_x86_64.whl", hash = "sha256:3f37a19d7ebcdd20b96485056ba9e8b304e27d9904d233d7b1015db320e51f0a"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:1d1d9764366c73f996edd17abb6d9d7649a7eb690006ab6adbda117717099b14"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:25e1c2af0fce638d5f1988b686f3b3ea8cd7de5f244ca147c777769e798a9cd1"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:506d766a8727beef16b7adaeb8ee6217c64fc813646b424d0804d67c16eddb66"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4819fa52133c9aa3c387b3328f25c1facc356491e6135b459f1de698ff64d869"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2b761d210c9ea91feda40d25b4efe82a1707da2ef62901466a42492c028553a2"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:22f0fb8c1c583a3b6f24df2470833b40207e907b90c928cc8d3594b76f874375"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2782c870e99878c634505236d81e5443092fba820f0373997ff75f90f68cd553"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-musllinux_1_1_aarch64.whl", hash = "sha256:0177272f88ab8312479336e1d777f6b124537d47f2123f89cb37e0accea97f90"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-musllinux_1_1_armv7l.whl", hash = "sha256:63510af5e38f8955b8ee5687740d6ebf7c2a0886d15a6d65c32814613681bc07"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-musllinux_1_1_x86_64.whl", hash = "sha256:e56ba91f47764cc14f1daacd723e3e82d1a89d783f0f5afe9c364b8bb491ccdb"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-win32.whl", hash = "sha256:aec5cf2fd867b4ff45b9959f8b20ea3993fc93e63c7363fe6851424c8a7e7c23"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-win_amd64.whl", hash = "sha256:8e7c86f27c585ef37c35e56a96363ab8de4e549a95512445b85c96d3e2f7c1bf"},
-    {file = "pydantic_core-2.41.5-cp314-cp314-win_arm64.whl", hash = "sha256:e672ba74fbc2dc8eea59fb6d4aed6845e6905fc2a8afe93175d94a83ba2a01a0"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-macosx_10_12_x86_64.whl", hash = "sha256:8566def80554c3faa0e65ac30ab0932b9e3a5cd7f8323764303d468e5c37595a"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:b80aa5095cd3109962a298ce14110ae16b8c1aece8b72f9dafe81cf597ad80b3"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3006c3dd9ba34b0c094c544c6006cc79e87d8612999f1a5d43b769b89181f23c"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:72f6c8b11857a856bcfa48c86f5368439f74453563f951e473514579d44aa612"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5cb1b2f9742240e4bb26b652a5aeb840aa4b417c7748b6f8387927bc6e45e40d"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:bd3d54f38609ff308209bd43acea66061494157703364ae40c951f83ba99a1a9"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2ff4321e56e879ee8d2a879501c8e469414d948f4aba74a2d4593184eb326660"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d0d2568a8c11bf8225044aa94409e21da0cb09dcdafe9ecd10250b2baad531a9"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-musllinux_1_1_aarch64.whl", hash = "sha256:a39455728aabd58ceabb03c90e12f71fd30fa69615760a075b9fec596456ccc3"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-musllinux_1_1_armv7l.whl", hash = "sha256:239edca560d05757817c13dc17c50766136d21f7cd0fac50295499ae24f90fdf"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-musllinux_1_1_x86_64.whl", hash = "sha256:2a5e06546e19f24c6a96a129142a75cee553cc018ffee48a460059b1185f4470"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-win32.whl", hash = "sha256:b4ececa40ac28afa90871c2cc2b9ffd2ff0bf749380fbdf57d165fd23da353aa"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-win_amd64.whl", hash = "sha256:80aa89cad80b32a912a65332f64a4450ed00966111b6615ca6816153d3585a8c"},
-    {file = "pydantic_core-2.41.5-cp314-cp314t-win_arm64.whl", hash = "sha256:35b44f37a3199f771c3eaa53051bc8a70cd7b54f333531c59e29fd4db5d15008"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:8bfeaf8735be79f225f3fefab7f941c712aaca36f1128c9d7e2352ee1aa87bdf"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:346285d28e4c8017da95144c7f3acd42740d637ff41946af5ce6e5e420502dd5"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a75dafbf87d6276ddc5b2bf6fae5254e3d0876b626eb24969a574fff9149ee5d"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:7b93a4d08587e2b7e7882de461e82b6ed76d9026ce91ca7915e740ecc7855f60"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e8465ab91a4bd96d36dde3263f06caa6a8a6019e4113f24dc753d79a8b3a3f82"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:299e0a22e7ae2b85c1a57f104538b2656e8ab1873511fd718a1c1c6f149b77b5"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:707625ef0983fcfb461acfaf14de2067c5942c6bb0f3b4c99158bed6fedd3cf3"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f41eb9797986d6ebac5e8edff36d5cef9de40def462311b3eb3eeded1431e425"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:0384e2e1021894b1ff5a786dbf94771e2986ebe2869533874d7e43bc79c6f504"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-musllinux_1_1_armv7l.whl", hash = "sha256:f0cd744688278965817fd0839c4a4116add48d23890d468bc436f78beb28abf5"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:753e230374206729bf0a807954bcc6c150d3743928a73faffee51ac6557a03c3"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-win32.whl", hash = "sha256:873e0d5b4fb9b89ef7c2d2a963ea7d02879d9da0da8d9d4933dee8ee86a8b460"},
-    {file = "pydantic_core-2.41.5-cp39-cp39-win_amd64.whl", hash = "sha256:e4f4a984405e91527a0d62649ee21138f8e3d0ef103be488c1dc11a80d7f184b"},
-    {file = "pydantic_core-2.41.5-graalpy311-graalpy242_311_native-macosx_10_12_x86_64.whl", hash = "sha256:b96d5f26b05d03cc60f11a7761a5ded1741da411e7fe0909e27a5e6a0cb7b034"},
-    {file = "pydantic_core-2.41.5-graalpy311-graalpy242_311_native-macosx_11_0_arm64.whl", hash = "sha256:634e8609e89ceecea15e2d61bc9ac3718caaaa71963717bf3c8f38bfde64242c"},
-    {file = "pydantic_core-2.41.5-graalpy311-graalpy242_311_native-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:93e8740d7503eb008aa2df04d3b9735f845d43ae845e6dcd2be0b55a2da43cd2"},
-    {file = "pydantic_core-2.41.5-graalpy311-graalpy242_311_native-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f15489ba13d61f670dcc96772e733aad1a6f9c429cc27574c6cdaed82d0146ad"},
-    {file = "pydantic_core-2.41.5-graalpy312-graalpy250_312_native-macosx_10_12_x86_64.whl", hash = "sha256:7da7087d756b19037bc2c06edc6c170eeef3c3bafcb8f532ff17d64dc427adfd"},
-    {file = "pydantic_core-2.41.5-graalpy312-graalpy250_312_native-macosx_11_0_arm64.whl", hash = "sha256:aabf5777b5c8ca26f7824cb4a120a740c9588ed58df9b2d196ce92fba42ff8dc"},
-    {file = "pydantic_core-2.41.5-graalpy312-graalpy250_312_native-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c007fe8a43d43b3969e8469004e9845944f1a80e6acd47c150856bb87f230c56"},
-    {file = "pydantic_core-2.41.5-graalpy312-graalpy250_312_native-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:76d0819de158cd855d1cbb8fcafdf6f5cf1eb8e470abe056d5d161106e38062b"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:b5819cd790dbf0c5eb9f82c73c16b39a65dd6dd4d1439dcdea7816ec9adddab8"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:5a4e67afbc95fa5c34cf27d9089bca7fcab4e51e57278d710320a70b956d1b9a"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ece5c59f0ce7d001e017643d8d24da587ea1f74f6993467d85ae8a5ef9d4f42b"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:16f80f7abe3351f8ea6858914ddc8c77e02578544a0ebc15b4c2e1a0e813b0b2"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:33cb885e759a705b426baada1fe68cbb0a2e68e34c5d0d0289a364cf01709093"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:c8d8b4eb992936023be7dee581270af5c6e0697a8559895f527f5b7105ecd36a"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:242a206cd0318f95cd21bdacff3fcc3aab23e79bba5cac3db5a841c9ef9c6963"},
-    {file = "pydantic_core-2.41.5-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:d3a978c4f57a597908b7e697229d996d77a6d3c94901e9edee593adada95ce1a"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:b2379fa7ed44ddecb5bfe4e48577d752db9fc10be00a6b7446e9663ba143de26"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:266fb4cbf5e3cbd0b53669a6d1b039c45e3ce651fd5442eff4d07c2cc8d66808"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58133647260ea01e4d0500089a8c4f07bd7aa6ce109682b1426394988d8aaacc"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:287dad91cfb551c363dc62899a80e9e14da1f0e2b6ebde82c806612ca2a13ef1"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:03b77d184b9eb40240ae9fd676ca364ce1085f203e1b1256f8ab9984dca80a84"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:a668ce24de96165bb239160b3d854943128f4334822900534f2fe947930e5770"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:f14f8f046c14563f8eb3f45f499cc658ab8d10072961e07225e507adb700e93f"},
-    {file = "pydantic_core-2.41.5-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:56121965f7a4dc965bff783d70b907ddf3d57f6eba29b6d2e5dabfaf07799c51"},
-    {file = "pydantic_core-2.41.5.tar.gz", hash = "sha256:08daa51ea16ad373ffd5e7606252cc32f07bc72b28284b6bc9c6df804816476e"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:2442d9a4d38f3411f22eb9dd0912b7cbf4b7d5b6c92c4173b75d3e1ccd84e36e"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:30a9876226dda131a741afeab2702e2d127209bde3c65a2b8133f428bc5d006b"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d55bbac04711e2980645af68b97d445cdbcce70e5216de444a6c4b6943ebcccd"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e1d778fb7849a42d0ee5927ab0f7453bf9f85eef8887a546ec87db5ddb178945"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1b65077a4693a98b90ec5ad8f203ad65802a1b9b6d4a7e48066925a7e1606706"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:62637c769dee16eddb7686bf421be48dfc2fae93832c25e25bc7242e698361ba"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2dfe3aa529c8f501babf6e502936b9e8d4698502b2cfab41e17a028d91b1ac7b"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ca2322da745bf2eeb581fc9ea3bbb31147702163ccbcbf12a3bb630e4bf05e1d"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:e8cd3577c796be7231dcf80badcf2e0835a46665eaafd8ace124d886bab4d700"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-musllinux_1_1_armv7l.whl", hash = "sha256:1cae8851e174c83633f0833e90636832857297900133705ee158cf79d40f03e6"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:a26d950449aae348afe1ac8be5525a00ae4235309b729ad4d3399623125b43c9"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-win32.whl", hash = "sha256:0cf2a1f599efe57fa0051312774280ee0f650e11152325e41dfd3018ef2c1b57"},
+    {file = "pydantic_core-2.41.4-cp310-cp310-win_amd64.whl", hash = "sha256:a8c2e340d7e454dc3340d3d2e8f23558ebe78c98aa8f68851b04dcb7bc37abdc"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:28ff11666443a1a8cf2a044d6a545ebffa8382b5f7973f22c36109205e65dc80"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:61760c3925d4633290292bad462e0f737b840508b4f722247d8729684f6539ae"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:eae547b7315d055b0de2ec3965643b0ab82ad0106a7ffd29615ee9f266a02827"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ef9ee5471edd58d1fcce1c80ffc8783a650e3e3a193fe90d52e43bb4d87bff1f"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:15dd504af121caaf2c95cb90c0ebf71603c53de98305621b94da0f967e572def"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3a926768ea49a8af4d36abd6a8968b8790f7f76dd7cbd5a4c180db2b4ac9a3a2"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6916b9b7d134bff5440098a4deb80e4cb623e68974a87883299de9124126c2a8"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:5cf90535979089df02e6f17ffd076f07237efa55b7343d98760bde8743c4b265"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:7533c76fa647fade2d7ec75ac5cc079ab3f34879626dae5689b27790a6cf5a5c"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-musllinux_1_1_armv7l.whl", hash = "sha256:37e516bca9264cbf29612539801ca3cd5d1be465f940417b002905e6ed79d38a"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:0c19cb355224037c83642429b8ce261ae108e1c5fbf5c028bac63c77b0f8646e"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-win32.whl", hash = "sha256:09c2a60e55b357284b5f31f5ab275ba9f7f70b7525e18a132ec1f9160b4f1f03"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-win_amd64.whl", hash = "sha256:711156b6afb5cb1cb7c14a2cc2c4a8b4c717b69046f13c6b332d8a0a8f41ca3e"},
+    {file = "pydantic_core-2.41.4-cp311-cp311-win_arm64.whl", hash = "sha256:6cb9cf7e761f4f8a8589a45e49ed3c0d92d1d696a45a6feaee8c904b26efc2db"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:ab06d77e053d660a6faaf04894446df7b0a7e7aba70c2797465a0a1af00fc887"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:c53ff33e603a9c1179a9364b0a24694f183717b2e0da2b5ad43c316c956901b2"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:304c54176af2c143bd181d82e77c15c41cbacea8872a2225dd37e6544dce9999"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:025ba34a4cf4fb32f917d5d188ab5e702223d3ba603be4d8aca2f82bede432a4"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b9f5f30c402ed58f90c70e12eff65547d3ab74685ffe8283c719e6bead8ef53f"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:dd96e5d15385d301733113bcaa324c8bcf111275b7675a9c6e88bfb19fc05e3b"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:98f348cbb44fae6e9653c1055db7e29de67ea6a9ca03a5fa2c2e11a47cff0e47"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ec22626a2d14620a83ca583c6f5a4080fa3155282718b6055c2ea48d3ef35970"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:3a95d4590b1f1a43bf33ca6d647b990a88f4a3824a8c4572c708f0b45a5290ed"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-musllinux_1_1_armv7l.whl", hash = "sha256:f9672ab4d398e1b602feadcffcdd3af44d5f5e6ddc15bc7d15d376d47e8e19f8"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:84d8854db5f55fead3b579f04bda9a36461dab0730c5d570e1526483e7bb8431"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-win32.whl", hash = "sha256:9be1c01adb2ecc4e464392c36d17f97e9110fbbc906bcbe1c943b5b87a74aabd"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-win_amd64.whl", hash = "sha256:d682cf1d22bab22a5be08539dca3d1593488a99998f9f412137bc323179067ff"},
+    {file = "pydantic_core-2.41.4-cp312-cp312-win_arm64.whl", hash = "sha256:833eebfd75a26d17470b58768c1834dfc90141b7afc6eb0429c21fc5a21dcfb8"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:85e050ad9e5f6fe1004eec65c914332e52f429bc0ae12d6fa2092407a462c746"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:e7393f1d64792763a48924ba31d1e44c2cfbc05e3b1c2c9abb4ceeadd912cced"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:94dab0940b0d1fb28bcab847adf887c66a27a40291eedf0b473be58761c9799a"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:de7c42f897e689ee6f9e93c4bec72b99ae3b32a2ade1c7e4798e690ff5246e02"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:664b3199193262277b8b3cd1e754fb07f2c6023289c815a1e1e8fb415cb247b1"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d95b253b88f7d308b1c0b417c4624f44553ba4762816f94e6986819b9c273fb2"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a1351f5bbdbbabc689727cb91649a00cb9ee7203e0a6e54e9f5ba9e22e384b84"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:1affa4798520b148d7182da0615d648e752de4ab1a9566b7471bc803d88a062d"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:7b74e18052fea4aa8dea2fb7dbc23d15439695da6cbe6cfc1b694af1115df09d"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-musllinux_1_1_armv7l.whl", hash = "sha256:285b643d75c0e30abda9dc1077395624f314a37e3c09ca402d4015ef5979f1a2"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:f52679ff4218d713b3b33f88c89ccbf3a5c2c12ba665fb80ccc4192b4608dbab"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-win32.whl", hash = "sha256:ecde6dedd6fff127c273c76821bb754d793be1024bc33314a120f83a3c69460c"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-win_amd64.whl", hash = "sha256:d081a1f3800f05409ed868ebb2d74ac39dd0c1ff6c035b5162356d76030736d4"},
+    {file = "pydantic_core-2.41.4-cp313-cp313-win_arm64.whl", hash = "sha256:f8e49c9c364a7edcbe2a310f12733aad95b022495ef2a8d653f645e5d20c1564"},
+    {file = "pydantic_core-2.41.4-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:ed97fd56a561f5eb5706cebe94f1ad7c13b84d98312a05546f2ad036bafe87f4"},
+    {file = "pydantic_core-2.41.4-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a870c307bf1ee91fc58a9a61338ff780d01bfae45922624816878dce784095d2"},
+    {file = "pydantic_core-2.41.4-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d25e97bc1f5f8f7985bdc2335ef9e73843bb561eb1fa6831fdfc295c1c2061cf"},
+    {file = "pydantic_core-2.41.4-cp313-cp313t-win_amd64.whl", hash = "sha256:d405d14bea042f166512add3091c1af40437c2e7f86988f3915fabd27b1e9cd2"},
+    {file = "pydantic_core-2.41.4-cp313-cp313t-win_arm64.whl", hash = "sha256:19f3684868309db5263a11bace3c45d93f6f24afa2ffe75a647583df22a2ff89"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-macosx_10_12_x86_64.whl", hash = "sha256:e9205d97ed08a82ebb9a307e92914bb30e18cdf6f6b12ca4bedadb1588a0bfe1"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:82df1f432b37d832709fbcc0e24394bba04a01b6ecf1ee87578145c19cde12ac"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:fc3b4cc4539e055cfa39a3763c939f9d409eb40e85813257dcd761985a108554"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:b1eb1754fce47c63d2ff57fdb88c351a6c0150995890088b33767a10218eaa4e"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e6ab5ab30ef325b443f379ddb575a34969c333004fca5a1daa0133a6ffaad616"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:31a41030b1d9ca497634092b46481b937ff9397a86f9f51bd41c4767b6fc04af"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a44ac1738591472c3d020f61c6df1e4015180d6262ebd39bf2aeb52571b60f12"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d72f2b5e6e82ab8f94ea7d0d42f83c487dc159c5240d8f83beae684472864e2d"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-musllinux_1_1_aarch64.whl", hash = "sha256:c4d1e854aaf044487d31143f541f7aafe7b482ae72a022c664b2de2e466ed0ad"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-musllinux_1_1_armv7l.whl", hash = "sha256:b568af94267729d76e6ee5ececda4e283d07bbb28e8148bb17adad93d025d25a"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-musllinux_1_1_x86_64.whl", hash = "sha256:6d55fb8b1e8929b341cc313a81a26e0d48aa3b519c1dbaadec3a6a2b4fcad025"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-win32.whl", hash = "sha256:5b66584e549e2e32a1398df11da2e0a7eff45d5c2d9db9d5667c5e6ac764d77e"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-win_amd64.whl", hash = "sha256:557a0aab88664cc552285316809cab897716a372afaf8efdbef756f8b890e894"},
+    {file = "pydantic_core-2.41.4-cp314-cp314-win_arm64.whl", hash = "sha256:3f1ea6f48a045745d0d9f325989d8abd3f1eaf47dd00485912d1a3a63c623a8d"},
+    {file = "pydantic_core-2.41.4-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:6c1fe4c5404c448b13188dd8bd2ebc2bdd7e6727fa61ff481bcc2cca894018da"},
+    {file = "pydantic_core-2.41.4-cp314-cp314t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:523e7da4d43b113bf8e7b49fa4ec0c35bf4fe66b2230bfc5c13cc498f12c6c3e"},
+    {file = "pydantic_core-2.41.4-cp314-cp314t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5729225de81fb65b70fdb1907fcf08c75d498f4a6f15af005aabb1fdadc19dfa"},
+    {file = "pydantic_core-2.41.4-cp314-cp314t-win_amd64.whl", hash = "sha256:de2cfbb09e88f0f795fd90cf955858fc2c691df65b1f21f0aa00b99f3fbc661d"},
+    {file = "pydantic_core-2.41.4-cp314-cp314t-win_arm64.whl", hash = "sha256:d34f950ae05a83e0ede899c595f312ca976023ea1db100cd5aa188f7005e3ab0"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:646e76293345954acea6966149683047b7b2ace793011922208c8e9da12b0062"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:cc8e85a63085a137d286e2791037f5fdfff0aabb8b899483ca9c496dd5797338"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:692c622c8f859a17c156492783902d8370ac7e121a611bd6fe92cc71acf9ee8d"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d1e2906efb1031a532600679b424ef1d95d9f9fb507f813951f23320903adbd7"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e04e2f7f8916ad3ddd417a7abdd295276a0bf216993d9318a5d61cc058209166"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:df649916b81822543d1c8e0e1d079235f68acdc7d270c911e8425045a8cfc57e"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:66c529f862fdba70558061bb936fe00ddbaaa0c647fd26e4a4356ef1d6561891"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:fc3b4c5a1fd3a311563ed866c2c9b62da06cb6398bee186484ce95c820db71cb"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:6e0fc40d84448f941df9b3334c4b78fe42f36e3bf631ad54c3047a0cdddc2514"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-musllinux_1_1_armv7l.whl", hash = "sha256:44e7625332683b6c1c8b980461475cde9595eff94447500e80716db89b0da005"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:170ee6835f6c71081d031ef1c3b4dc4a12b9efa6a9540f93f95b82f3c7571ae8"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-win32.whl", hash = "sha256:3adf61415efa6ce977041ba9745183c0e1f637ca849773afa93833e04b163feb"},
+    {file = "pydantic_core-2.41.4-cp39-cp39-win_amd64.whl", hash = "sha256:a238dd3feee263eeaeb7dc44aea4ba1364682c4f9f9467e6af5596ba322c2332"},
+    {file = "pydantic_core-2.41.4-graalpy311-graalpy242_311_native-macosx_10_12_x86_64.whl", hash = "sha256:a1b2cfec3879afb742a7b0bcfa53e4f22ba96571c9e54d6a3afe1052d17d843b"},
+    {file = "pydantic_core-2.41.4-graalpy311-graalpy242_311_native-macosx_11_0_arm64.whl", hash = "sha256:d175600d975b7c244af6eb9c9041f10059f20b8bbffec9e33fdd5ee3f67cdc42"},
+    {file = "pydantic_core-2.41.4-graalpy311-graalpy242_311_native-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0f184d657fa4947ae5ec9c47bd7e917730fa1cbb78195037e32dcbab50aca5ee"},
+    {file = "pydantic_core-2.41.4-graalpy311-graalpy242_311_native-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1ed810568aeffed3edc78910af32af911c835cc39ebbfacd1f0ab5dd53028e5c"},
+    {file = "pydantic_core-2.41.4-graalpy312-graalpy250_312_native-macosx_10_12_x86_64.whl", hash = "sha256:4f5d640aeebb438517150fdeec097739614421900e4a08db4a3ef38898798537"},
+    {file = "pydantic_core-2.41.4-graalpy312-graalpy250_312_native-macosx_11_0_arm64.whl", hash = "sha256:4a9ab037b71927babc6d9e7fc01aea9e66dc2a4a34dff06ef0724a4049629f94"},
+    {file = "pydantic_core-2.41.4-graalpy312-graalpy250_312_native-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e4dab9484ec605c3016df9ad4fd4f9a390bc5d816a3b10c6550f8424bb80b18c"},
+    {file = "pydantic_core-2.41.4-graalpy312-graalpy250_312_native-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bd8a5028425820731d8c6c098ab642d7b8b999758e24acae03ed38a66eca8335"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:1e5ab4fc177dd41536b3c32b2ea11380dd3d4619a385860621478ac2d25ceb00"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:3d88d0054d3fa11ce936184896bed3c1c5441d6fa483b498fac6a5d0dd6f64a9"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7b2a054a8725f05b4b6503357e0ac1c4e8234ad3b0c2ac130d6ffc66f0e170e2"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b0d9db5a161c99375a0c68c058e227bee1d89303300802601d76a3d01f74e258"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:6273ea2c8ffdac7b7fda2653c49682db815aebf4a89243a6feccf5e36c18c347"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:4c973add636efc61de22530b2ef83a65f39b6d6f656df97f678720e20de26caa"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:b69d1973354758007f46cf2d44a4f3d0933f10b6dc9bf15cf1356e037f6f731a"},
+    {file = "pydantic_core-2.41.4-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:3619320641fd212aaf5997b6ca505e97540b7e16418f4a241f44cdf108ffb50d"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:491535d45cd7ad7e4a2af4a5169b0d07bebf1adfd164b0368da8aa41e19907a5"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:54d86c0cada6aba4ec4c047d0e348cbad7063b87ae0f005d9f8c9ad04d4a92a2"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eca1124aced216b2500dc2609eade086d718e8249cb9696660ab447d50a758bd"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6c9024169becccf0cb470ada03ee578d7348c119a0d42af3dcf9eda96e3a247c"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:26895a4268ae5a2849269f4991cdc97236e4b9c010e51137becf25182daac405"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:ca4df25762cf71308c446e33c9b1fdca2923a3f13de616e2a949f38bf21ff5a8"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:5a28fcedd762349519276c36634e71853b4541079cab4acaaac60c4421827308"},
+    {file = "pydantic_core-2.41.4-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:c173ddcd86afd2535e2b695217e82191580663a1d1928239f877f5a1649ef39f"},
+    {file = "pydantic_core-2.41.4.tar.gz", hash = "sha256:70e47929a9d4a1905a67e4b687d5946026390568a8e952b92824118063cee4d5"},
 ]

 [package.dependencies]
@@ -521,14 +517,14 @@ windows-terminal = ["colorama (>=0.4.6)"]

 [[package]]
 name = "pytest"
-version = "9.0.2"
+version = "9.0.1"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
 files = [
-    {file = "pytest-9.0.2-py3-none-any.whl", hash = "sha256:711ffd45bf766d5264d487b917733b453d917afd2b0ad65223959f59089f875b"},
-    {file = "pytest-9.0.2.tar.gz", hash = "sha256:75186651a92bd89611d1d9fc20f0b4345fd827c41ccd5c299a868a05d70edf11"},
+    {file = "pytest-9.0.1-py3-none-any.whl", hash = "sha256:67be0030d194df2dfa7b556f2e56fb3c3315bd5c8822c6951162b92b32ce7dad"},
+    {file = "pytest-9.0.1.tar.gz", hash = "sha256:3e9c069ea73583e255c3b21cf46b8d3c56f6e3a1a8f6da94ccb0fcf57b9d73c8"},
 ]

 [package.dependencies]
@@ -965,23 +961,23 @@ typing-extensions = ">=4.12.0"

 [[package]]
 name = "urllib3"
-version = "2.6.0"
+version = "2.5.0"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "urllib3-2.6.0-py3-none-any.whl", hash = "sha256:c90f7a39f716c572c4e3e58509581ebd83f9b59cced005b7db7ad2d22b0db99f"},
-    {file = "urllib3-2.6.0.tar.gz", hash = "sha256:cb9bcef5a4b345d5da5d145dc3e30834f58e8018828cbc724d30b4cb7d4d49f1"},
+    {file = "urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"},
+    {file = "urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760"},
 ]

 [package.extras]
-brotli = ["brotli (>=1.2.0) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=1.2.0.0) ; platform_python_implementation != \"CPython\""]
+brotli = ["brotli (>=1.0.9) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\""]
 h2 = ["h2 (>=4,<5)"]
 socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"]
-zstd = ["backports-zstd (>=1.0.0) ; python_version < \"3.14\""]
+zstd = ["zstandard (>=0.18.0)"]

 [metadata]
 lock-version = "2.1"
 python-versions = "^3.11"
-content-hash = "1ea6e10e22c41f9d2354512ef74ef21deb442141ed65922a97d129d55f877b9f"
+content-hash = "0e4cfaa291f1dd0ebfb71b35c86b9716fb0544c2f236fc0e9cde6cd4b73c2953"
@@ -11,10 +11,10 @@ pyyaml = "^6.0.3"
 jsonschema = "^4.25.1"
 requests = "^2.32.5"
 ruamel-yaml = "^0.18.16"
-pydantic = "^2.12.5"
+pydantic = "^2.12.3"
 typer = "^0.20.0"
-hypothesis = "^6.148.7"
-pytest = "^9.0.2"
+hypothesis = "^6.148.2"
+pytest = "^9.0.1"


 [build-system]
Author	SHA1	Message	Date
Hare Sudhan	0bb6dd34c3	update	2025-11-28 22:36:47 -05:00
Hare Sudhan	3cb6966dee	pre-commit checks	2025-11-26 00:13:06 -05:00