that failed

atomics/atomic_doc_template.md.erb

@@ -10,6 +10,7 @@ MITRE ATT&CK Technique: [<%= technique['identifier'] %>](https://attack.mitre.or
 
 <% atomic_yaml['atomic_tests'].each_with_index do |test, test_number| -%>
 <br/>
+
 ## Atomic Test #<%= test_number+1 %> - <%= test['name'] %>
 <%= test['description'] -%>
 

atomics/t1046/t1046.md

@@ -6,6 +6,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Scan a bunch of ports to see if they are open
 xxx
 

atomics/t1087/t1087.md

@@ -14,6 +14,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - List all accounts
 xxx
 
@@ -32,6 +33,7 @@ cat /etc/passwd > #{output_file}
 ```
 <br/>
 <br/>
+
 ## Atomic Test #2 - View sudoers access
 xxx (requires root)
 
@@ -50,6 +52,7 @@ cat /etc/sudoers > #{output_file}
 ```
 <br/>
 <br/>
+
 ## Atomic Test #3 - View accounts with UID 0
 xxx
 
@@ -68,6 +71,7 @@ grep 'x:0:' /etc/passwd > #{output_file}
 ```
 <br/>
 <br/>
+
 ## Atomic Test #4 - List opened files by user
 xxx
 
@@ -81,6 +85,7 @@ username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
 ```
 <br/>
 <br/>
+
 ## Atomic Test #5 - Show if a user account has ever logger in remotely
 xxx
 

atomics/t1089/t1089.md

@@ -12,6 +12,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Disable iptables firewall
 Disables the iptables firewall
 
@@ -34,6 +35,7 @@ fi
 ```
 <br/>
 <br/>
+
 ## Atomic Test #2 - Disable syslog
 Disables syslog collection
 
@@ -54,6 +56,7 @@ fi
 ```
 <br/>
 <br/>
+
 ## Atomic Test #3 - Disable Cb Response
 Disable the Cb Response service
 
@@ -74,6 +77,7 @@ fi
 ```
 <br/>
 <br/>
+
 ## Atomic Test #4 - Disable SELinux
 Disables SELinux enforcement
 

atomics/t1099/t1099.md

@@ -10,6 +10,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Set a file's access timestamp
 Stomps on the access timestamp of a file
 
@@ -28,6 +29,7 @@ touch -a -t 197001010000.00 #{target_filename}
 ```
 <br/>
 <br/>
+
 ## Atomic Test #2 - Set a file's modification timestamp
 Stomps on the modification timestamp of a file
 
@@ -46,6 +48,7 @@ touch -m -t 197001010000.00 #{target_filename}
 ```
 <br/>
 <br/>
+
 ## Atomic Test #3 - Set a file's creation timestamp
 Stomps on the create timestamp of a file
 

atomics/t1105/t1105.md

@@ -6,6 +6,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - xxxx
 xxxx
 

atomics/t1123/t1123.md

@@ -8,6 +8,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - SourceRecorder via Windows command prompt
 Create a file called test.wma, with the duration of 30 seconds
 
@@ -27,6 +28,7 @@ SoundRecorder /FILE #{output_file} /DURATION #{duration_hms}
 ```
 <br/>
 <br/>
+
 ## Atomic Test #2 - PowerShell Cmdlet via Windows command prompt
 [AudioDeviceCmdlets](https://github.com/cdhunt/WindowsAudioDevice-Powershell-Cmdlet)
 

atomics/t1130/t1130.md

@@ -6,6 +6,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Install root CA on CentOS/RHEL
 Creates a root CA with openssl
 

atomics/t1136/t1136.md

@@ -8,6 +8,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Create a user account on a Linux system
 Create a user via useradd
 
@@ -27,6 +28,7 @@ useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
 ```
 <br/>
 <br/>
+
 ## Atomic Test #2 - Create a user account on a MacOS system
 Creates a user on a MacOS system with dscl
 

atomics/t1139/t1139.md

@@ -6,6 +6,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - xxxx
 xxxx
 

atomics/t1146/t1146.md

@@ -16,6 +16,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Clear Bash history (rm)
 Clears bash history via rm
 
@@ -29,6 +30,7 @@ rm ~/.bash_history
 ```
 <br/>
 <br/>
+
 ## Atomic Test #2 - Clear Bash history (echo)
 Clears bash history via rm
 
@@ -42,6 +44,7 @@ echo "" > ~/.bash_history
 ```
 <br/>
 <br/>
+
 ## Atomic Test #3 - Clear Bash history (cat dev/null)
 Clears bash history via cat /dev/null
 
@@ -55,6 +58,7 @@ cat /dev/null > ~/.bash_history
 ```
 <br/>
 <br/>
+
 ## Atomic Test #4 - Clear Bash history (ln dev/null)
 Clears bash history via a symlink to /dev/null
 
@@ -68,6 +72,7 @@ ln -sf /dev/null ~/.bash_history
 ```
 <br/>
 <br/>
+
 ## Atomic Test #5 - Clear Bash history (truncate)
 Clears bash history via truncate
 
@@ -81,6 +86,7 @@ truncate -s0 ~/.bash_history
 ```
 <br/>
 <br/>
+
 ## Atomic Test #6 - Clear history of a bunch of shells
 Clears the history of a bunch of different shell types by setting the history size to zero
 

atomics/t1148/t1148.md

@@ -6,6 +6,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Disable history collection
 Disables history collection in shells
 

atomics/t1158/t1158.md

@@ -6,6 +6,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Create a hidden file in a hidden directory
 Creates a hidden file inside a hidden directory
 

atomics/t1176/t1176.md

@@ -10,6 +10,7 @@ MITRE ATT&CK Technique: [T1234](https://attack.mitre.org/wiki/Technique/T1234)
 
 
 <br/>
+
 ## Atomic Test #1 - Chrome (Developer Mode)
 xxx
 
@@ -28,6 +29,7 @@ tick 'Developer Mode'.
 
 <br/>
 <br/>
+
 ## Atomic Test #2 - Chrome (Chrome Web Store)
 xxx
 
@@ -43,6 +45,7 @@ in Chrome
 
 <br/>
 <br/>
+
 ## Atomic Test #3 - Firefox
 Create a file called test.wma, with the duration of 30 seconds