diff --git a/Linux/Discovery/File_and_Directory_Discovery.md b/Linux/Discovery/File_and_Directory_Discovery.md
deleted file mode 100644
index a3073ac6..00000000
--- a/Linux/Discovery/File_and_Directory_Discovery.md
+++ /dev/null
@@ -1,19 +0,0 @@
-#File and Directory Discovery
-
-## MITRE ATT&CK Technique: [T1083](https://attack.mitre.org/wiki/Technique/T1083)
-
-Output a directory tree listing :
-
- cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
-
-List Mounted File Systems and Paths
-
- cat /etc/mtab > /tmp/loot.txt
-
-Find pdfs on a machine
-
- find . -type f -iname *.pdf > /tmp/loot.txt
-
-Find hidden files on a machine
-
- find . -type f -name ".*"
diff --git a/Linux/Discovery/Process_Discovery.md b/Linux/Discovery/Process_Discovery.md
deleted file mode 100644
index 6d62576a..00000000
--- a/Linux/Discovery/Process_Discovery.md
+++ /dev/null
@@ -1,14 +0,0 @@
-## Process Discovery
-
-MITRE ATT&CK Technique: [T1057](https://attack.mitre.org/wiki/Technique/T1057)
-
-
-### Process Discovery
-
-Input:
-
- ps >> /tmp/loot.txt
-
-Input:
-
- ps aux >> /tmp/loot.txt
diff --git a/Linux/Discovery/Remote_System_Discovery.md b/Linux/Discovery/Remote_System_Discovery.md
deleted file mode 100644
index 6dd4ab12..00000000
--- a/Linux/Discovery/Remote_System_Discovery.md
+++ /dev/null
@@ -1,18 +0,0 @@
-## Remote System Discovery
-
-MITRE ATT&CK Technique: [T1018](https://attack.mitre.org/wiki/Technique/T1018)
-
-
-### arp
-
-Input:
-
- arp -a | grep -v '^?'
-
-
-### Network scanning
-
-
-Input:
-
- for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip -o; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done
diff --git a/Linux/Discovery/System_Information_Discovery.md b/Linux/Discovery/System_Information_Discovery.md
deleted file mode 100644
index 90bb19d4..00000000
--- a/Linux/Discovery/System_Information_Discovery.md
+++ /dev/null
@@ -1,16 +0,0 @@
-# System Information Discovery
-
-MITRE ATT&CK Technique: [T1082](https://attack.mitre.org/wiki/Technique/T1082)
-
-List OS information:
-
- uname -a >> /tmp/loot.txt
-
-List OS specific information:
-
- cat /etc/lsb-release >> /tmp/loot.txt
- cat /etc/redhat-release >> /tmp/loot.txt
-
-Show how long a machine has been running:
-
- uptime >> /tmp/loot.txt
diff --git a/Linux/Discovery/System_Network_Configuration_Discovery.md b/Linux/Discovery/System_Network_Configuration_Discovery.md
deleted file mode 100644
index 1947728c..00000000
--- a/Linux/Discovery/System_Network_Configuration_Discovery.md
+++ /dev/null
@@ -1,17 +0,0 @@
-## System Network Configuration Discovery
-
-MITRE ATT&CK Technique: [T1016](https://attack.mitre.org/wiki/Technique/T1016)
-
-### Network Data
-
-Input:
-
- arp -a
-
-Input:
-
- netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
-
-Input:
-
- ifconfig
diff --git a/atomics/T1082/T1082.md b/atomics/T1082/T1082.md
index 6eb8fd97..5853aedf 100644
--- a/atomics/T1082/T1082.md
+++ b/atomics/T1082/T1082.md
@@ -26,6 +26,8 @@ Permissions Required: User
- [Atomic Test #2 - System Information Discovery](#atomic-test-2---system-information-discovery)
+- [Atomic Test #3 - List OS Information](#atomic-test-3---list-os-information)
+
@@ -56,3 +58,19 @@ system_profiler
ls -al /Applications
```
+
+
+## Atomic Test #3 - List OS Information
+Identify System Info
+
+**Supported Platforms:** Linux, macOS
+
+
+#### Run it with `sh`!
+```
+uname -a >> /tmp/loot.txt
+cat /etc/lsb-release >> /tmp/loot.txt
+cat /etc/redhat-release >> /tmp/loot.txt
+uptime >> /tmp/loot.txt
+```
+
diff --git a/atomics/T1082/T1082.yaml b/atomics/T1082/T1082.yaml
index 6bd2d94a..7bac7828 100644
--- a/atomics/T1082/T1082.yaml
+++ b/atomics/T1082/T1082.yaml
@@ -30,3 +30,19 @@ atomic_tests:
systemsetup
system_profiler
ls -al /Applications
+
+- name: List OS Information
+ description: |
+ Identify System Info
+
+ supported_platforms:
+ - linux
+ - macos
+
+ executor:
+ name: sh
+ command: |
+ uname -a >> /tmp/loot.txt
+ cat /etc/lsb-release >> /tmp/loot.txt
+ cat /etc/redhat-release >> /tmp/loot.txt
+ uptime >> /tmp/loot.txt
diff --git a/atomics/T1083/T1083.md b/atomics/T1083/T1083.md
index 37a27bff..b1da1314 100644
--- a/atomics/T1083/T1083.md
+++ b/atomics/T1083/T1083.md
@@ -28,6 +28,8 @@ System Requirements: Some folders may require Administrator, SYSTEM or specific
- [Atomic Test #2 - nix file and diectory discovery](#atomic-test-2---nix-file-and-diectory-discovery)
+- [Atomic Test #3 - nix file and diectory discovery](#atomic-test-3---nix-file-and-diectory-discovery)
+
@@ -72,3 +74,19 @@ find . -type f
ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
```
+
+
+## Atomic Test #3 - nix file and diectory discovery
+Find or discovery files on the file system
+
+**Supported Platforms:** macOS, Linux
+
+
+#### Run it with `sh`!
+```
+cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
+cat /etc/mtab > /tmp/loot.txt
+find . -type f -iname *.pdf > /tmp/loot.txt
+find . -type f -name ".*"
+```
+
diff --git a/atomics/T1083/T1083.yaml b/atomics/T1083/T1083.yaml
index 41db0264..db4aea4d 100644
--- a/atomics/T1083/T1083.yaml
+++ b/atomics/T1083/T1083.yaml
@@ -44,3 +44,20 @@ atomic_tests:
file */* *>> ../files.txt
find . -type f
ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
+
+
+- name: nix file and diectory discovery
+ description: |
+ Find or discovery files on the file system
+
+ supported_platforms:
+ - macos
+ - linux
+
+ executor:
+ name: sh
+ command: |
+ cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
+ cat /etc/mtab > /tmp/loot.txt
+ find . -type f -iname *.pdf > /tmp/loot.txt
+ find . -type f -name ".*"
diff --git a/atomics/index.md b/atomics/index.md
index cb88aaa0..8d2b3086 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -289,6 +289,7 @@
- [T1083 File and Directory Discovery](./T1083/T1083.md)
- Atomic Test #1: File and Directory Discovery [windows]
- Atomic Test #2: nix file and diectory discovery [macos, linux]
+ - Atomic Test #3: nix file and diectory discovery [macos, linux]
- [T1046 Network Service Scanning](./T1046/T1046.md)
- Atomic Test #1: Scan a bunch of ports to see if they are open [linux, macos]
- [T1135 Network Share Discovery](./T1135/T1135.md)
@@ -314,6 +315,7 @@
- [T1082 System Information Discovery](./T1082/T1082.md)
- Atomic Test #1: System Information Discovery [windows]
- Atomic Test #2: System Information Discovery [linux, macos]
+ - Atomic Test #3: List OS Information [linux, macos]
- [T1016 System Network Configuration Discovery](./T1016/T1016.md)
- Atomic Test #1: System Network Configuration Discovery [windows]
- Atomic Test #2: System Network Configuration Discovery [macos, linux]
diff --git a/atomics/linux-index.md b/atomics/linux-index.md
index 317ce7ed..216b8004 100644
--- a/atomics/linux-index.md
+++ b/atomics/linux-index.md
@@ -32,6 +32,7 @@
- [T1217 Browser Bookmark Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1083 File and Directory Discovery](./T1083/T1083.md)
- Atomic Test #2: nix file and diectory discovery [macos, linux]
+ - Atomic Test #3: nix file and diectory discovery [macos, linux]
- [T1046 Network Service Scanning](./T1046/T1046.md)
- Atomic Test #1: Scan a bunch of ports to see if they are open [linux, macos]
- [T1201 Password Policy Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
@@ -44,6 +45,7 @@
- Atomic Test #5: Remote System Discovery - sweep [linux, macos]
- [T1082 System Information Discovery](./T1082/T1082.md)
- Atomic Test #2: System Information Discovery [linux, macos]
+ - Atomic Test #3: List OS Information [linux, macos]
- [T1016 System Network Configuration Discovery](./T1016/T1016.md)
- Atomic Test #2: System Network Configuration Discovery [macos, linux]
- [T1049 System Network Connections Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
diff --git a/atomics/macos-index.md b/atomics/macos-index.md
index d71c2381..bb02f176 100644
--- a/atomics/macos-index.md
+++ b/atomics/macos-index.md
@@ -57,6 +57,7 @@
- [T1217 Browser Bookmark Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1083 File and Directory Discovery](./T1083/T1083.md)
- Atomic Test #2: nix file and diectory discovery [macos, linux]
+ - Atomic Test #3: nix file and diectory discovery [macos, linux]
- [T1046 Network Service Scanning](./T1046/T1046.md)
- Atomic Test #1: Scan a bunch of ports to see if they are open [linux, macos]
- [T1135 Network Share Discovery](./T1135/T1135.md)
@@ -73,6 +74,7 @@
- Atomic Test #3: Security Software Discovery - ps [linux, macos]
- [T1082 System Information Discovery](./T1082/T1082.md)
- Atomic Test #2: System Information Discovery [linux, macos]
+ - Atomic Test #3: List OS Information [linux, macos]
- [T1016 System Network Configuration Discovery](./T1016/T1016.md)
- Atomic Test #2: System Network Configuration Discovery [macos, linux]
- [T1049 System Network Connections Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)