diff --git a/atomics/T1158/T1158.md b/atomics/T1158/T1158.md
index ac99b26d..dd33472a 100644
--- a/atomics/T1158/T1158.md
+++ b/atomics/T1158/T1158.md
@@ -23,25 +23,19 @@ Many applications create these hidden files and folders to store information so
- [Atomic Test #2 - Mac Hidden file](#atomic-test-2---mac-hidden-file)
-- [Atomic Test #3 - Hidden file](#atomic-test-3---hidden-file)
+- [Atomic Test #3 - Create Windows System File with Attrib](#atomic-test-3---create-windows-system-file-with-attrib)
-- [Atomic Test #4 - Create Windows System File with Attrib](#atomic-test-4---create-windows-system-file-with-attrib)
+- [Atomic Test #4 - Create Windows Hidden File with Attrib](#atomic-test-4---create-windows-hidden-file-with-attrib)
-- [Atomic Test #5 - Create Windows Hidden File with Attrib](#atomic-test-5---create-windows-hidden-file-with-attrib)
+- [Atomic Test #5 - Hidden files](#atomic-test-5---hidden-files)
-- [Atomic Test #6 - Hidden files](#atomic-test-6---hidden-files)
+- [Atomic Test #6 - Hide a Directory](#atomic-test-6---hide-a-directory)
-- [Atomic Test #7 - Hide a Directory](#atomic-test-7---hide-a-directory)
+- [Atomic Test #7 - Show all hidden files](#atomic-test-7---show-all-hidden-files)
-- [Atomic Test #8 - Show all hidden files](#atomic-test-8---show-all-hidden-files)
+- [Atomic Test #8 - Create ADS command prompt](#atomic-test-8---create-ads-command-prompt)
-- [Atomic Test #9 - Create Visible Directories](#atomic-test-9---create-visible-directories)
-
-- [Atomic Test #10 - Create hidden directories and files](#atomic-test-10---create-hidden-directories-and-files)
-
-- [Atomic Test #11 - Create ADS command prompt](#atomic-test-11---create-ads-command-prompt)
-
-- [Atomic Test #12 - Create ADS PowerShell](#atomic-test-12---create-ads-powershell)
+- [Atomic Test #9 - Create ADS PowerShell](#atomic-test-9---create-ads-powershell)
@@ -54,11 +48,15 @@ Creates a hidden file inside a hidden directory
#### Run it with `sh`!
```
-mkdir .hidden-directory
-echo "this file is hidden" > .hidden-directory/.hidden-file
+mkdir /var/tmp/.hidden-directory
+echo "T1158" > /var/tmp/.hidden-directory/.hidden-file
```
+#### Cleanup Commands:
+```
+rm -rf /var/tmp/.hidden-directory/
+```
@@ -71,7 +69,7 @@ Hide a file on MacOS
#### Run it with `sh`!
```
-sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00 40 00 FF FF FF FF 00 00"
+xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00 40 00 FF FF FF FF 00 00"
```
@@ -79,71 +77,49 @@ sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00 40 00 FF
-## Atomic Test #3 - Hidden file
-mv file to a .file
-
-**Supported Platforms:** macOS, Linux
-
-
-#### Inputs
-| Name | Description | Type | Default Value |
-|------|-------------|------|---------------|
-| filename | path of file to hide | path | /tmp/evil|
-| output_filename | output path of file | path | /tmp/evil|
-
-#### Run it with `sh`!
-```
-mv #{filename} .#{output_filename}
-```
-
-
-
-
-
-
-## Atomic Test #4 - Create Windows System File with Attrib
+## Atomic Test #3 - Create Windows System File with Attrib
Creates a file and marks it as a system file using the attrib.exe utility.
**Supported Platforms:** Windows
-#### Inputs
-| Name | Description | Type | Default Value |
-|------|-------------|------|---------------|
-| filename | path of file to mark as system | path | C:\Temp\sensitive_file.txt|
-
-#### Run it with `command_prompt`!
+#### Run it with `command_prompt`! Elevation Required (e.g. root or admin)
```
-attrib.exe +s #{filename}
+echo T1158 > %TEMP%\T1158.txt
+attrib.exe +s %TEMP%\T1158.txt
```
+#### Cleanup Commands:
+```
+del /A:S %TEMP%\T1158.txt
+```
-## Atomic Test #5 - Create Windows Hidden File with Attrib
+## Atomic Test #4 - Create Windows Hidden File with Attrib
Creates a file and marks it as hidden using the attrib.exe utility.
**Supported Platforms:** Windows
-#### Inputs
-| Name | Description | Type | Default Value |
-|------|-------------|------|---------------|
-| filename | path of file to mark as hidden | path | C:\Temp\sensitive_file.txt|
-
#### Run it with `command_prompt`!
```
-attrib.exe +h #{filename}
+echo T1158_hidden > %TEMP%\T1158_hidden.txt
+attrib.exe +h %TEMP%\T1158_hidden.txt
```
+#### Cleanup Commands:
+```
+del /A:H %TEMP%\T1158_hidden.txt
+```
-## Atomic Test #6 - Hidden files
+## Atomic Test #5 - Hidden files
Requires Apple Dev Tools
**Supported Platforms:** macOS
@@ -164,28 +140,28 @@ setfile -a V #{filename}
-## Atomic Test #7 - Hide a Directory
+## Atomic Test #6 - Hide a Directory
Hide a directory on MacOS
**Supported Platforms:** macOS
-#### Inputs
-| Name | Description | Type | Default Value |
-|------|-------------|------|---------------|
-| filename | path of file to hide | path | /tmp/evil|
-
#### Run it with `sh`!
```
-chflags hidden #{filename}
+touch /var/tmp/T1158_mac.txt
+chflags hidden /var/tmp/T1158_mac.txt
```
+#### Cleanup Commands:
+```
+rm /var/tmp/T1158_mac.txt
+```
-## Atomic Test #8 - Show all hidden files
+## Atomic Test #7 - Show all hidden files
Show all hidden files on MacOS
**Supported Platforms:** macOS
@@ -197,49 +173,15 @@ defaults write com.apple.finder AppleShowAllFiles YES
```
-
-
-
-
-## Atomic Test #9 - Create Visible Directories
-Create visible directories on MacOS and Linux
-
-**Supported Platforms:** macOS, Linux
-
-
-#### Run it with `sh`!
+#### Cleanup Commands:
```
-mkdir visible-directory
-echo "this file is visible" > visible-directory/visible-file
-ls
-ls visible-directory
+defaults write com.apple.finder AppleShowAllFiles NO
```
-
-
-## Atomic Test #10 - Create hidden directories and files
-Create hidden directories and files on Nix platforms
-
-**Supported Platforms:** macOS, Linux
-
-
-#### Run it with `sh`!
-```
-mkdir .hidden-directory
-echo "this file is hidden" > .hidden-directory/.hidden-file
-ls -la
-ls -la .hidden-directory
-```
-
-
-
-
-
-
-## Atomic Test #11 - Create ADS command prompt
+## Atomic Test #8 - Create ADS command prompt
Create an Alternate Data Stream with the command prompt. Write access is required.
**Supported Platforms:** Windows
@@ -267,7 +209,7 @@ del #{file_name}
-## Atomic Test #12 - Create ADS PowerShell
+## Atomic Test #9 - Create ADS PowerShell
Create an Alternate Data Stream with PowerShell. Write access is required.
**Supported Platforms:** Windows
@@ -288,5 +230,9 @@ ls -Recurse | %{ gi $_.Fullname -stream *} | where stream -ne ':$Data' | Select-
```
+#### Cleanup Commands:
+```
+Remove-Item -Path #{file_name}
+```
diff --git a/atomics/index.md b/atomics/index.md
index 3d9fc0cc..2cfaed6c 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -51,16 +51,13 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- - Atomic Test #3: Hidden file [macos, linux]
- - Atomic Test #4: Create Windows System File with Attrib [windows]
- - Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- - Atomic Test #6: Hidden files [macos]
- - Atomic Test #7: Hide a Directory [macos]
- - Atomic Test #8: Show all hidden files [macos]
- - Atomic Test #9: Create Visible Directories [macos, linux]
- - Atomic Test #10: Create hidden directories and files [macos, linux]
- - Atomic Test #11: Create ADS command prompt [windows]
- - Atomic Test #12: Create ADS PowerShell [windows]
+ - Atomic Test #3: Create Windows System File with Attrib [windows]
+ - Atomic Test #4: Create Windows Hidden File with Attrib [windows]
+ - Atomic Test #5: Hidden files [macos]
+ - Atomic Test #6: Hide a Directory [macos]
+ - Atomic Test #7: Show all hidden files [macos]
+ - Atomic Test #8: Create ADS command prompt [windows]
+ - Atomic Test #9: Create ADS PowerShell [windows]
- [T1179 Hooking](./T1179/T1179.md)
- Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages [windows]
- [T1062 Hypervisor](./T1062/T1062.md)
@@ -260,16 +257,13 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- - Atomic Test #3: Hidden file [macos, linux]
- - Atomic Test #4: Create Windows System File with Attrib [windows]
- - Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- - Atomic Test #6: Hidden files [macos]
- - Atomic Test #7: Hide a Directory [macos]
- - Atomic Test #8: Show all hidden files [macos]
- - Atomic Test #9: Create Visible Directories [macos, linux]
- - Atomic Test #10: Create hidden directories and files [macos, linux]
- - Atomic Test #11: Create ADS command prompt [windows]
- - Atomic Test #12: Create ADS PowerShell [windows]
+ - Atomic Test #3: Create Windows System File with Attrib [windows]
+ - Atomic Test #4: Create Windows Hidden File with Attrib [windows]
+ - Atomic Test #5: Hidden files [macos]
+ - Atomic Test #6: Hide a Directory [macos]
+ - Atomic Test #7: Show all hidden files [macos]
+ - Atomic Test #8: Create ADS command prompt [windows]
+ - Atomic Test #9: Create ADS PowerShell [windows]
- [T1147 Hidden Users](./T1147/T1147.md)
- Atomic Test #1: Hidden Users [macos]
- T1143 Hidden Window [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 78c3a341..b0968573 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -1661,9 +1661,13 @@ persistence:
- macos
executor:
name: sh
+ elevation_required: false
command: |
- mkdir .hidden-directory
- echo "this file is hidden" > .hidden-directory/.hidden-file
+ mkdir /var/tmp/.hidden-directory
+ echo "T1158" > /var/tmp/.hidden-directory/.hidden-file
+ cleanup_command: 'rm -rf /var/tmp/.hidden-directory/
+
+'
- name: Mac Hidden file
description: 'Hide a file on MacOS
@@ -1672,29 +1676,9 @@ persistence:
- macos
executor:
name: sh
- command: 'sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00
- 00 00 40 00 FF FF FF FF 00 00"
-
-'
- - name: Hidden file
- description: 'mv file to a .file
-
-'
- supported_platforms:
- - macos
- - linux
- input_arguments:
- filename:
- description: path of file to hide
- type: path
- default: "/tmp/evil"
- output_filename:
- description: output path of file
- type: path
- default: "/tmp/evil"
- executor:
- name: sh
- command: 'mv #{filename} .#{output_filename}
+ elevation_required: false
+ command: 'xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00
+ 40 00 FF FF FF FF 00 00"
'
- name: Create Windows System File with Attrib
@@ -1704,15 +1688,13 @@ persistence:
'
supported_platforms:
- windows
- input_arguments:
- filename:
- description: path of file to mark as system
- type: path
- default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
- elevation_required: false
- command: 'attrib.exe +s #{filename}
+ elevation_required: true
+ command: |
+ echo T1158 > %TEMP%\T1158.txt
+ attrib.exe +s %TEMP%\T1158.txt
+ cleanup_command: 'del /A:S %TEMP%\T1158.txt
'
- name: Create Windows Hidden File with Attrib
@@ -1721,15 +1703,13 @@ persistence:
'
supported_platforms:
- windows
- input_arguments:
- filename:
- description: path of file to mark as hidden
- type: path
- default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
elevation_required: false
- command: 'attrib.exe +h #{filename}
+ command: |
+ echo T1158_hidden > %TEMP%\T1158_hidden.txt
+ attrib.exe +h %TEMP%\T1158_hidden.txt
+ cleanup_command: 'del /A:H %TEMP%\T1158_hidden.txt
'
- name: Hidden files
@@ -1745,6 +1725,7 @@ persistence:
default: "/tmp/evil"
executor:
name: sh
+ elevation_required: false
command: 'setfile -a V #{filename}
'
@@ -1754,14 +1735,13 @@ persistence:
'
supported_platforms:
- macos
- input_arguments:
- filename:
- description: path of file to hide
- type: path
- default: "/tmp/evil"
executor:
name: sh
- command: 'chflags hidden #{filename}
+ elevation_required: false
+ command: |
+ touch /var/tmp/T1158_mac.txt
+ chflags hidden /var/tmp/T1158_mac.txt
+ cleanup_command: 'rm /var/tmp/T1158_mac.txt
'
- name: Show all hidden files
@@ -1772,37 +1752,13 @@ persistence:
- macos
executor:
name: sh
+ elevation_required: false
command: 'defaults write com.apple.finder AppleShowAllFiles YES
'
- - name: Create Visible Directories
- description: 'Create visible directories on MacOS and Linux
+ cleanup_command: 'defaults write com.apple.finder AppleShowAllFiles NO
'
- supported_platforms:
- - macos
- - linux
- executor:
- name: sh
- command: |
- mkdir visible-directory
- echo "this file is visible" > visible-directory/visible-file
- ls
- ls visible-directory
- - name: Create hidden directories and files
- description: 'Create hidden directories and files on Nix platforms
-
-'
- supported_platforms:
- - macos
- - linux
- executor:
- name: sh
- command: |
- mkdir .hidden-directory
- echo "this file is hidden" > .hidden-directory/.hidden-file
- ls -la
- ls -la .hidden-directory
- name: Create ADS command prompt
description: 'Create an Alternate Data Stream with the command prompt. Write
access is required.
@@ -1853,6 +1809,9 @@ persistence:
set-content -path #{file_name} -stream #{ads_filename} -value "test2"
set-content -path . -stream #{ads_filename} -value "test3"
ls -Recurse | %{ gi $_.Fullname -stream *} | where stream -ne ':$Data' | Select-Object pschildname
+ cleanup_command: 'Remove-Item -Path #{file_name}
+
+'
T1179:
technique:
x_mitre_data_sources:
@@ -7941,9 +7900,13 @@ defense-evasion:
- macos
executor:
name: sh
+ elevation_required: false
command: |
- mkdir .hidden-directory
- echo "this file is hidden" > .hidden-directory/.hidden-file
+ mkdir /var/tmp/.hidden-directory
+ echo "T1158" > /var/tmp/.hidden-directory/.hidden-file
+ cleanup_command: 'rm -rf /var/tmp/.hidden-directory/
+
+'
- name: Mac Hidden file
description: 'Hide a file on MacOS
@@ -7952,29 +7915,9 @@ defense-evasion:
- macos
executor:
name: sh
- command: 'sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00
- 00 00 40 00 FF FF FF FF 00 00"
-
-'
- - name: Hidden file
- description: 'mv file to a .file
-
-'
- supported_platforms:
- - macos
- - linux
- input_arguments:
- filename:
- description: path of file to hide
- type: path
- default: "/tmp/evil"
- output_filename:
- description: output path of file
- type: path
- default: "/tmp/evil"
- executor:
- name: sh
- command: 'mv #{filename} .#{output_filename}
+ elevation_required: false
+ command: 'xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00
+ 40 00 FF FF FF FF 00 00"
'
- name: Create Windows System File with Attrib
@@ -7984,15 +7927,13 @@ defense-evasion:
'
supported_platforms:
- windows
- input_arguments:
- filename:
- description: path of file to mark as system
- type: path
- default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
- elevation_required: false
- command: 'attrib.exe +s #{filename}
+ elevation_required: true
+ command: |
+ echo T1158 > %TEMP%\T1158.txt
+ attrib.exe +s %TEMP%\T1158.txt
+ cleanup_command: 'del /A:S %TEMP%\T1158.txt
'
- name: Create Windows Hidden File with Attrib
@@ -8001,15 +7942,13 @@ defense-evasion:
'
supported_platforms:
- windows
- input_arguments:
- filename:
- description: path of file to mark as hidden
- type: path
- default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
elevation_required: false
- command: 'attrib.exe +h #{filename}
+ command: |
+ echo T1158_hidden > %TEMP%\T1158_hidden.txt
+ attrib.exe +h %TEMP%\T1158_hidden.txt
+ cleanup_command: 'del /A:H %TEMP%\T1158_hidden.txt
'
- name: Hidden files
@@ -8025,6 +7964,7 @@ defense-evasion:
default: "/tmp/evil"
executor:
name: sh
+ elevation_required: false
command: 'setfile -a V #{filename}
'
@@ -8034,14 +7974,13 @@ defense-evasion:
'
supported_platforms:
- macos
- input_arguments:
- filename:
- description: path of file to hide
- type: path
- default: "/tmp/evil"
executor:
name: sh
- command: 'chflags hidden #{filename}
+ elevation_required: false
+ command: |
+ touch /var/tmp/T1158_mac.txt
+ chflags hidden /var/tmp/T1158_mac.txt
+ cleanup_command: 'rm /var/tmp/T1158_mac.txt
'
- name: Show all hidden files
@@ -8052,37 +7991,13 @@ defense-evasion:
- macos
executor:
name: sh
+ elevation_required: false
command: 'defaults write com.apple.finder AppleShowAllFiles YES
'
- - name: Create Visible Directories
- description: 'Create visible directories on MacOS and Linux
+ cleanup_command: 'defaults write com.apple.finder AppleShowAllFiles NO
'
- supported_platforms:
- - macos
- - linux
- executor:
- name: sh
- command: |
- mkdir visible-directory
- echo "this file is visible" > visible-directory/visible-file
- ls
- ls visible-directory
- - name: Create hidden directories and files
- description: 'Create hidden directories and files on Nix platforms
-
-'
- supported_platforms:
- - macos
- - linux
- executor:
- name: sh
- command: |
- mkdir .hidden-directory
- echo "this file is hidden" > .hidden-directory/.hidden-file
- ls -la
- ls -la .hidden-directory
- name: Create ADS command prompt
description: 'Create an Alternate Data Stream with the command prompt. Write
access is required.
@@ -8133,6 +8048,9 @@ defense-evasion:
set-content -path #{file_name} -stream #{ads_filename} -value "test2"
set-content -path . -stream #{ads_filename} -value "test3"
ls -Recurse | %{ gi $_.Fullname -stream *} | where stream -ne ':$Data' | Select-Object pschildname
+ cleanup_command: 'Remove-Item -Path #{file_name}
+
+'
T1147:
technique:
x_mitre_data_sources:
diff --git a/atomics/linux-index.md b/atomics/linux-index.md
index b1d581c3..3c5e581e 100644
--- a/atomics/linux-index.md
+++ b/atomics/linux-index.md
@@ -14,9 +14,6 @@
- Atomic Test #5: Create a new user in Linux with `root` UID and GID. [linux]
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- - Atomic Test #3: Hidden file [macos, linux]
- - Atomic Test #9: Create Visible Directories [macos, linux]
- - Atomic Test #10: Create hidden directories and files [macos, linux]
- T1525 Implant Container Image [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1215 Kernel Modules and Extensions](./T1215/T1215.md)
- Atomic Test #1: Linux - Load Kernel Module via insmod [centos, ubuntu, linux]
@@ -175,9 +172,6 @@
- Atomic Test #2: Mac HISTCONTROL [macos, linux]
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- - Atomic Test #3: Hidden file [macos, linux]
- - Atomic Test #9: Create Visible Directories [macos, linux]
- - Atomic Test #10: Create hidden directories and files [macos, linux]
- T1066 Indicator Removal from Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1070 Indicator Removal on Host](./T1070/T1070.md)
- Atomic Test #3: rm -rf [macos, linux]
diff --git a/atomics/macos-index.md b/atomics/macos-index.md
index cf506850..48afb3df 100644
--- a/atomics/macos-index.md
+++ b/atomics/macos-index.md
@@ -14,12 +14,9 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- - Atomic Test #3: Hidden file [macos, linux]
- - Atomic Test #6: Hidden files [macos]
- - Atomic Test #7: Hide a Directory [macos]
- - Atomic Test #8: Show all hidden files [macos]
- - Atomic Test #9: Create Visible Directories [macos, linux]
- - Atomic Test #10: Create hidden directories and files [macos, linux]
+ - Atomic Test #5: Hidden files [macos]
+ - Atomic Test #6: Hide a Directory [macos]
+ - Atomic Test #7: Show all hidden files [macos]
- [T1215 Kernel Modules and Extensions](./T1215/T1215.md)
- T1161 LC_LOAD_DYLIB Addition [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1159 Launch Agent](./T1159/T1159.md)
@@ -269,12 +266,9 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- - Atomic Test #3: Hidden file [macos, linux]
- - Atomic Test #6: Hidden files [macos]
- - Atomic Test #7: Hide a Directory [macos]
- - Atomic Test #8: Show all hidden files [macos]
- - Atomic Test #9: Create Visible Directories [macos, linux]
- - Atomic Test #10: Create hidden directories and files [macos, linux]
+ - Atomic Test #5: Hidden files [macos]
+ - Atomic Test #6: Hide a Directory [macos]
+ - Atomic Test #7: Show all hidden files [macos]
- [T1147 Hidden Users](./T1147/T1147.md)
- Atomic Test #1: Hidden Users [macos]
- T1143 Hidden Window [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index b1b2c84b..a381079a 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -67,10 +67,10 @@
- Atomic Test #7: attrib - Remove read-only attribute [windows]
- T1484 Group Policy Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- - Atomic Test #4: Create Windows System File with Attrib [windows]
- - Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- - Atomic Test #11: Create ADS command prompt [windows]
- - Atomic Test #12: Create ADS PowerShell [windows]
+ - Atomic Test #3: Create Windows System File with Attrib [windows]
+ - Atomic Test #4: Create Windows Hidden File with Attrib [windows]
+ - Atomic Test #8: Create ADS command prompt [windows]
+ - Atomic Test #9: Create ADS PowerShell [windows]
- T1143 Hidden Window [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1183 Image File Execution Options Injection](./T1183/T1183.md)
- Atomic Test #1: IFEO Add Debugger [windows]
@@ -274,10 +274,10 @@
- [T1044 File System Permissions Weakness](./T1044/T1044.md)
- Atomic Test #1: File System Permissions Weakness [windows]
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- - Atomic Test #4: Create Windows System File with Attrib [windows]
- - Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- - Atomic Test #11: Create ADS command prompt [windows]
- - Atomic Test #12: Create ADS PowerShell [windows]
+ - Atomic Test #3: Create Windows System File with Attrib [windows]
+ - Atomic Test #4: Create Windows Hidden File with Attrib [windows]
+ - Atomic Test #8: Create ADS command prompt [windows]
+ - Atomic Test #9: Create ADS PowerShell [windows]
- [T1179 Hooking](./T1179/T1179.md)
- Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages [windows]
- [T1062 Hypervisor](./T1062/T1062.md)