diff --git a/atomics/T1156/T1156.md b/atomics/T1156/T1156.md
index 5a5f8439..3dbda9a2 100644
--- a/atomics/T1156/T1156.md
+++ b/atomics/T1156/T1156.md
@@ -24,7 +24,7 @@ Permissions Required: User, Administrator
## Atomic Test #1 - .bash_profile and .bashrc
xxx
-**Supported Platforms:** macOS
+**Supported Platforms:** macOS, Linux
#### Inputs
diff --git a/atomics/T1158/T1158.md b/atomics/T1158/T1158.md
index 988733be..8e8314bd 100644
--- a/atomics/T1158/T1158.md
+++ b/atomics/T1158/T1158.md
@@ -41,6 +41,10 @@ Permissions Required: User
- [Atomic Test #6 - Show all hidden files](#atomic-test-6---show-all-hidden-files)
+- [Atomic Test #7 - Create visible Directories](#atomic-test-7---create-visible-directories)
+
+- [Atomic Test #8 - Create hidden directories and files](#atomic-test-8---create-hidden-directories-and-files)
+
@@ -127,3 +131,35 @@ xxx
defaults write com.apple.finder AppleShowAllFiles YES
```
+
+
+## Atomic Test #7 - Create visible Directories
+xxx
+
+**Supported Platforms:** macOS, Linux
+
+
+#### Run it with `sh`!
+```
+mkdir visible-directory
+echo "this file is visible" > visible-directory/visible-file
+ls
+ls visible-directory
+```
+
+
+
+## Atomic Test #8 - Create hidden directories and files
+xxx
+
+**Supported Platforms:** macOS, Linux
+
+
+#### Run it with `sh`!
+```
+mkdir .hidden-directory
+echo "this file is hidden" > .hidden-directory/.hidden-file
+ls -la
+ls -la .hidden-directory
+```
+
diff --git a/atomics/index.md b/atomics/index.md
index 4af93d2a..0bf6845b 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -1,7 +1,7 @@
# All Atomic Tests by ATT&CK Tactic & Technique
# persistence
- [T1156 .bash_profile and .bashrc](./T1156/T1156.md)
- - Atomic Test #1: .bash_profile and .bashrc [macos]
+ - Atomic Test #1: .bash_profile and .bashrc [macos, linux]
- [T1015 Accessibility Features](./T1015/T1015.md)
- Atomic Test #1: Attaches Command Prompt As Debugger To Process [windows]
- [T1182 AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
@@ -37,6 +37,8 @@
- Atomic Test #4: Hidden files [macos]
- Atomic Test #5: Hide a Directory [macos]
- Atomic Test #6: Show all hidden files [macos]
+ - Atomic Test #7: Create visible Directories [macos, linux]
+ - Atomic Test #8: Create hidden directories and files [macos, linux]
- [T1179 Hooking](./T1179/T1179.md)
- Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages [windows]
- [T1062 Hypervisor](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
@@ -167,6 +169,8 @@
- Atomic Test #4: Hidden files [macos]
- Atomic Test #5: Hide a Directory [macos]
- Atomic Test #6: Show all hidden files [macos]
+ - Atomic Test #7: Create visible Directories [macos, linux]
+ - Atomic Test #8: Create hidden directories and files [macos, linux]
- [T1147 Hidden Users](./T1147/T1147.md)
- Atomic Test #1: Hidden Users [macos]
- [T1143 Hidden Window](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
diff --git a/atomics/linux-index.md b/atomics/linux-index.md
index 1eeb45d1..4f199149 100644
--- a/atomics/linux-index.md
+++ b/atomics/linux-index.md
@@ -1,6 +1,7 @@
# Linux Atomic Tests by ATT&CK Tactic & Technique
# persistence
- [T1156 .bash_profile and .bashrc](./T1156/T1156.md)
+ - Atomic Test #1: .bash_profile and .bashrc [macos, linux]
- [T1067 Bootkit](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1176 Browser Extensions](./T1176/T1176.md)
- Atomic Test #1: Chrome (Developer Mode) [linux, windows, macos]
@@ -11,6 +12,8 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #3: Hidden file [macos, linux]
+ - Atomic Test #7: Create visible Directories [macos, linux]
+ - Atomic Test #8: Create hidden directories and files [macos, linux]
- [T1215 Kernel Modules and Extensions](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1168 Local Job Scheduling](./T1168/T1168.md)
- Atomic Test #1: Cron Job [macos, centos, ubuntu, linux]
@@ -128,6 +131,8 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #3: Hidden file [macos, linux]
+ - Atomic Test #7: Create visible Directories [macos, linux]
+ - Atomic Test #8: Create hidden directories and files [macos, linux]
- [T1066 Indicator Removal from Tools](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1070 Indicator Removal on Host](./T1070/T1070.md)
- Atomic Test #3: rm -rf [macos, linux]
diff --git a/atomics/macos-index.md b/atomics/macos-index.md
index 5c0868e6..226b96b4 100644
--- a/atomics/macos-index.md
+++ b/atomics/macos-index.md
@@ -1,7 +1,7 @@
# macOS Atomic Tests by ATT&CK Tactic & Technique
# persistence
- [T1156 .bash_profile and .bashrc](./T1156/T1156.md)
- - Atomic Test #1: .bash_profile and .bashrc [macos]
+ - Atomic Test #1: .bash_profile and .bashrc [macos, linux]
- [T1176 Browser Extensions](./T1176/T1176.md)
- Atomic Test #1: Chrome (Developer Mode) [linux, windows, macos]
- Atomic Test #2: Chrome (Chrome Web Store) [linux, windows, macos]
@@ -16,6 +16,8 @@
- Atomic Test #4: Hidden files [macos]
- Atomic Test #5: Hide a Directory [macos]
- Atomic Test #6: Show all hidden files [macos]
+ - Atomic Test #7: Create visible Directories [macos, linux]
+ - Atomic Test #8: Create hidden directories and files [macos, linux]
- [T1215 Kernel Modules and Extensions](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1161 LC_LOAD_DYLIB Addition](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1159 Launch Agent](./T1159/T1159.md)
@@ -190,6 +192,8 @@
- Atomic Test #4: Hidden files [macos]
- Atomic Test #5: Hide a Directory [macos]
- Atomic Test #6: Show all hidden files [macos]
+ - Atomic Test #7: Create visible Directories [macos, linux]
+ - Atomic Test #8: Create hidden directories and files [macos, linux]
- [T1147 Hidden Users](./T1147/T1147.md)
- Atomic Test #1: Hidden Users [macos]
- [T1143 Hidden Window](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)