diff --git a/atomics/T1070.002/T1070.002.md b/atomics/T1070.002/T1070.002.md
index 293d647d..193d21f0 100644
--- a/atomics/T1070.002/T1070.002.md
+++ b/atomics/T1070.002/T1070.002.md
@@ -4,7 +4,7 @@
Adversaries may clear system logs to hide evidence of an intrusion. macOS and Linux both keep track of system or user-initiated actions via system logs. The majority of native system logging is stored under the /var/log/ directory. Subfolders in this directory categorize logs by their related functions, such as:(Citation: Linux Logs)
-* /var/log/messages:: General and system-related messages
+* /var/log/messages: General and system-related messages
* /var/log/secure or /var/log/auth.log: Authentication logs
* /var/log/utmp or /var/log/wtmp: Login records
* /var/log/kern.log: Kernel logs
@@ -304,7 +304,7 @@ The first sub-test truncates the log file to zero bytes via /dev/null and the se
```sh
cat /dev/null > /var/log/messages #truncating the file to zero bytes
-cat /dev/zero > /var/lol/messages #log file filled with null bytes(zeros)
+cat /dev/zero > /var/log/messages #log file filled with null bytes(zeros)
```
@@ -782,8 +782,13 @@ This test overwrites the Linux mail spool of a specified user. This technique wa
```bash
echo 0> /var/spool/mail/#{username}
```
+or
+```
+: > /var/spool/mail/#{username}
+```
+(Using : as a no-op to truncate the file)
#### Dependencies: Run with `sh`!
diff --git a/atomics/T1070.002/T1070.002.yaml b/atomics/T1070.002/T1070.002.yaml
index 78bc6325..880e4eb6 100644
--- a/atomics/T1070.002/T1070.002.yaml
+++ b/atomics/T1070.002/T1070.002.yaml
@@ -127,7 +127,7 @@ atomic_tests:
executor:
command: |
cat /dev/null > /var/log/messages #truncating the file to zero bytes
- cat /dev/zero > /var/lol/messages #log file filled with null bytes(zeros)
+ cat /dev/zero > /var/log/messages #log file filled with null bytes(zeros)
name: sh
elevation_required: true