From 86a5c2faa03ea1eb006d5b7d439fea091dd5b7a8 Mon Sep 17 00:00:00 2001
From: Milad Cheraghi <82805580+CheraghiMilad@users.noreply.github.com>
Date: Wed, 1 Oct 2025 22:01:44 +0330
Subject: [PATCH] Identifying Network Shares - Linux (#3197)

Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
---
 atomics/T1083/T1083.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/atomics/T1083/T1083.yaml b/atomics/T1083/T1083.yaml
index fe156a28..a5b4747f 100644
--- a/atomics/T1083/T1083.yaml
+++ b/atomics/T1083/T1083.yaml
@@ -191,3 +191,14 @@ atomic_tests:
        echo "" | "#{plink_file}" "#{vm_host}" -ssh  -l "#{vm_user}" -pw "#{vm_pass}" -m "#{cli_script}"
     name: command_prompt
     elevation_required: false
+- name: Identifying Network Shares - Linux
+  auto_generated_guid:
+  description: |
+    If the system uses network file systems (e.g., NFS, CIFS), findmnt can help locate paths to remote shares.
+    Attackers may then attempt to access these shares for lateral movement or data exfiltration.
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      findmnt -t nfs
+    name: sh
\ No newline at end of file