diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 2c3bac55..a2bca221 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -272,10 +272,11 @@ defense-evasion,T1562.002,Disable Windows Event Logging,3,Impair Windows Audit L
 defense-evasion,T1562.002,Disable Windows Event Logging,4,Clear Windows Audit Policy Config,913c0e4e-4b37-4b78-ad0b-90e7b25010f6,command_prompt
 defense-evasion,T1562.004,Disable or Modify System Firewall,1,Disable firewall,80f5e701-f7a4-4d06-b140-26c8efd1b6b4,sh
 defense-evasion,T1562.004,Disable or Modify System Firewall,2,Disable Microsoft Defender Firewall,88d05800-a5e4-407e-9b53-ece4174f197f,command_prompt
-defense-evasion,T1562.004,Disable or Modify System Firewall,3,Allow SMB and RDP on Microsoft Defender Firewall,d9841bf8-f161-4c73-81e9-fd773a5ff8c1,command_prompt
-defense-evasion,T1562.004,Disable or Modify System Firewall,4,Opening ports for proxy - HARDRAIN,15e57006-79dd-46df-9bf9-31bc24fb5a80,command_prompt
-defense-evasion,T1562.004,Disable or Modify System Firewall,5,Open a local port through Windows Firewall to any profile,9636dd6e-7599-40d2-8eee-ac16434f35ed,powershell
-defense-evasion,T1562.004,Disable or Modify System Firewall,6,Allow Executable Through Firewall Located in Non-Standard Location,6f5822d2-d38d-4f48-9bfc-916607ff6b8c,powershell
+defense-evasion,T1562.004,Disable or Modify System Firewall,3,Disable Microsoft Defender Firewall via Registry,afedc8c4-038c-4d82-b3e5-623a95f8a612,command_prompt
+defense-evasion,T1562.004,Disable or Modify System Firewall,4,Allow SMB and RDP on Microsoft Defender Firewall,d9841bf8-f161-4c73-81e9-fd773a5ff8c1,command_prompt
+defense-evasion,T1562.004,Disable or Modify System Firewall,5,Opening ports for proxy - HARDRAIN,15e57006-79dd-46df-9bf9-31bc24fb5a80,command_prompt
+defense-evasion,T1562.004,Disable or Modify System Firewall,6,Open a local port through Windows Firewall to any profile,9636dd6e-7599-40d2-8eee-ac16434f35ed,powershell
+defense-evasion,T1562.004,Disable or Modify System Firewall,7,Allow Executable Through Firewall Located in Non-Standard Location,6f5822d2-d38d-4f48-9bfc-916607ff6b8c,powershell
 defense-evasion,T1562.001,Disable or Modify Tools,1,Disable syslog,4ce786f8-e601-44b5-bfae-9ebb15a7d1c8,sh
 defense-evasion,T1562.001,Disable or Modify Tools,2,Disable Cb Response,ae8943f7-0f8d-44de-962d-fbc2e2f03eb8,sh
 defense-evasion,T1562.001,Disable or Modify Tools,3,Disable SELinux,fc225f36-9279-4c39-b3f9-5141ab74f8d8,sh
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index cbe6e63b..f7877e90 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -186,10 +186,11 @@ defense-evasion,T1562.002,Disable Windows Event Logging,2,Kill Event Log Service
 defense-evasion,T1562.002,Disable Windows Event Logging,3,Impair Windows Audit Log Policy,5102a3a7-e2d7-4129-9e45-f483f2e0eea8,command_prompt
 defense-evasion,T1562.002,Disable Windows Event Logging,4,Clear Windows Audit Policy Config,913c0e4e-4b37-4b78-ad0b-90e7b25010f6,command_prompt
 defense-evasion,T1562.004,Disable or Modify System Firewall,2,Disable Microsoft Defender Firewall,88d05800-a5e4-407e-9b53-ece4174f197f,command_prompt
-defense-evasion,T1562.004,Disable or Modify System Firewall,3,Allow SMB and RDP on Microsoft Defender Firewall,d9841bf8-f161-4c73-81e9-fd773a5ff8c1,command_prompt
-defense-evasion,T1562.004,Disable or Modify System Firewall,4,Opening ports for proxy - HARDRAIN,15e57006-79dd-46df-9bf9-31bc24fb5a80,command_prompt
-defense-evasion,T1562.004,Disable or Modify System Firewall,5,Open a local port through Windows Firewall to any profile,9636dd6e-7599-40d2-8eee-ac16434f35ed,powershell
-defense-evasion,T1562.004,Disable or Modify System Firewall,6,Allow Executable Through Firewall Located in Non-Standard Location,6f5822d2-d38d-4f48-9bfc-916607ff6b8c,powershell
+defense-evasion,T1562.004,Disable or Modify System Firewall,3,Disable Microsoft Defender Firewall via Registry,afedc8c4-038c-4d82-b3e5-623a95f8a612,command_prompt
+defense-evasion,T1562.004,Disable or Modify System Firewall,4,Allow SMB and RDP on Microsoft Defender Firewall,d9841bf8-f161-4c73-81e9-fd773a5ff8c1,command_prompt
+defense-evasion,T1562.004,Disable or Modify System Firewall,5,Opening ports for proxy - HARDRAIN,15e57006-79dd-46df-9bf9-31bc24fb5a80,command_prompt
+defense-evasion,T1562.004,Disable or Modify System Firewall,6,Open a local port through Windows Firewall to any profile,9636dd6e-7599-40d2-8eee-ac16434f35ed,powershell
+defense-evasion,T1562.004,Disable or Modify System Firewall,7,Allow Executable Through Firewall Located in Non-Standard Location,6f5822d2-d38d-4f48-9bfc-916607ff6b8c,powershell
 defense-evasion,T1562.001,Disable or Modify Tools,10,Unload Sysmon Filter Driver,811b3e76-c41b-430c-ac0d-e2380bfaa164,command_prompt
 defense-evasion,T1562.001,Disable or Modify Tools,11,Uninstall Sysmon,a316fb2e-5344-470d-91c1-23e15c374edc,command_prompt
 defense-evasion,T1562.001,Disable or Modify Tools,12,AMSI Bypass - AMSI InitFailed,695eed40-e949-40e5-b306-b4031e4154bd,powershell
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 2c80658d..da7cfd0c 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -501,10 +501,11 @@
 - [T1562.004 Disable or Modify System Firewall](../../T1562.004/T1562.004.md)
   - Atomic Test #1: Disable firewall [linux]
   - Atomic Test #2: Disable Microsoft Defender Firewall [windows]
-  - Atomic Test #3: Allow SMB and RDP on Microsoft Defender Firewall [windows]
-  - Atomic Test #4: Opening ports for proxy - HARDRAIN [windows]
-  - Atomic Test #5: Open a local port through Windows Firewall to any profile [windows]
-  - Atomic Test #6: Allow Executable Through Firewall Located in Non-Standard Location [windows]
+  - Atomic Test #3: Disable Microsoft Defender Firewall via Registry [windows]
+  - Atomic Test #4: Allow SMB and RDP on Microsoft Defender Firewall [windows]
+  - Atomic Test #5: Opening ports for proxy - HARDRAIN [windows]
+  - Atomic Test #6: Open a local port through Windows Firewall to any profile [windows]
+  - Atomic Test #7: Allow Executable Through Firewall Located in Non-Standard Location [windows]
 - [T1562.001 Disable or Modify Tools](../../T1562.001/T1562.001.md)
   - Atomic Test #1: Disable syslog [linux]
   - Atomic Test #2: Disable Cb Response [linux]
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 7bc31d02..5441311e 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -361,10 +361,11 @@
   - Atomic Test #4: Clear Windows Audit Policy Config [windows]
 - [T1562.004 Disable or Modify System Firewall](../../T1562.004/T1562.004.md)
   - Atomic Test #2: Disable Microsoft Defender Firewall [windows]
-  - Atomic Test #3: Allow SMB and RDP on Microsoft Defender Firewall [windows]
-  - Atomic Test #4: Opening ports for proxy - HARDRAIN [windows]
-  - Atomic Test #5: Open a local port through Windows Firewall to any profile [windows]
-  - Atomic Test #6: Allow Executable Through Firewall Located in Non-Standard Location [windows]
+  - Atomic Test #3: Disable Microsoft Defender Firewall via Registry [windows]
+  - Atomic Test #4: Allow SMB and RDP on Microsoft Defender Firewall [windows]
+  - Atomic Test #5: Opening ports for proxy - HARDRAIN [windows]
+  - Atomic Test #6: Open a local port through Windows Firewall to any profile [windows]
+  - Atomic Test #7: Allow Executable Through Firewall Located in Non-Standard Location [windows]
 - [T1562.001 Disable or Modify Tools](../../T1562.001/T1562.001.md)
   - Atomic Test #10: Unload Sysmon Filter Driver [windows]
   - Atomic Test #11: Uninstall Sysmon [windows]
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 3e83219d..e4882d57 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -22379,6 +22379,23 @@ defense-evasion:
 '
         cleanup_command: 'netsh advfirewall set currentprofile state on >nul 2>&1
 
+'
+        name: command_prompt
+    - name: Disable Microsoft Defender Firewall via Registry
+      auto_generated_guid: afedc8c4-038c-4d82-b3e5-623a95f8a612
+      description: |
+        Disables the Microsoft Defender Firewall for the public profile via registry
+        Caution if you access remotely the host where the test runs! Especially with the cleanup command which will re-enable firewall for the current profile...
+      supported_platforms:
+      - windows
+      executor:
+        command: 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"
+          /v "EnableFirewall" /t REG_DWORD /d 0 /f
+
+'
+        cleanup_command: 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"
+          /v "EnableFirewall" /t REG_DWORD /d 1 /f
+
 '
         name: command_prompt
     - name: Allow SMB and RDP on Microsoft Defender Firewall
diff --git a/atomics/T1562.004/T1562.004.md b/atomics/T1562.004/T1562.004.md
index ea17f6a6..3c2b9eea 100644
--- a/atomics/T1562.004/T1562.004.md
+++ b/atomics/T1562.004/T1562.004.md
@@ -10,13 +10,15 @@ Modifying or disabling a system firewall may enable adversary C2 communications,
 
 - [Atomic Test #2 - Disable Microsoft Defender Firewall](#atomic-test-2---disable-microsoft-defender-firewall)
 
-- [Atomic Test #3 - Allow SMB and RDP on Microsoft Defender Firewall](#atomic-test-3---allow-smb-and-rdp-on-microsoft-defender-firewall)
+- [Atomic Test #3 - Disable Microsoft Defender Firewall via Registry](#atomic-test-3---disable-microsoft-defender-firewall-via-registry)
 
-- [Atomic Test #4 - Opening ports for proxy - HARDRAIN](#atomic-test-4---opening-ports-for-proxy---hardrain)
+- [Atomic Test #4 - Allow SMB and RDP on Microsoft Defender Firewall](#atomic-test-4---allow-smb-and-rdp-on-microsoft-defender-firewall)
 
-- [Atomic Test #5 - Open a local port through Windows Firewall to any profile](#atomic-test-5---open-a-local-port-through-windows-firewall-to-any-profile)
+- [Atomic Test #5 - Opening ports for proxy - HARDRAIN](#atomic-test-5---opening-ports-for-proxy---hardrain)
 
-- [Atomic Test #6 - Allow Executable Through Firewall Located in Non-Standard Location](#atomic-test-6---allow-executable-through-firewall-located-in-non-standard-location)
+- [Atomic Test #6 - Open a local port through Windows Firewall to any profile](#atomic-test-6---open-a-local-port-through-windows-firewall-to-any-profile)
+
+- [Atomic Test #7 - Allow Executable Through Firewall Located in Non-Standard Location](#atomic-test-7---allow-executable-through-firewall-located-in-non-standard-location)
 
 
 <br/>
@@ -84,7 +86,36 @@ netsh advfirewall set currentprofile state on >nul 2>&1
 <br/>
 <br/>
 
-## Atomic Test #3 - Allow SMB and RDP on Microsoft Defender Firewall
+## Atomic Test #3 - Disable Microsoft Defender Firewall via Registry
+Disables the Microsoft Defender Firewall for the public profile via registry
+Caution if you access remotely the host where the test runs! Especially with the cleanup command which will re-enable firewall for the current profile...
+
+**Supported Platforms:** Windows
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`! 
+
+
+```cmd
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f
+```
+
+#### Cleanup Commands:
+```cmd
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 1 /f
+```
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #4 - Allow SMB and RDP on Microsoft Defender Firewall
 Allow all SMB and RDP rules on the Microsoft Defender Firewall for all profiles.
 Caution if you access remotely the host where the test runs! Especially with the cleanup command which will reset the firewall and risk disabling those services...
 
@@ -114,7 +145,7 @@ netsh advfirewall reset >nul 2>&1
 <br/>
 <br/>
 
-## Atomic Test #4 - Opening ports for proxy - HARDRAIN
+## Atomic Test #5 - Opening ports for proxy - HARDRAIN
 This test creates a listening interface on a victim device. This tactic was used by HARDRAIN for proxying.
 
 reference: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf
@@ -144,7 +175,7 @@ netsh advfirewall firewall delete rule name="atomic testing" protocol=TCP localp
 <br/>
 <br/>
 
-## Atomic Test #5 - Open a local port through Windows Firewall to any profile
+## Atomic Test #6 - Open a local port through Windows Firewall to any profile
 This test will attempt to open a local port defined by input arguments to any profile
 
 **Supported Platforms:** Windows
@@ -177,7 +208,7 @@ netsh advfirewall firewall delete rule name="Open Port to Any" | Out-Null
 <br/>
 <br/>
 
-## Atomic Test #6 - Allow Executable Through Firewall Located in Non-Standard Location
+## Atomic Test #7 - Allow Executable Through Firewall Located in Non-Standard Location
 This test will attempt to allow an executable through the system firewall located in the Users directory
 
 **Supported Platforms:** Windows