From 95a5bbc3360fd382f009c0477decb373c63a2c02 Mon Sep 17 00:00:00 2001
From: Swelc <shane@swelcher.com>
Date: Fri, 29 Jun 2018 06:54:04 -0500
Subject: [PATCH] T1083 added additional file system enumeration techniques

---
 atomics/T1083/T1083.yaml | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/atomics/T1083/T1083.yaml b/atomics/T1083/T1083.yaml
index aa3ff4ed..ed152e5f 100644
--- a/atomics/T1083/T1083.yaml
+++ b/atomics/T1083/T1083.yaml
@@ -5,7 +5,7 @@ display_name: File and Directory Discovery
 atomic_tests:
 - name: File and Directory Discovery
   description: |
-    Find or discovery files on the file system
+    Find or discover files on the file system
 
   supported_platforms:
     - windows
@@ -22,9 +22,23 @@ atomic_tests:
      dir "%userprofile%\Desktop\*.*" >> %temp%\download
      tree /F >> %temp%\download
 
-- name: nix file and diectory discovery
+- name: File and Directory Discovery
   description: |
-    Find or discovery files on the file system
+    Find or discover files on the file system
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: powershell
+    command: |
+      ls -recurse
+      get-childitem -recurse
+      gci -recurse
+
+- name: Nix File and Diectory Discovery
+  description: |
+    Find or discover files on the file system
 
     References:
 
@@ -44,11 +58,13 @@ atomic_tests:
       file */* *>> ../files.txt
       find . -type f
       ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
+      locate *
+      which sh
 
 
-- name: nix file and diectory discovery
+- name: Nix File and Directory Discovery
   description: |
-    Find or discovery files on the file system
+    Find or discover files on the file system
 
   supported_platforms:
     - macos