From 9a00a05ba0297dc252c43dfcd694bd98da0f4257 Mon Sep 17 00:00:00 2001
From: Tony M Lambert <tmlambert@littlefed.local>
Date: Fri, 19 Oct 2018 16:11:36 -0400
Subject: [PATCH] Added tests for hidden and system file hiding using
 attrib.exe

---
 atomics/T1158/T1158.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/atomics/T1158/T1158.yaml b/atomics/T1158/T1158.yaml
index d7e1624f..89101812 100644
--- a/atomics/T1158/T1158.yaml
+++ b/atomics/T1158/T1158.yaml
@@ -49,6 +49,40 @@ atomic_tests:
     command: |
       mv #{filename} .#{output_filename}
 
+- name: Create Windows System File with Attrib
+  description: |
+    Creates a file and marks it as a system file using the attrib.exe utility.
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    filename:
+      description: path of file to hide
+      type: path
+      default: "C:\Windows\Temp\sensitive_file.txt"
+  executor:
+    name: command_prompt
+    command: |
+      attrib.exe +s #{filename}
+
+- name: Create Windows Hidden File with Attrib
+  description: |
+    Creates a file and marks it as hidden using the attrib.exe utility.
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    filename:
+      description: path of file to hide
+      type: path
+      default: "C:\Windows\Temp\sensitive_file.txt"
+  executor:
+    name: command_prompt
+    command: |
+      attrib.exe +h #{filename}
+
 - name: Hidden files
   description: |
     Requieres Apple Dev Tools