diff --git a/atomics/T1169/T1169.yaml b/atomics/T1169/T1169.yaml
new file mode 100644
index 00000000..79358a9b
--- /dev/null
+++ b/atomics/T1169/T1169.yaml
@@ -0,0 +1,20 @@
+---
+attack_technique: T1169
+display_name: SUDO
+
+atomic_tests:
+- name: Sudo usage
+  description: |
+    Common Sudo enumeration methods.
+
+  supported_platforms:
+    - macos
+    - linux
+
+  executor:
+    name: sh
+    command: |
+      sudo -l
+      sudo su
+      cat /etc/sudoers
+      vim /etc/sudoers