diff --git a/atomics/T1123/T1123.md b/atomics/T1123/T1123.md
index d49359de..881382d2 100644
--- a/atomics/T1123/T1123.md
+++ b/atomics/T1123/T1123.md
@@ -10,6 +10,8 @@ Malware or scripts may be used to interact with the devices through an available
 
 - [Atomic Test #2 - Registry artefact when application use microphone](#atomic-test-2---registry-artefact-when-application-use-microphone)
 
+- [Atomic Test #3 - using Quicktime Player](#atomic-test-3---using-quicktime-player)
+
 
 <br/>
 
@@ -22,22 +24,12 @@ Malware or scripts may be used to interact with the devices through an available
 **auto_generated_guid:** 9c3ad250-b185-4444-b5a9-d69218a10c95
 
 
-
-
-
-
 #### Attack Commands: Run with `powershell`! 
 
 
 ```powershell
 powershell.exe -Command WindowsAudioDevice-Powershell-Cmdlet
 ```
-
-
-
-
-
-
 <br/>
 <br/>
 
@@ -50,10 +42,6 @@ powershell.exe -Command WindowsAudioDevice-Powershell-Cmdlet
 **auto_generated_guid:** 7a21cce2-6ada-4f7c-afd9-e1e9c481e44a
 
 
-
-
-
-
 #### Attack Commands: Run with `command_prompt`! 
 
 
@@ -67,8 +55,31 @@ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\C
 reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\C:#Windows#Temp#atomic.exe /f
 ```
 
-
-
-
-
 <br/>
+
+## Atomic Test #3 - Using Quicktime Player
+
+
+**Supported Platforms:** macOS
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| filename | Location of the script | Path | PathToAtomicsFolder/T1123/src/T1123.sh|
+| audiofile | Location of the recorded audio file | Path | /tmp/T1123.m4a|
+| duration | Length of recording to make in seconds | Integer | 5|
+
+#### Attack Commands: Run with `sh`! 
+
+```sh
+#{filename} #{audiofile} #{duration}
+```
+
+#### Cleanup Commands:
+```sh
+if test -w #{audiofile}; then
+rm #{audiofile}
+fi
+```
+
+<br/>
\ No newline at end of file
diff --git a/atomics/T1123/T1123.yaml b/atomics/T1123/T1123.yaml
index 59755f5d..cc6f87c1 100644
--- a/atomics/T1123/T1123.yaml
+++ b/atomics/T1123/T1123.yaml
@@ -11,6 +11,7 @@ atomic_tests:
     command: |
       powershell.exe -Command WindowsAudioDevice-Powershell-Cmdlet
     name: powershell
+
 - name: Registry artefact when application use microphone
   auto_generated_guid: 7a21cce2-6ada-4f7c-afd9-e1e9c481e44a
   description: |
@@ -24,13 +25,15 @@ atomic_tests:
     cleanup_command: |
       reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\C:#Windows#Temp#atomic.exe /f
     name: command_prompt
-- name: using Quicktime
+
+- name: using Quicktime Player
   description: |
    Use AppleScript to get Quicktime Player to record an audio file from the default microphone.
 
    Should create a non-empty m4a file with sound from the microphone.
 
-   - requires Automation permissions but no additional microphone permissions.
+   - requires Automation permissions but no additional microphone permissions
+   - saves file in /tmp by default. Other locations likely to require more permissions.
   supported_platforms:
   - macos
   input_arguments:
@@ -41,14 +44,14 @@ atomic_tests:
     audiofile:
       description: Location of the recorded audio file
       type: Path
-      default: ./T1123.m4a
+      default: /tmp/T1123.m4a
     duration:
       description: Length of recording to make in seconds
       type: Integer
       default: 5
   executor:
     command: |
-      sh #{filename} #{duration}
+      sh #{filename} #{audiofile} #{duration}
     cleanup_command: |
       if test -w #{audiofile}; then
         rm #{audiofile}
diff --git a/atomics/T1123/src/T1123.sh b/atomics/T1123/src/T1123.sh
index 83ee6357..d0431534 100644
--- a/atomics/T1123/src/T1123.sh
+++ b/atomics/T1123/src/T1123.sh
@@ -1,18 +1,27 @@
-echo "Starting recording, make some noise for #{duration} seconds!"
+echo "Starting recording, make some noise for $2 seconds!"
 osascript -e '
     on run argv
         set theFilePath to POSIX path of item 1 of argv
-        set duration to item 2 of argv
+        set durn to item 2 of argv
         tell application "Quicktime Player"
             start (new audio recording)
-            delay duration
+            repeat durn times
+                log (durn)
+                delay 1
+                set durn to (durn - 1)
+            end repeat
             tell document "Audio Recording"
-                pause #do not stop else it becomes a different document
+                pause
                 save it in POSIX file theFilePath
                 stop
                 close
             end tell
+            close
         end tell
     end run
-'
-echo "Recording complete"
\ No newline at end of file
+' "$1" $2
+RECSIZE=`cat $1 | wc -c`
+if [ $RECSIZE -gt 100000 ]; then
+    echo "Recording complete"
+else echo "Failed" && exit 1
+fi
\ No newline at end of file