Generate docs from job=validate_atomics_generate_docs branch=master

atomics/T1003/T1003.md

@@ -264,7 +264,8 @@ Manager and administrative permissions.
 **Supported Platforms:** Windows
 
 
-#### Run it with these steps! 1. Open Task Manager:
+#### Run it with these steps! 
+1. Open Task Manager:
   On a Windows system this can be accomplished by pressing CTRL-ALT-DEL and selecting Task Manager or by right-clicking
   on the task bar and selecting "Task Manager".
 
@@ -294,7 +295,8 @@ Mimikatz. This tool is available at https://github.com/gentilkiwi/mimikatz.
 |------|-------------|------|---------------|
 | input_file | Path where resulting dump should be placed | Path | lsass_dump.dmp|
 
-#### Run it with these steps! 1. Open Mimikatz:
+#### Run it with these steps! 
+1. Open Mimikatz:
   Execute `mimikatz` at a command prompt.
 
 2. Select a Memory Dump:

atomics/T1037/T1037.md

@@ -46,7 +46,8 @@ Mac logon script
 **Supported Platforms:** macOS
 
 
-#### Run it with these steps! 1. Create the required plist file
+#### Run it with these steps! 
+1. Create the required plist file
 
     sudo touch /private/var/root/Library/Preferences/com.apple.loginwindow.plist
 

atomics/T1048/T1048.md

@@ -71,7 +71,8 @@ A firewall rule (iptables or firewalld) will be needed to allow exfiltration on
 **Supported Platforms:** macOS, CentOS, Ubuntu, Linux
 
 
-#### Run it with these steps! 1. Victim System Configuration:
+#### Run it with these steps! 
+1. Victim System Configuration:
 
     mkdir /tmp/victim-staging-area
     echo "this file will be exfiltrated" > /tmp/victim-staging-area/victim-file.txt

atomics/T1086/T1086.md

@@ -255,7 +255,8 @@ Invoke-DownloadCradle is used to generate Network and Endpoint artifacts.
 **Supported Platforms:** Windows
 
 
-#### Run it with these steps! 1. Open Powershell_ise as a Privileged Account
+#### Run it with these steps! 
+1. Open Powershell_ise as a Privileged Account
 2. Invoke-DownloadCradle.ps1
 
 

atomics/T1137/T1137.md

@@ -58,7 +58,8 @@ Word VBA Macro
 **Supported Platforms:** Windows
 
 
-#### Run it with these steps! 1. Open Word
+#### Run it with these steps! 
+1. Open Word
 
 2. Insert tab -> Quick Parts -> Field
 

atomics/T1148/T1148.md

@@ -39,7 +39,8 @@ xxx
 **Supported Platforms:** macOS, Linux
 
 
-#### Run it with these steps! 1. export HISTCONTROL=ignoreboth
+#### Run it with these steps! 
+1. export HISTCONTROL=ignoreboth
 2. echo export "HISTCONTROL=ignoreboth" >> ~/.bash_profile
 3. ls
 4. whoami > recon.txt

atomics/T1150/T1150.md

@@ -16,7 +16,8 @@ Modify MacOS plist file in one of two directories
 **Supported Platforms:** macOS
 
 
-#### Run it with these steps! 1. Modify a .plist in
+#### Run it with these steps! 
+1. Modify a .plist in
 
     /Library/Preferences
 

atomics/T1151/T1151.md

@@ -17,7 +17,8 @@ Space After Filename
 **Supported Platforms:** macOS
 
 
-#### Run it with these steps! 1. echo '#!/bin/bash\necho "print \"hello, world!\"" | /usr/bin/python\nexit' > execute.txt && chmod +x execute.txt
+#### Run it with these steps! 
+1. echo '#!/bin/bash\necho "print \"hello, world!\"" | /usr/bin/python\nexit' > execute.txt && chmod +x execute.txt
 
 2. mv execute.txt "execute.txt "
 

atomics/T1159/T1159.md

@@ -17,7 +17,8 @@ Create a plist and execute it
 **Supported Platforms:** macOS
 
 
-#### Run it with these steps! 1. Create file - .client
+#### Run it with these steps! 
+1. Create file - .client
 
 2. osascript -e 'tell app "Finder" to display dialog "Hello World"'
 

atomics/T1160/T1160.md

@@ -19,7 +19,8 @@ Utilize LaunchDaemon to launch `Hello World`
 **Supported Platforms:** macOS
 
 
-#### Run it with these steps! 1. Place the following file (com.example.hello) in /System/Library/LaunchDaemons or /Library/LaunchDaemons
+#### Run it with these steps! 
+1. Place the following file (com.example.hello) in /System/Library/LaunchDaemons or /Library/LaunchDaemons
 2.
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

atomics/T1164/T1164.md

@@ -21,7 +21,8 @@ Plist Method
 **Supported Platforms:** macOS
 
 
-#### Run it with these steps! 1. create a custom plist:
+#### Run it with these steps! 
+1. create a custom plist:
 
     ~/Library/Preferences/com.apple.loginwindow.plist
 

atomics/T1165/T1165.md

@@ -21,7 +21,8 @@ Modify or create an file in StartupItems
 **Supported Platforms:** macOS
 
 
-#### Run it with these steps! 1. /Library/StartupItems/StartupParameters.plist
+#### Run it with these steps! 
+1. /Library/StartupItems/StartupParameters.plist
 
 
 

atomics/T1166/T1166.md

@@ -26,7 +26,8 @@ Setuid and Setgid
 |------|-------------|------|---------------|
 | payload | hello.c payload | path | hello.c|
 
-#### Run it with these steps! 1. make hello
+#### Run it with these steps! 
+1. make hello
 
 2. sudo chown root hello
 

atomics/T1168/T1168.md

@@ -77,7 +77,8 @@ This test adds persistence via a plist to execute via the macOS Event Monitor Da
 **Supported Platforms:** macOS, CentOS, Ubuntu, Linux
 
 
-#### Run it with these steps! 1. Place this file in /etc/emond.d/rules/atomicredteam.plist
+#### Run it with these steps! 
+1. Place this file in /etc/emond.d/rules/atomicredteam.plist
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">

atomics/T1173/T1173.md

@@ -19,7 +19,8 @@ Executes commands via DDE using Microsfot Word
 **Supported Platforms:** Windows
 
 
-#### Run it with these steps! Open Microsoft Word
+#### Run it with these steps! 
+Open Microsoft Word
 
 Insert tab -> Quick Parts -> Field
 

atomics/T1176/T1176.md

@@ -21,7 +21,8 @@ xxx
 **Supported Platforms:** Linux, Windows, macOS
 
 
-#### Run it with these steps! 1. Navigate to [chrome://extensions](chrome://extensions) and
+#### Run it with these steps! 
+1. Navigate to [chrome://extensions](chrome://extensions) and
 tick 'Developer Mode'.
 
 2. Click 'Load unpacked extension...' and navigate to
@@ -42,7 +43,8 @@ xxx
 **Supported Platforms:** Linux, Windows, macOS
 
 
-#### Run it with these steps! 1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
+#### Run it with these steps! 
+1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
 in Chrome
 
 2. Click 'Add to Chrome'
@@ -60,7 +62,8 @@ Create a file called test.wma, with the duration of 30 seconds
 **Supported Platforms:** Linux, Windows, macOS
 
 
-#### Run it with these steps! 1. Navigate to [about:debugging](about:debugging) and
+#### Run it with these steps! 
+1. Navigate to [about:debugging](about:debugging) and
 click "Load Temporary Add-on"
 
 2. Navigate to [manifest.json](./manifest.json)

atomics/T1207/T1207.md

@@ -22,7 +22,8 @@ Utilize Mimikatz DCShadow method to simulate behavior of a Domain Controller
 **Supported Platforms:** Windows
 
 
-#### Run it with these steps! 1. Start Mimikatz and use !processtoken (and not token::elevate - as it elevates a thread) to escalate to SYSTEM.
+#### Run it with these steps! 
+1. Start Mimikatz and use !processtoken (and not token::elevate - as it elevates a thread) to escalate to SYSTEM.
 2. Start another mimikatz with DA privileges. This is the instance which registers a DC and is used to "push" the attributes.
 3. lsadump::dcshadow /object:ops-user19$ /attribute:userAccountControl /value:532480
 4. lsadump::dcshadow /push