From 6e20b4ae650fcc50796be6d0e41ef17c616d7f53 Mon Sep 17 00:00:00 2001
From: VVX7 <info@vvx7.io>
Date: Sun, 20 Aug 2023 21:37:40 -0400
Subject: [PATCH 1/3] add get process ttp

---
 .../macos/get-running-processes/README.md     | 22 +++++++++++++++++++
 .../get-running-processes.yaml                | 20 +++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 ttps/discovery/macos/get-running-processes/README.md
 create mode 100644 ttps/discovery/macos/get-running-processes/get-running-processes.yaml

diff --git a/ttps/discovery/macos/get-running-processes/README.md b/ttps/discovery/macos/get-running-processes/README.md
new file mode 100644
index 0000000..1d87445
--- /dev/null
+++ b/ttps/discovery/macos/get-running-processes/README.md
@@ -0,0 +1,22 @@
+# macOS Get Running Processes
+
+![Meta TTP](https://img.shields.io/badge/Meta_TTP-blue)
+
+Utilize ps to view currently running processes.
+
+## Pre-requisites
+
+Ensure that ps is installed on the target system and that you have the necessary permissions to run it.
+
+## Examples
+
+Utilize ps to view currently running processes. This TTP does not produce artifacts, so it is not necessary to run the cleap up afterward:
+
+```bash
+ttpforge -c config.yaml \
+    run ttps/discovery/macos/get-running-processes/get-running-processes.yaml
+```
+
+## Steps
+
+1. **Run PS**: Execute ps to view currently running processes.
diff --git a/ttps/discovery/macos/get-running-processes/get-running-processes.yaml b/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
new file mode 100644
index 0000000..341f597
--- /dev/null
+++ b/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
@@ -0,0 +1,20 @@
+---
+name: Gather macOS running processes.
+description: |
+  This TTP uses ps to gather information about running processes on the system.
+mitre:
+  tactics:
+    - T0007 Collection
+  techniques:
+    - T1057 Process Discovery
+  subtechniques:
+    -
+steps:
+  - name: run-ps
+    inline: |
+      echo -e "===> Gathering running processes using ps..."
+      ps aux
+      echo "[+] DONE!"
+    cleanup:
+      inline: |
+        echo "No cleanup required for this TTP..."
\ No newline at end of file

From 1e5eeea7dbdc296ab59ddbed0f0c229e4d9b2b19 Mon Sep 17 00:00:00 2001
From: VVX7 <info@vvx7.io>
Date: Sun, 20 Aug 2023 22:51:12 -0400
Subject: [PATCH 2/3] precommit formatting changes

---
 ttps/discovery/macos/get-running-processes/README.md          | 3 ++-
 .../macos/get-running-processes/get-running-processes.yaml    | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ttps/discovery/macos/get-running-processes/README.md b/ttps/discovery/macos/get-running-processes/README.md
index 1d87445..8a2f512 100644
--- a/ttps/discovery/macos/get-running-processes/README.md
+++ b/ttps/discovery/macos/get-running-processes/README.md
@@ -10,7 +10,8 @@ Ensure that ps is installed on the target system and that you have the necessary
 
 ## Examples
 
-Utilize ps to view currently running processes. This TTP does not produce artifacts, so it is not necessary to run the cleap up afterward:
+Utilize ps to view currently running processes. This TTP does not produce artifacts,
+so it is not necessary to run the cleap up afterward:
 
 ```bash
 ttpforge -c config.yaml \
diff --git a/ttps/discovery/macos/get-running-processes/get-running-processes.yaml b/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
index 341f597..1061f09 100644
--- a/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
+++ b/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
@@ -9,12 +9,14 @@ mitre:
     - T1057 Process Discovery
   subtechniques:
     -
+
 steps:
   - name: run-ps
     inline: |
       echo -e "===> Gathering running processes using ps..."
       ps aux
       echo "[+] DONE!"
+
     cleanup:
       inline: |
-        echo "No cleanup required for this TTP..."
\ No newline at end of file
+        echo "No cleanup required for this TTP..."

From ddce8f45e9e8fab92f592d4c5794fbe2c5a678d3 Mon Sep 17 00:00:00 2001
From: VVX7 <info@vvx7.io>
Date: Mon, 21 Aug 2023 09:53:08 -0400
Subject: [PATCH 3/3] remove unused subtechnique; remove config switch

---
 ttps/discovery/macos/get-running-processes/README.md           | 3 +--
 .../macos/get-running-processes/get-running-processes.yaml     | 2 --
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/ttps/discovery/macos/get-running-processes/README.md b/ttps/discovery/macos/get-running-processes/README.md
index 8a2f512..1b517bb 100644
--- a/ttps/discovery/macos/get-running-processes/README.md
+++ b/ttps/discovery/macos/get-running-processes/README.md
@@ -14,8 +14,7 @@ Utilize ps to view currently running processes. This TTP does not produce artifa
 so it is not necessary to run the cleap up afterward:
 
 ```bash
-ttpforge -c config.yaml \
-    run ttps/discovery/macos/get-running-processes/get-running-processes.yaml
+ttpforge run ttps/discovery/macos/get-running-processes/get-running-processes.yaml
 ```
 
 ## Steps
diff --git a/ttps/discovery/macos/get-running-processes/get-running-processes.yaml b/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
index 1061f09..f63534b 100644
--- a/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
+++ b/ttps/discovery/macos/get-running-processes/get-running-processes.yaml
@@ -7,8 +7,6 @@ mitre:
     - T0007 Collection
   techniques:
     - T1057 Process Discovery
-  subtechniques:
-    -
 
 steps:
   - name: run-ps