From 352f85ee32e84bd9ee2621aab9ae485ddf452595 Mon Sep 17 00:00:00 2001
From: Matt <138068996+MattDotL@users.noreply.github.com>
Date: Mon, 27 Nov 2023 16:55:44 -0500
Subject: [PATCH] Add test for keychain dump (#2620)

* Add test for keychain dump

* remove empty keys

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1555.001/T1555.001.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/atomics/T1555.001/T1555.001.yaml b/atomics/T1555.001/T1555.001.yaml
index 749afa1a..9b3dcbc7 100644
--- a/atomics/T1555.001/T1555.001.yaml
+++ b/atomics/T1555.001/T1555.001.yaml
@@ -28,3 +28,14 @@ atomic_tests:
       security find-certificate -a -p > #{cert_export}
       security import #{cert_export} -k
     name: sh
+
+- name: Keychain Dump 
+  description: |-
+    This command will dump keychain credential information from login.keychain. 
+    Source: https://www.loobins.io/binaries/security/
+  supported_platforms:
+  - macos
+  executor:
+    command: sudo security dump-keychain -d login.keychain
+    name: sh
+    elevation_required: true