diff --git a/atomics/T1003.008/T1003.008.yaml b/atomics/T1003.008/T1003.008.yaml
index 68ddee87..491690de 100644
--- a/atomics/T1003.008/T1003.008.yaml
+++ b/atomics/T1003.008/T1003.008.yaml
@@ -38,3 +38,41 @@ atomic_tests:
     cleanup_command: |
       rm -f #{output_file}
     name: sh
+- name: Access /etc/{shadow,passwd} with a standard bin that's not cat
+  auto_generated_guid: df1a55ae-019d-4120-bc35-94f4bc5c4b0a
+  description: |
+    Dump /etc/passwd and /etc/shadow using ed
+  supported_platforms:
+    - linux
+  input_arguments:
+    output_file:
+      description: Path where captured results will be placed
+      type: Path
+      default: /tmp/T1003.008.txt
+  executor:
+    command: |
+      echo -e "e /etc/passwd\n,p\ne /etc/shadow\n,p\n" | ed > #{output_file}
+    cleanup_command: |
+      rm -f #{output_file}
+    name: bash
+    elevation_required: true
+- name: Access /etc/{shadow,passwd} with shell builtins
+  auto_generated_guid: f5aa6543-6cb2-4fae-b9c2-b96e14721713
+  description: |
+    Dump /etc/passwd and /etc/shadow using bash builtins
+  supported_platforms:
+    - linux
+  input_arguments:
+    output_file:
+      description: Path where captured results will be placed
+      type: Path
+      default: /tmp/T1003.008.txt
+  executor:
+    command: |
+      function testcat(){ echo "$(< $1)"; }
+      testcat /etc/passwd > #{output_file}
+      testcat /etc/shadow > #{output_file}
+    cleanup_command: |
+      rm -f #{output_file}
+    name: bash
+    elevation_required: true
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 67b6c4df..556998a4 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -821,3 +821,5 @@ f449c933-0891-407f-821e-7916a21a1a6f
 d3eda496-1fc0-49e9-aff5-3bec5da9fa22
 e42d33cd-205c-4acf-ab59-a9f38f6bad9c
 dddd4aca-bbed-46f0-984d-e4c5971c51ea
+f5aa6543-6cb2-4fae-b9c2-b96e14721713
+df1a55ae-019d-4120-bc35-94f4bc5c4b0a