diff --git a/atomics/T1003.008/T1003.008.yaml b/atomics/T1003.008/T1003.008.yaml
index 68ddee87..5a32a791 100644
--- a/atomics/T1003.008/T1003.008.yaml
+++ b/atomics/T1003.008/T1003.008.yaml
@@ -38,3 +38,40 @@ atomic_tests:
     cleanup_command: |
       rm -f #{output_file}
     name: sh
+- name: Access /etc/{shadow,passwd} with a standard bin that's not cat
+  auto_generated_guid: 60e860b6-8ae6-49db-ad07-5e73edd88f5d
+  description: |
+    Dump /etc/passwd and /etc/shadow using ed
+  supported_platforms:
+    - linux
+  input_arguments:
+    output_file:
+      description: Path where captured results will be placed
+      type: Path
+      default: /tmp/T1003.008.txt
+  executor:
+    command: |
+      echo ,p | ed /etc/{pass,}wd > #{output_file}
+      echo ,p | ed /etc/{sha,}dow > #{output_file}
+    cleanup_command: |
+      rm -f #{output_file}
+    name: bash
+- name: Access /etc/{shadow,passwd} with shell builtins
+  auto_generated_guid: 60e860b6-8ae6-49db-ad07-5e73edd88f5d
+  description: |
+    Dump /etc/passwd and /etc/shadow using bash builtins
+  supported_platforms:
+    - linux
+  input_arguments:
+    output_file:
+      description: Path where captured results will be placed
+      type: Path
+      default: /tmp/T1003.008.txt
+  executor:
+    command: |
+      function testcat(){ echo "$(< $1)"; }
+      testcat /etc/passwd > #{output_file}
+      testcat /etc/shadow > #{output_file}
+    cleanup_command: |
+      rm -f #{output_file}
+    name: bash