security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1142/T1142.yaml
T
Michael Haag 96a5643aa4 T1142 
🏡
2018-05-25 11:29:46 -04:00

30 lines
599 B
YAML
Raw Blame History

---
attack_technique: T1142
display_name: Keychain
atomic_tests:
- name: Keychain
description: |
### Keychain Files
~/Library/Keychains/
/Library/Keychains/
/Network/Library/Keychains/
[Security Reference](https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/security.1.html)
[Keychain dumper](https://github.com/juuso/keychaindump)
supported_platforms:
- macos
executor:
name: sh
command: |
security -h
security find-certificate -a -p > allcerts.pem
security import /tmp/certs.pem -k
Reference in New Issue View Git Blame Copy Permalink