From 78d3c3062b72fd14e787e25823472d9fcb106047 Mon Sep 17 00:00:00 2001
From: Matt <138068996+MattDotL@users.noreply.github.com>
Date: Mon, 27 Nov 2023 14:04:35 -0500
Subject: [PATCH 1/2] Add test for keychain dump

---
 atomics/T1555.001/T1555.001.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/atomics/T1555.001/T1555.001.yaml b/atomics/T1555.001/T1555.001.yaml
index 749afa1adf..09b426ab9a 100644
--- a/atomics/T1555.001/T1555.001.yaml
+++ b/atomics/T1555.001/T1555.001.yaml
@@ -28,3 +28,16 @@ atomic_tests:
       security find-certificate -a -p > #{cert_export}
       security import #{cert_export} -k
     name: sh
+
+- name: Keychain Dump
+  auto_generated_guid: 
+  description: |-
+    This command will dump keychain credential information from login.keychain. 
+    Source: https://www.loobins.io/binaries/security/
+  supported_platforms:
+  - macos
+  executor:
+    command: sudo security dump-keychain -d login.keychain
+    cleanup_command: 
+    name: sh
+    elevation_required: true

From a3769ef9611df9f90144138df46354e9e079b0b9 Mon Sep 17 00:00:00 2001
From: Carrie Roberts <clr2of8@gmail.com>
Date: Mon, 27 Nov 2023 15:53:50 -0600
Subject: [PATCH 2/2] remove empty keys

---
 atomics/T1555.001/T1555.001.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/atomics/T1555.001/T1555.001.yaml b/atomics/T1555.001/T1555.001.yaml
index 09b426ab9a..9b3dcbc7e8 100644
--- a/atomics/T1555.001/T1555.001.yaml
+++ b/atomics/T1555.001/T1555.001.yaml
@@ -29,8 +29,7 @@ atomic_tests:
       security import #{cert_export} -k
     name: sh
 
-- name: Keychain Dump
-  auto_generated_guid: 
+- name: Keychain Dump 
   description: |-
     This command will dump keychain credential information from login.keychain. 
     Source: https://www.loobins.io/binaries/security/
@@ -38,6 +37,5 @@ atomic_tests:
   - macos
   executor:
     command: sudo security dump-keychain -d login.keychain
-    cleanup_command: 
     name: sh
     elevation_required: true