HomeResourcesSecurity ResearchHiveNightmare aka Serious SAM [CVE 2021-36934]
hivenightmare aka serious sam research paper
Security Research

HiveNightmare aka Serious SAM [CVE 2021-36934]

This paper explains the vulnerability, HiveNightmare (CVE-2021-36934), also known as SeriousSAM, in Windows 10 version 1809 and later. It is a zero-day privilege escalation vulnerability, taking advantage of overly permissive Access Control Lists (ACLs). An attacker with the ability to execute code on a target host could exploit this vulnerability to elevate their privileges to SYSTEM.

Key Pointers:
  • Understanding the vulnerability in Windows 10.
  • Taking a look at the severity, risk and the scope of impact of this vulnerability.
  • Understanding how to mitigate the vulnerability using some available work arounds.
  • Understanding the attack scenario and setting up the lab for exploitation.
  • Exploiting the vulnerability and taking the SYSTEM access.

Brands that
trust our competence

Explore more
kfc logo
discover logo
adp logo
adbed bath beyond logo
expedia logo
chipotle logo
molina
Mosaic Insurance logo
dell logo
fannie-mae logo
maersk logo
gsk logo
wiz logo
bt logo

Related Resources

Explore More
heap based buffer overflow vulnerability research paperHeap-Based Overflow Vulnerability in Sudo [CVE-2021-3156]Read More ubuntu overlays privesc vulnerabilityUbuntu OverlayFS Local Privesc VulnerabilityRead More heartbleed attack cybersecurity research paperHeartbleed AttackRead More linux firewall guide research paperA Beginners Guide to Linux FirewallRead More insecure deserialzation research paperIntroduction to Insecure DeserializationRead More linux privilege escalation research paperUnderstanding and Exploiting Zerologon Read More