HiveNightmare aka Serious SAM [CVE 2021-36934] | Safe Security

Home Resources Security Research HiveNightmare aka Serious SAM [CVE 2021-36934]

This paper explains the vulnerability, HiveNightmare (CVE-2021-36934), also known as SeriousSAM, in Windows 10 version 1809 and later. It is a zero-day privilege escalation vulnerability, taking advantage of overly permissive Access Control Lists (ACLs). An attacker with the ability to execute code on a target host could exploit this vulnerability to elevate their privileges to SYSTEM.

Key Pointers:

Understanding the vulnerability in Windows 10.
Taking a look at the severity, risk and the scope of impact of this vulnerability.
Understanding how to mitigate the vulnerability using some available work arounds.
Understanding the attack scenario and setting up the lab for exploitation.
Exploiting the vulnerability and taking the SYSTEM access.

Brands that
trust our competence

Related Resources

heap based buffer overflow vulnerability research paper

Heap-Based Overflow Vulnerability in Sudo [CVE-2021-3156]Read More

ubuntu overlays privesc vulnerability

Ubuntu OverlayFS Local Privesc VulnerabilityRead More

heartbleed attack cybersecurity research paper

Heartbleed AttackRead More

linux firewall guide research paper

A Beginners Guide to Linux FirewallRead More

insecure deserialzation research paper

Introduction to Insecure DeserializationRead More

linux privilege escalation research paper

Understanding and Exploiting Zerologon Read More