![hivenightmare aka serious sam research paper](/assets/img/research-paper/preview/hivenightmare-aka-serious-sam.png)
Security Research
HiveNightmare aka Serious SAM [CVE 2021-36934]
This paper explains the vulnerability, HiveNightmare (CVE-2021-36934), also known as SeriousSAM, in Windows 10 version 1809 and later. It is a zero-day privilege escalation vulnerability, taking advantage of overly permissive Access Control Lists (ACLs). An attacker with the ability to execute code on a target host could exploit this vulnerability to elevate their privileges to SYSTEM.
Key Pointers:
- Understanding the vulnerability in Windows 10.
- Taking a look at the severity, risk and the scope of impact of this vulnerability.
- Understanding how to mitigate the vulnerability using some available work arounds.
- Understanding the attack scenario and setting up the lab for exploitation.
- Exploiting the vulnerability and taking the SYSTEM access.
Brands that
trust our competence
Explore more![kfc logo](/assets/img/homee/customers/logos/kfc-logo.png)
![discover logo](/assets/img/homee/customers/logos/discover-financial-services.png)
![adp logo](/assets/img/homee/customers/logos/adp.png)
![adbed bath beyond logo](/assets/img/homee/customers/logos/bed-bath-and-beyond.png)
![expedia logo](/assets/img/homee/customers/logos/expedia.png)
![chipotle logo](/assets/img/homee/customers/logos/chipotle-mexican-grill-inc.png)
![molina](/assets/img/homee/customers/logos/molina.png)
![Mosaic Insurance logo](/assets/img/homee/customers/new-logos/mosaic-insurance.png)
![](/assets/img/homee/customers/logos/cedar-sinai.png)
![dell logo](/assets/img/homee/customers/logos/dell.png)
![fannie-mae logo](/assets/img/homee/customers/logos/fannie-mae.png)
![maersk logo](/assets/img/homee/customers/logos/maersk.png)
![gsk logo](/assets/img/homee/customers/new-logos/gsk.png)
![wiz logo](/assets/img/homee/customers/new-logos/wiz.png)
![bt logo](/assets/img/homee/customers/new-logos/bt.png)