diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index f62168ed..f1999bc9 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -73867,8 +73867,8 @@ credential-access:
     - name: dump volume shadow copy hives with certutil
       auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
       description: |
-        Dump hives from volume shadow copies with the certutil utility
-        This can be done with a non-admin user account
+        Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM".
+        This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
       supported_platforms:
       - windows
       input_arguments:
@@ -73899,7 +73899,7 @@ credential-access:
           rm $toremove -ErrorAction Ignore
     - name: dump volume shadow copy hives with System.IO.File
       auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
-      description: 'Dump hives from volume shadow copies with System.IO.File
+      description: 'Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
 
         '
       supported_platforms:
diff --git a/atomics/T1003.002/T1003.002.md b/atomics/T1003.002/T1003.002.md
index 9f16954b..ba90b85b 100644
--- a/atomics/T1003.002/T1003.002.md
+++ b/atomics/T1003.002/T1003.002.md
@@ -224,8 +224,8 @@ Invoke-Webrequest -Uri "https://raw.githubusercontent.com/BC-SECURITY/Empire/c1b
 <br/>
 
 ## Atomic Test #5 - dump volume shadow copy hives with certutil
-Dump hives from volume shadow copies with the certutil utility
-This can be done with a non-admin user account
+Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM".
+This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
 
 **Supported Platforms:** Windows
 
@@ -270,7 +270,7 @@ rm $toremove -ErrorAction Ignore
 <br/>
 
 ## Atomic Test #6 - dump volume shadow copy hives with System.IO.File
-Dump hives from volume shadow copies with System.IO.File
+Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
 
 **Supported Platforms:** Windows
 
