From 956a699a65a8b4f402b74fe390d58c42cfb8a027 Mon Sep 17 00:00:00 2001
From: Carrie Roberts <clr2of8@gmail.com>
Date: Thu, 10 Nov 2022 11:58:47 -0500
Subject: [PATCH] expand description (#2227)

* expand description

* add cve number and link
---
 atomics/T1003.002/T1003.002.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index f7eba560..d6f6cf16 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -105,8 +105,8 @@ atomic_tests:
 - name: dump volume shadow copy hives with certutil
   auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
   description: |
-    Dump hives from volume shadow copies with the certutil utility
-    This can be done with a non-admin user account
+    Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM".
+    This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
   supported_platforms:
   - windows
   input_arguments:
@@ -139,7 +139,7 @@ atomic_tests:
 - name: dump volume shadow copy hives with System.IO.File
   auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
   description: |
-    Dump hives from volume shadow copies with System.IO.File
+    Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
   supported_platforms:
   - windows
   input_arguments: