shadowcopies
misc::shadowcopies
is used to list the available shadow copies on the system.
The hivenightmare/serious sam vulnerability was discovered by JonasLyk. According to Will Dormann,Builtin\Users
had RX
access to the SAM, somewhere between Windows 10 1803 and 1809, hence allowing regular users to operate SAM dumping.
The then lsadump::sam
can be used by defining the shadow copies paths for /sam
and /system
.
Last updated