关联漏洞
标题:
Microsoft Windows TCP/IP component 数字错误漏洞
(CVE-2024-38063)
描述:Microsoft Windows tcp/ip是美国微软(Microsoft)公司的一个 Windows 的 Tcp/Ip 支持服务。 Microsoft Windows TCP/IP component存在数字错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 f
介绍
# CVE-2024-38063
Windows Vulnerability that allows the implementation of unauthorised activity over the network: remote execution of Windows TCP/IP remote code.
Two virtual machines - a victim and an attacker - are ready to simulate the attack. On the victim machine, a tool for capturing network packets, TShark (command line mode of Wireshark), was used and the data was stored in .csv format.
The next steps involve another virtual machine with a machine learning algorithm. The collected network data is then transferred to an analysis environment where important traffic metrics such as header mismatch, Destination Option fields, and others are extracted.
These features are used to train a machine learning model that is able to identify suspicious activity.
文件快照
[4.0K] /data/pocs/93d522ff407baec2b3a8de0dbfbcdef19fe2f850
├── [4.0K] Attack VM
│ ├── [1.4K] cve-2024-38063.py
│ └── [ 83] script.run
├── [4.0K] ML VM
│ ├── [2.0K] ML_run.py
│ ├── [2.3K] ML_train.py
│ ├── [4.0K] pcap_csv
│ │ ├── [448K] capture_with_attack1.csv
│ │ ├── [ 10K] capture_with_nothing1.csv
│ │ ├── [507K] combined_test_labeled.csv
│ │ ├── [349K] exploit1.csv
│ │ ├── [349K] exploit2.csv
│ │ ├── [349K] exploit3.csv
│ │ ├── [338K] similar1.csv
│ │ ├── [335K] similar2.csv
│ │ ├── [343K] similar3.csv
│ │ └── [337K] similar4.csv
│ └── [1.2K] test.py
├── [ 769] README.md
└── [4.0K] Victim VM
├── [ 894] capture.py
└── [ 838] send.py
4 directories, 18 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。