# CVE-2024-38063
Windows Vulnerability that allows the implementation of unauthorised activity over the network: remote execution of Windows TCP/IP remote code.
Two virtual machines - a victim and an attacker - are ready to simulate the attack. On the victim machine, a tool for capturing network packets, TShark (command line mode of Wireshark), was used and the data was stored in .csv format.
The next steps involve another virtual machine with a machine learning algorithm. The collected network data is then transferred to an analysis environment where important traffic metrics such as header mismatch, Destination Option fields, and others are extracted.
These features are used to train a machine learning model that is able to identify suspicious activity.
[4.0K] /data/pocs/93d522ff407baec2b3a8de0dbfbcdef19fe2f850
├── [4.0K] Attack VM
│ ├── [1.4K] cve-2024-38063.py
│ └── [ 83] script.run
├── [4.0K] ML VM
│ ├── [2.0K] ML_run.py
│ ├── [2.3K] ML_train.py
│ ├── [4.0K] pcap_csv
│ │ ├── [448K] capture_with_attack1.csv
│ │ ├── [ 10K] capture_with_nothing1.csv
│ │ ├── [507K] combined_test_labeled.csv
│ │ ├── [349K] exploit1.csv
│ │ ├── [349K] exploit2.csv
│ │ ├── [349K] exploit3.csv
│ │ ├── [338K] similar1.csv
│ │ ├── [335K] similar2.csv
│ │ ├── [343K] similar3.csv
│ │ └── [337K] similar4.csv
│ └── [1.2K] test.py
├── [ 769] README.md
└── [4.0K] Victim VM
├── [ 894] capture.py
└── [ 838] send.py
4 directories, 18 files