Hunting for CVE-2024-38063 by diffing Tcpip.sys with Ghidra
Автор: Artem Baranov
Загружено: 2024-08-27
Просмотров: 1810
Описание:
A simple guide on how to diff patched Windows executables with Ghidra on the example of the recently patched Tcpip.sys; from scratch step-by-step. The diff process has some pitfalls and requires more steps than simply run BinDiff from IDA, but it has its advantages.
References
Windows TCP/IP Remote Code Execution Vulnerability
hxxps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
CVE-2024-38063
hxxps://github.com/ynwarcs/CVE-2024-38063
Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
hxxps://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Ghidra repo
hxxps://github.com/NationalSecurityAgency/ghidra
Zynamics BinDiff
hxxps://www.zynamics.com/bindiff.html
BinExport repo
hxxps://github.com/google/binexport
BinDiffHelper repo
hxxps://github.com/google/binexport
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке: