paper_collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
1,214
120
1,214
0
Top Related Projects
86,719
Papers from the computer science community to read and discuss.
4,121
dataset and code for 2016 paper "Learning a Driving Simulator"
Quick Overview
The 0xricksanchez/paper_collection repository is a curated collection of academic papers and research articles related to various aspects of computer security, with a focus on fuzzing, vulnerability discovery, and exploit development. This repository serves as a valuable resource for researchers, security professionals, and enthusiasts interested in staying up-to-date with the latest advancements in the field.
Pros
- Comprehensive collection of papers covering a wide range of security topics
- Well-organized structure with papers categorized by subject
- Regular updates with new papers added frequently
- Includes both seminal works and cutting-edge research
Cons
- Lacks detailed summaries or reviews of the papers
- No search functionality within the repository
- Some categories may have limited papers compared to others
- Potential copyright concerns for direct hosting of academic papers
Getting Started
As this is not a code library but a collection of academic papers, there is no code example or quick start section. To use this repository:
- Visit the GitHub repository: https://github.com/0xricksanchez/paper_collection
- Browse through the different categories to find papers of interest
- Click on the paper titles to view or download the PDF files
- Consider starring or watching the repository to stay updated with new additions
Competitor Comparisons
86,719
Papers from the computer science community to read and discuss.
Pros of papers-we-love
- Larger community with more contributors and a wider range of topics
- Better organized with categorized papers and a more structured repository
- Includes meetup information and community guidelines
Cons of papers-we-love
- May be overwhelming for newcomers due to the large number of papers
- Less focused on specific areas compared to paper_collection
- Requires more navigation to find papers on specific topics
Code comparison
paper_collection:
└── papers
├── binary_analysis
├── fuzzing
├── program_analysis
└── reverse_engineering
papers-we-love:
├── artificial_intelligence
├── computer_graphics
├── computer_science
├── cryptography
├── data_structures
└── ...
The paper_collection repository has a more focused structure with fewer top-level categories, while papers-we-love has a broader range of topics with more extensive categorization.
Both repositories serve as valuable resources for computer science papers, but they cater to different audiences. paper_collection is more specialized, focusing on areas like binary analysis and reverse engineering, making it ideal for researchers in those fields. papers-we-love offers a broader scope, covering various computer science topics, which makes it suitable for a wider audience but may require more effort to find specific papers.
4,121
dataset and code for 2016 paper "Learning a Driving Simulator"
Pros of research
- More active development with recent commits and updates
- Broader scope covering various autonomous driving topics
- Includes code implementations and practical examples
Cons of research
- Less organized structure for paper references
- Lacks a comprehensive list of academic publications
- May be more challenging for newcomers to navigate
Code comparison
paper_collection:
No code available for comparison
research:
def radians_to_degrees(rad):
return rad * 180 / math.pi
def degrees_to_radians(deg):
return deg * math.pi / 180
Summary
paper_collection focuses on curating a collection of academic papers related to security research, while research provides a more hands-on approach to autonomous driving research with code implementations. paper_collection offers a well-organized list of publications, making it easier for researchers to find relevant papers. On the other hand, research provides practical examples and code snippets, which can be valuable for developers and engineers working on autonomous driving projects. The choice between the two repositories depends on whether the user is looking for academic references or practical implementations in the field of autonomous driving and related technologies.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Note
The sole purpose of this repository is to help me organize recent academic papers related to fuzzing, binary analysis, IoT security, and general exploitation. This is a non-exhausting list, even though I'll try to keep it updated... Feel free to suggest decent papers via a PR.
Table of Contents
Read & Tagged
- 2023 - Dissecting American Fuzzy Lop A FuzzBench Evaluation
- Tags:: AFL, collisions, hitcounts, timeout, novelty search, corpus culling, score calculation, corpus scheduling, splicing
- 2022 - DARWIN: Survival of the Fittest Fuzzing Mutators
- Tags: mutation scheduling, evolution strategy, AFL, AFL-MOpT, fuzzbench, magma, ecofuzz
- 2022 - Removing Uninteresting Bytes in Software Fuzzing
- Tags: seed optimization, seed minimization, diar, coverage-guided
- 2021 - An Empirical Study of OSS-Fuzz Bugs
- Tags: flaky bugs, clusterfuzz, sanitizer, bug detection, bug classification, time-to-fix, time-to-detect
- 2020 - Corpus Distillation for Effective Fuzzing
- Tags: corpus minimization, afl-cmin, google fuzzer test suite, FTS, minset, AFL
- 2020 - Symbolic execution with SymCC: Don't interpret, compile!
- Tags: KLEE, QSYM, LLVM, C, C++, compiler, symbolic execution, concolic execution, source code level, IR, angr, Z3, DARPA corpus, AFL
- 2020 - WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
- Tags: REDQUEEN, chunk-based formats, AFLSmart, I2S, checksums, magix bytes, QEMU, Eclipser, short fuzzing runs,
- 2020 - Efficient Binary-Level Coverage Analysis
- Tags: bcov, detour + trampoline, basic block coverage, sliced microexecution, superblocks, strongly connected components, dominator graph, BAP, angr, IDA, DynamoRIO, Intel PI, BAP, angr, IDA, DynamoRIO, Intel PIN
- 2020 - Test-Case Reduction via Test-Case Generation: Insights From the Hypothesis Reducer
- Tags: Test case reducer, property based testing, CSmith, test case generation, hierachical delta debugging
- 2020 - AFL++: Combining Incremental Steps of Fuzzing Research
- Tags: AFL++, AFL, MOpt, LAF-Intel, Fuzzbench, Ngram, RedQueen, Unicorn, QBDI, CmpLog, AFLFast
- 2020 - FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
- Tags: Ghdira, static analysis, sound disassembly, base address finder, BLE, vulnerability discovery
- 2020 - P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling
- Tags: HALucinator, emulation, firmware, QEMU, AFL, requires source, MCU, peripheral abstraction
- 2020 - What Exactly Determines the Type? Inferring Types with Context
- Tags: context assisted type inference, stripped binaries, variable and type reconstruction, IDA Pro, Word2Vec, CNN,
- 2020 - Causal Testing: Understanding Defectsâ Root Causes
- Tags: Defects4J, causal relationships, Eclipse plugin, unit test mutation, program trace diffing, static value diffing, user study
- 2020 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
- Tags: RCA, program traces, input diversification, Intel PIN, Rust, CFG,
- 2020 - ParmeSan: Sanitizer-guided Greybox Fuzzing
- Tags: interprocedural CFG, data flow analysis, directed fuzzing (DGF), disregarding 'hot paths', LAVA-M based primitives, LLVM, Angora, AFLGo, ASAP, santizer dependent
- 2020 - Magma: A Ground-Truth Fuzzing Benchmark
- Tags: best practices, fuzzer benchmarking, ground truth, Lava-M
- 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
- Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad benchmarking
- 2020 - GREYONE: Data Flow Sensitive Fuzzing
- Tags: data-flow fuzzing, taint-guided mutation, input prioritization, constraint conformance, REDQUEEN, good evaluation, VUzzer
- 2020 - FairFuzz-TC: a fuzzer targeting rare branches
- Tags: AFL, required seeding, branch mask
- 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
- Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad evaluation
- 2020 - TOFU: Target-Oriented FUzzer
- Tags: DGF, structured mutations, staged fuzzing/learning of cli args, target fitness, structure aware, Dijkstra for priority, AFLGo, Superion
- 2020 - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
- Tags:: sanitizer metadata, optimization, ASAN, MSan, AFL
- 2020 - Boosting Fuzzer Efficiency: An Information Theoretic Perspective
- Tags:: Shannon entropy, seed power schedule, libfuzzer, active SLAM, DGF, fuzzer efficiency
- 2020 - Learning Input Tokens for Effective Fuzzing
- Tags: dynamic taint tracking, parser checks, magic bytes, creation of dict inputs for fuzzers
- 2020 - A Review of Memory Errors Exploitation in x86-64
- Tags: NX, canaries, ASLR, new mitigations, mitigation evaluation, recap on memory issues
- 2020 - SoK: The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing
- Tags: SoK, directed grey box fuzzing, AFL, AFL mutation operators, DGF vs CGF
- 2020 - MemLock: Memory Usage Guided Fuzzing
- Tags: memory consumption, AFL, memory leak, uncontrolled-recursion, uncontrolled-memory-allocation, static analysis
- 2019 - Matryoshka: Fuzzing Deeply Nested Branches
- Tags: AFL, QSYM, Angora, path constraints, nested conditionals, (post) dominator trees, gradient descent, REDQUEEN, LAVA-M
- 2019 - Building Fast Fuzzers
- Tags: grammar based fuzzing, optimization, bold claims, comparison to badly/non-optimized fuzzers, python, lots of micro-optimizations, nice protocolling of failures, bad ASM optimization
- 2019 - Not All Bugs Are the Same: Understanding, Characterizing, and Classifying the Root Cause of Bugs
- Tags: RCA via bug reports, classification model, F score,
- 2019 - AntiFuzz: Impeding Fuzzing Audits of Binary Executables
- Tags: anti fuzzing, prevent crashes, delay executions, obscure coverage information, overload symbolic execution
- 2019 - MOpt: Optimized Mutation Scheduling for Fuzzers
- Tags: mutation scheduling, particle swarm optimization (PSO), AFL, AFL mutation operators, VUzzer,
- 2019 - FuzzFactory: Domain-Specific Fuzzing with Waypoints
- Tags: domain-specific fuzzing, AFL, LLVM, solve hard constraints like cmp, find dynamic memory allocations, binary-based
- 2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
- Tags: Ubuntu, file systems, library OS, ext4, brtfs, meta block mutations, edge cases
- 2019 - REDQUEEN: Fuzzing with Input-to-State Correspondence
- Tags: feedback-driven, AFL, magic-bytes, nested contraints, input-to-state correspondence, I2S
- 2019 - PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
- Tags: kernel, android, userland, embedded, hardware, Linux, device driver, WiFi
- 2019 - FirmFuzz: Automated IoT Firmware Introspection and Analysis
- Tags: emulation, firmadyne, BOF, XSS, CI, NPD, semi-automatic
- 2019 - Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
- Tags: emulation, qemu, afl, full vs user mode, syscall redirect, "augmented process emulation", firmadyne
- 2018 - A Survey of Automated Root Cause Analysisof Software Vulnerability
- Tags: Exploit mitigations, fuzzing basics, symbolic execution basics, fault localization, high level
- 2018 - PhASAR: An Inter-procedural Static Analysis Framework for C/C++
- Tags: LLVM, (inter-procedural) data-flow analysis, call-graph, points-to, class hierachy, CFG, IR
- 2018 - INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing
- Tags: LLVM, instrumentation optimization, graph algorithms, selective instrumentation, coverage calculation
- 2018 - What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
- Tags: embedded, challenges, heuristics, emulation, crash classification, fault detection
- 2018 - Evaluating Fuzz Testing
- Tags: fuzzing evaluation, good practices, bad practices
- 2017 - Root Cause Analysis of Software Bugs using Machine Learning Techniques
- Tags: ML, RC prediction for filed bug reports, unsupervised + supervised combination, RC categorisation, F score
- 2017 - kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
- Tags: intel PT, kernel, AFL, file systems, Windows, NTFS, Linux, ext, macOS, APFS, driver, feedback-driven
- 2016 - Driller: Argumenting Fuzzing Through Selective Symbolic Execution
- Tags: DARPA, CGC, concolic execution, hybrid fuzzer, binary based
- 2015 - Challenges with Applying Vulnerability Prediction Models
- Tags: VPM vs DPM, prediction models on large scale systems, files with frequent changes leave more vulns, older code exhibits more vulns
- 2014 - Optimizing Seed Selection for Fuzzing
- Tags: BFF, (weighted) minset, peach, cover set problem, seed transferabilty, time minset, size minset, round robin
- 2013 - Automatic Recovery of Root Causes from Bug-Fixing Changes
- Tags: ML + SCA, F score, AST, PPA, source tree analysis
Unread
Unread papers categorized by a common main theme.
General fuzzing implementations
- 2024 - Fuzzing-based grammar learning from a minimal set of seed inputs
- 2024 - LinFuzz: Program-Sensitive Seed Scheduling Greybox Fuzzing Based on LinUCB Algorithm
- 2024 - Graphuzz: Data-driven Seed Scheduling for Coverage-guided Greybox Fuzzing
- 2024 - Towards Tightly-coupled Hybrid Fuzzing via Excavating Input Specifications
- 2024 - BazzAFL: Moving Fuzzing Campaigns Towards Bugs Via Grouping Bug-Oriented Seeds
- 2024 - DeepGo: Predictive Directed Greybox Fuzzing
- 2024 - LibAFL QEMU: A Library for Fuzzing-oriented Emulation
- 2023 - NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic
- 2023 - DSFuzz: Detecting Deep State Bugs with Dependent State Exploration
- 2023 - FA-Fuzz: A Novel Scheduling Scheme Using Firefly Algorithm for Mutation-Based Fuzzing
- 2023 - Make out like a (Multi-Armed) Bandit: Improving the Odds of Fuzzer Seed Scheduling with T-Scheduler
- 2023 - SYNTONY: Potential-Aware Fuzzing with Particle Swarm Optimization
- 2023 - Triereme: Speeding up hybrid fuzzing through efficient query scheduling
- 2023 - Hybrid Testing: Combining Static Analysis and Directed Fuzzing
- 2023 - Titan : Efficient Multi-target Directed Greybox Fuzzing
- 2023 - SpecFuzzer: A Tool for Inferring Class Specifications via Grammar-based Fuzzing
- 2023 - Hopper: Interpretative Fuzzing for Libraries
- 2023 - Enhancing Coverage-Guided Fuzzing via Phantom Program
- 2023 - Hyperfuzzing: black-box security hypertesting with a grey-box fuzzer
- 2023 - SHAPFUZZ: Efficient Fuzzing via Shapley-Guided Byte Selection
- 2023 - PSOFuzz - Fuzzing Processors with Particle Swarm Optimization
- 2023 - SymRustC: A Hybrid Fuzzer for Rust
- 2023 - Finch: Fuzzing with Quantitative and Adaptive Hot-Bytes Identification
- 2023 - HyperGo: Probability-based Directed Hybrid Fuzzing
- 2023 - CrabSandwich: Fuzzing Rust with Rust
- 2023 - InFuzz: An Interactive Tool for Enhancing Efficiency in Fuzzing through Visual Bottleneck Analysis
- 2023 - Rare Path Guided Fuzzingâ
- 2023 - Guiding Greybox Fuzzing with Mutation Testing
- 2023 - FGo: A Directed Grey-box Fuzzer with Probabilistic Exponential cut-the-loss Strategies
- 2023 - FISHFUZZ: Catch Deeper Bugs by Throwing Larger Nets
- 2023 - PosFuzz: augmenting greybox fuzzing with effective position distribution
- 2023 - Bottleneck Analysis via Grammar-based Performance Fuzzing*
- 2023 - What Happens When We Fuzz? Investigating OSS-Fuzz Bug History
- 2023 - Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities
- 2023 - Large Language Models are Edge-Case Fuzzers: Testing Deep Learning Libraries via FuzzGPT
- 2023 - SBFT Tool Competition 2023 - Fuzzing Track
- 2023 - CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing
- 2023 - Learning Seed-Adaptive Mutation Strategies for Greybox Fuzzing
- 2023 - Directed Greybox Fuzzing with Stepwise Constraint Focusing
- 2023 - Generation-based fuzzing? Donât build a new generator, reuse!
- 2023 - RCABench: Open Benchmarking Platform for Root Cause Analysis
- 2023 - Arvin: Greybox Fuzzing Using Approximate Dynamic CFG Analysis
- 2023 - DAISY: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis
- 2023 - autofz: Automated Fuzzer Composition at Runtime
- 2023 - Towards Hybrid Fuzzing with Multi-level Coverage Tree and Reinforcement Learning in Greybox Fuzzing
- 2023 - Fuzzing, Symbolic Execution, and Expert Guidance for Better Testing
- 2023 - Fuzzing vs SBST: Intersections & Differences
- 2023 - Evaluating the Fork-Awareness of Coverage-Guided Fuzzers
- 2023 - Homo in Machina: Improving Fuzz Testing Coverage via Compartment Analysis
- 2023 - The fun in fuzzing - The debugging techniquie comes into its own
- 2023 - Reachable Coverage: Estimating Saturation in Fuzzing
- 2023 - A Seed Scheduling Method With a Reinforcement Learning for a Coverage Guided Fuzzing
- 2023 - SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration
- 2022 - Explainable Fuzzer Evaluation
- 2022 - Rare-Seed Generation for Fuzzing
- 2022 - How to Compare Fuzzers
- 2022 - Valkyrie: Improving Fuzzing Performance Through Deterministic Techniques
- 2022 - FUZZING DEEPER LOGIC WITH IMPEDING FUNCTION TRANSFORMATION
- 2022 - Alphuzz: Monte Carlo Search on Seed-Mutation Tree for Coverage-Guided Fuzzing
- 2022 - AutoGenD: fuzz driver generation for binary libraries without header files and symbol information
- 2022 - Mutation Optimization of Directional Fuzzing for Cumulative Defects
- 2022 - IMPROVING AFL++ CMPLOG: TACKLING THE BOTTLENECKS
- 2022 - One Fuzz Doesnât Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction
- 2022 - POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems
- 2022 - Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle
- 2022 - Nimbus: Toward Speed Up Function Signature Recovery via Input Resizing and Multi-Task Learning
- 2022 - So Many Fuzzers, So Little Time
- 2022 - SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing
- 2022 - DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing
- 2022 - UltraFuzz: Towards Resource-saving in Distributed Fuzzing
- 2022 - Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots
- 2022 - FuzzerAid: Grouping Fuzzed Crashes Based On Fault Signatures
- 2022 - Automatically Seed Corpus and Fuzzing Executables Generation Using Test Framework
- 2022 - CAMFuzz: Explainable Fuzzing with Local Interpretation
- 2022 - Efficient Greybox Fuzzing to Detect Memory Errors
- 2022 - LibAFL: A Framework to Build Modular and Reusable Fuzzers
- 2022 - FishFuzz: Throwing Larger Nets to Catch Deeper Bugs
- 2022 - SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis
- 2022 - AMSFuzz: An adaptive mutation schedule for fuzzing
- 2022 - FixReverter: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
- 2022 - Multiple Targets Directed Greybox Fuzzing
- 2022 - Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs
- 2022 - DocTer: Documentation-Guided Fuzzing for Testing Deep Learning API Functions
- 2022 - Obtaining Fuzzing Results with Different Timeouts
- 2022 - FASSFuzzerâAn Automated Vulnerability Detection System for Android System Services
- 2022 - WindRanger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks
- 2022 - Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds
- 2022 - GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs
- 2022 - AcoFuzz: Adaptive Energy Allocation for Greybox Fuzzing
- 2022 - TargetFuzz: Using DARTs to Guide Directed Greybox Fuzzers
- 2022 - Fast Fuzzing for Memory Errors
- 2022 - Stateful Greybox Fuzzing
- 2022 - Metamorphic Fuzzing of C++ Libraries
- 2022 - Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis
- 2022 - Comparing Fuzzers on a Level Playing Field with FuzzBench
- 2022 - Vulnerability-oriented directed fuzzing for binary programs
- 2022 - An Improvement of AFL Based On The Function Call Depth
- 2022 - FuzzingDriver: the Missing Dictionary to Increase Code Coverage in Fuzzers
- 2022 - BeDivFuzz: Integrating Behavioral Diversity into Generator-based Fuzzing
- 2022 - One Fuzzing Strategy to Rule Them All
- 2022 - Grammars for Free: Toward Grammar Inference for Ad Hoc Parsers
- 2022 - Fuzzing Class Specifications
- 2022 - Mutation Analysis: Answering the Fuzzing Challenge
- 2022 - Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths
- 2022 - BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning
- 2022 - MORPHUZZ: Bending (Input) Space to Fuzz Virtual Devices
- 2021 - A parallel fuzzing method based on two-stage mutation
- 2021 - Better Pay Attention Whilst Fuzzing
- 2021 - Diar: Removing Uninteresting Bytes from Seeds in Software Fuzzing
- 2021 - Reducing Time-To-Fix For Fuzzer Bugs
- 2021 - Casr-Cluster: Crash Clustering for Linux Applications
- 2021 - Fuzzm: Finding Memory Bugs through Binary-Only Instrumentation and Fuzzing of WebAssembly
- 2021 - InstruGuard: Find and Fix Instrumentation Errors for Coverage-based Greybox Fuzzing
- 2021 - POSTER: OS Independent Fuzz Testing of I/O Boundary
- 2021 - HDBFuzzerâTarget-oriented Hybrid Directed Binary Fuzzer
- 2021 - ovAFLow: Detecting Memory Corruption Bugs with Fuzzing-based Taint Inference
- 2021 - SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
- 2021 - SiliFuzz: Fuzzing CPUs by proxy
- 2021 - Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing
- 2021 - Facilitating Parallel Fuzzing with Mutually-exclusive Task Distribution
- 2021 - PATA: Fuzzing with Path Aware Taint Analysis
- 2021 - BSOD: Binary-only Scalable fuzzing Of device Drivers
- 2021 - FuzzBench: An Open Fuzzer Benchmarking Platform and Service
- 2021 - My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers
- 2021 - Scalable Fuzzing of Program Binaries with E9AFL
- 2021 - HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs
- 2021 - BigMap: Future-proofing Fuzzers with Efficient Large Maps
- 2021 - Token-Level Fuzzing
- 2021 - Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection
- 2021 - LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating
- 2021 - ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities
- 2021 - KCFuzz: Directed Fuzzing Based on Keypoint Coverage
- 2021 - TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing
- 2021 - Fuzzing with optimized grammar-aware mutation strategies
- 2021 - Directed Fuzzing for Use-After-FreeVulnerabilities Detection
- 2021 - DIFUZZRTL: Differential Fuzz Testing to FindCPU Bugs
- 2021 - Z-Fuzzer: device-agnostic fuzzing of Zigbee protocol implementation
- 2021 - Fuzzing with Multi-dimensional Control of Mutation Strategy
- 2021 - Using a Guided Fuzzer and Preconditions to Achieve Branch Coverage with Valid Inputs
- 2021 - RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing
- 2021 - CoCoFuzzing: Testing Neural Code Models with Coverage-Guided Fuzzing
- 2021 - Seed Selection for Successful Fuzzing
- 2021 - Gramatron: Effective Grammar-Aware Fuzzing
- 2021 - Hyntrospect: a fuzzer for Hyper-V devices
- 2021 - FUZZOLIC: mixing fuzzing and concolic execution
- 2021 - QFuzz: Quantitative Fuzzing for Side Channels
- 2021 - Revizor: Fuzzing for Leaks in Black-box CPUs
- 2021 - Unleashing Fuzzing Through Comprehensive, Efficient, and Faithful Exploitable-Bug Exposing
- 2021 - Constraint-guided Directed Greybox Fuzzing
- 2021 - Test-Case Reduction and Deduplication Almost forFree with Transformation-Based Compiler Testing
- 2021 - RULF: Rust Library Fuzzing via API Dependency Graph Traversal
- 2021 - STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
- 2021 - PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State
- 2021 - MuDelta: Delta-Oriented Mutation Testing at Commit Time
- 2021 - CollabFuzz: A Framework for Collaborative Fuzzing
- 2021 - MUTAGEN: Faster Mutation-Based Random Testing
- 2021 - Inducing Subtle Mutations with Program Repair
- 2021 - Differential Analysis of X86-64 Instruction Decoders
- 2021 - On Introducing Automatic Test Case Generation in Practice: A Success Story and Lessons Learned
- 2021 - A Priority Based Path Searching Method for Improving Hybrid Fuzzing
- 2021 - IntelliGen: Automatic Driver Synthesis for Fuzz Testing
- 2021 - icLibFuzzer: Isolated-context libFuzzer for Improving Fuzzer Comparability
- 2021 - SN4KE: Practical Mutation Testing at Binary Level
- 2021 - One Engine to Fuzz âem All: Generic Language Processor Testing with Semantic Validation
- 2021 - Growing A Test Corpus with Bonsai Fuzzing
- 2021 - Fuzzing Symbolic Expressions
- 2021 - JMPscare: Introspection for Binary-Only Fuzzing
- 2021 - An Improved Directed Grey-box Fuzzer
- 2021 - A Binary Protocol Fuzzing Method Based on SeqGAN
- 2021 - Refined Grey-Box Fuzzing with Sivo
- 2021 - PSOFuzzer: A Target-Oriented Software Vulnerability Detection Technology Based on Particle Swarm Optimization
- 2021 - MooFuzz: Many-Objective Optimization Seed Schedule for Fuzzer
- 2021 - CMFuzz: context-aware adaptive mutation for fuzzers
- 2021 - GTFuzz: Guard Token Directed Grey-Box Fuzzing
- 2021 - ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing
- 2021 - SymQEMU:Compilation-based symbolic execution for binaries
- 2021 - CONCOLIC EXECUTION TAILORED FOR HYBRID FUZZING THESIS
- 2021 - Breaking Through Binaries: Compiler-quality Instrumentationfor Better Binary-only Fuzzing
- 2021 - AlphaFuzz: Evolutionary Mutation-based Fuzzing as Monte Carlo Tree Search
- 2020 - Fuzzing with Fast Failure Feedback
- 2020 - LAFuzz: Neural Network for Efficient Fuzzing
- 2020 - MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique
- 2020 - Program State Abstraction for Feedback-Driven Fuzz Testing using Likely Invariants
- 2020 - PMFuzz: Test Case Generation for Persistent Memory Programs
- 2020 - FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs
- 2020 - Integrity: Finding Integer Errors by Targeted Fuzzing
- 2020 - ConFuzz: Coverage-guided Property Fuzzing for Event-driven Programs
- 2020 - AFLTurbo: Speed up Path Discovery for Greybox Fuzzing
- 2020 - Fuzzing Channel-Based Concurrency Runtimes using Types and Effects
- 2020 - DeFuzz: Deep Learning Guided Directed Fuzzing
- 2020 - CrFuzz: Fuzzing Multi-purpose Programs through InputValidation
- 2020 - EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization
- 2020 - Fuzzing Based on Function Importance by Attributed Call Graph
- 2020 - UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
- 2020 - PathAFL: Path-Coverage Assisted Fuzzing
- 2020 - Path Sensitive Fuzzing for Native Applications
- 2020 - UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling
- 2020 - Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
- 2020 - SpecFuzz: Bringing Spectre-type vulnerabilities to the surface
- 2020 - Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
- 2020 - MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs
- 2020 - Evolutionary Grammar-Based Fuzzing
- 2020 - AFLpro: Direction sensitive fuzzing
- 2020 - CSI-Fuzz: Full-speed Edge Tracing Using Coverage Sensitive Instrumentation
- 2020 - Scalable Greybox Fuzzing for Effective Vulnerability Management DISS
- 2020 - HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing
- 2020 - Fuzzing Binaries for Memory Safety Errors with QASan
- 2020 - Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning
- 2020 - IJON: Exploring Deep State Spaces via Fuzzing
- 2020 - Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
- 2020 - PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
- 2020 - UEFI Firmware Fuzzing with Simics Virtual Platform
- 2020 - Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities
- 2020 - FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning
- 2020 - HyDiff: Hybrid Differential Software Analysis
- 2019 - Engineering a Better Fuzzer with SynergicallyIntegrated Optimizations
- 2019 - Superion: Grammar-Aware Greybox Fuzzing
- 2019 - ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
- 2019 - Grimoire: Synthesizing Structure while Fuzzing
- 2019 - Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
- 2019 - SAVIOR: Towards Bug-Driven Hybrid Testing
- 2019 - FUDGE: Fuzz Driver Generation at Scale
- 2019 - NAUTILUS: Fishing for Deep Bugs with Grammars
- 2019 - Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing
- 2019 - EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers
- 2018 - Fuzz Testing in Practice: Obstacles and Solutions
- 2018 - PAFL: Extend Fuzzing Optimizations of Single Mode to Industrial Parallel Mode
- 2018 - PTfuzz: Guided Fuzzing with Processor Trace Feedback
- 2018 - Angora: Efficient Fuzzing by Principled Search
- 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
- 2018 - NEUZZ: Efficient Fuzzing with Neural Program Smoothing
- 2018 - CollAFL: path Sensitive Fuzzing
- 2018 - Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing
- 2018 - QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
- 2018 - Coverage-based Greybox Fuzzing as Markov Chain
- 2018 - MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
- 2018 - Singularity: Pattern Fuzzing for Worst Case Complexity
- 2018 - Smart Greybox Fuzzing
- 2018 - Hawkeye: Towards a Desired Directed Grey-box Fuzzer
- 2018 - PerfFuzz: Automatically Generating Pathological Inputs
- 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
- 2018 - Enhancing Memory Error Detection forLarge-Scale Applications and Fuzz Testing
- 2018 - T-Fuzz: fuzzing by program transformation
- 2017 - Evaluating and improving fault localization
- 2017 - IMF: Inferred Model-based Fuzzer
- 2017 - Synthesizing Program Input Grammars
- 2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
- 2017 - Steelix: Program-State Based Binary Fuzzing
- 2017 - Designing New Operating Primitives to ImproveFuzzing Performance
- 2017 - VUzzer: Application-aware Evolutionary Fuzzing
- 2017 - DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
- 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
- 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
- 2013 - Scheduling Black-box Mutational Fuzzing
- 2013 - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
- 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing
- 2011 - Offset-Aware Mutation based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results
- 2010 - TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
- 2009 - Taint-based Directed Whitebox Fuzzing
- 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
- 2008 - Grammar-based Whitebox Fuzzing
- 2008 - Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing
- 2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
- 2008 - KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
- 2008 - Automated Whitebox Fuzz Testing
- 2005 - DART: Directed Automated Random Testing
- 1994 - Dominators, Super Blocks, and Program Coverage
Harnessing
- 2023 - AFGen: Whole-Function Fuzzing for Applications and Libraries
- 2023 - NaNofuzz: A Usable Tool for Automatic Test Generation
AI/LLM
- 2024 - Survey on Large Language Model (LLM) Security and Privacy: The Good, the Bad, and the Ugly
- 2024 - Generative AI and Large Language Models for Cyber Security: All Insights You Need
- 2024 - Large Language Model guided Protocol Fuzzing
- 2024 - When Fuzzing Meets LLMs: Challenges and Opportunities
- 2024 - Fuzz4All: Universal Fuzzing with Large Language Models
- 2024 - Large Language Models for Cyber Security: A Systematic Literature Review
- 2024 - LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMsâ Vulnerability Reasoning
- 2024 - Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing
- 2024 - Prompt Fuzzing for Fuzz Driver Generation
- 2023 - HOW FAR HAVE WE GONE IN VULNERABILITY DETECTION USING LARGE LANGUAGE MODELS
- 2023 - KernelGPT: Enhanced Kernel Fuzzing via Large Language Models
- 2023 - Exploring the Limits of ChatGPT in Software Security Applications
- 2023 - LLM-Based Code Generation Method for Golang Compiler Testing
- 2023 - Large Language Model guided Protocol Fuzzing
- 2023 - AI-assisted Vulnerability Analysis And Classification Framework for UDS on CAN-bus Fuzzer
- 2023 - GPTFUZZER: Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts
- 2023 - FUZZLLM: A NOVEL AND UNIVERSAL FUZZING FRAMEWORK FOR PROACTIVELY DISCOVERING JAILBREAK VULNERABILITIES IN LARGE LANGUAGE MODELS
- 2023 - Universal Fuzzing via Large Language Models
- 2023 - Understanding Large Language Model Based Fuzz Driver Generation
- 2023 - Large Language Models for Fuzzing Parsers
- 2023 - Large Language Models Are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
- 2023 - Augmenting Greybox Fuzzing with Generative AI
- 2023 - Understanding Programs by Exploiting (Fuzzing) Test Cases
IoT fuzzing
- 2024 - MSLFuzzer: black-box fuzzing of SOHO router devices via message segment list inference
- 2024 - MULTIFUZZ: A Multi-Stream Fuzzer For Testing Monolithic Firmware
- 2023 - KVFL: Key-Value-Based Persistent Fuzzing for IoT Web Servers
- 2023 - Firmulti Fuzzer: Discovering Multi-process Vulnerabilities in IoT Devices with Full System Emulation and VMI
- 2023 - Fuzzability Testing Framework for Incomplete Firmware Binary
- 2023 - Fuzzing Embedded Systems Using Debug Interfaces
- 2023 - Icicle: A Re-Designed Emulator for Grey-Box Firmware Fuzzing
- 2022 - FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules
- 2022 - FuzzDocs: An Automated Security Evaluation Framework for IoT
- 2022 - AflIot: Fuzzing on linux-based IoT device with binary-level instrumentation
- 2022 - Tardis: Coverage-Guided Embedded Operating System Fuzzing
- 2022 - Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation
- 2022 - Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers
- 2022 - PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices
- 2022 - RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface
- 2022 - IoTInfer: Automated Blackbox Fuzz Testing of IoT Network Protocols Guided by Finite State Machine Inference
- 2022 - Debugger-driven Embedded Fuzzing
- 2022 - Game of Hide-and-Seek: Exposing Hidden Interfaces in Embedded Web Applications of IoT Devices
- 2022 - ðAFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware
- 2022 - FirVer: Concolic Testing for Systematic Validation of Firmware Binaries
- 2022 - Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
- 2021 - CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels
- 2021 - An Efficient Feedback-enhanced Fuzzing Scheme for Linux-based IoT Firmwares
- 2021 - A Fuzzing Method for Embedded Software
- 2021 - Large-scale Firmware Vulnerability Analysis Based on Code Similarity
- 2021 - Towards Fast and Scalable Firmware Fuzzing with Dual-Level Peripheral Modeling
- 2021 - Riding the IoT Wave with VFuzz: Discovering Security Flaws in Smart Home
- 2021 - Zero WFuzzer: Target-Oriented Fuzzing for Web Interface of Embedded Devices
- 2021 - StFuzzer: Contribution-Aware Coverage-Guided Fuzzing for Smart Devices
- 2021 - Rtkaller: State-aware Task Generation for RTOS Fuzzing
- 2021 - IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware
- 2021 - Automatic Vulnerability Detection in Embedded Devices and Firmware: Survey and Layered Taxonomies
- 2021 - Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems
- 2021 - FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation
- 2020 - Verification of Embedded Software Binaries using Virtual Prototypes
- 2020 - μSBS: Static Binary Sanitization of Bare-metal Embedded Devices forFault Observability
- 2020 - Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
- 2020 - Vulnerability Detection in SIoT Applications: A Fuzzing Method on their Binaries
- 2020 - FirmAE: Towards Large-Scale Emulation of IoT Firmware forDynamic Analysis
- 2020 - FIRMNANO: Toward IoT Firmware Fuzzing Through Augmented Virtual Execution
- 2020 - ARM-AFL: Coverage-Guided Fuzzing Framework for ARM-Based IoT Devices
- 2020 - Bug detection in embedded environments by fuzzing and symbolic execution
- 2020 - FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
- 2020 - EM-Fuzz: Augmented Firmware Fuzzing via Memory Checking
- 2020 - Verification of Embedded Binaries using Coverage-guided Fuzzing with System C-based Virtual Prototypes
- 2020 - DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis
- 2020 - Fwâfuzz: A code coverageâguided fuzzing framework for network protocols on firmware
- 2020 - Taint-Driven Firmware Fuzzing of Embedded Systems
- 2020 - A Dynamic Instrumentation Technology for IoT Devices
- 2020 - Vulcan: a state-aware fuzzing tool for wear OS ecosystem
- 2020 - A Novel Concolic Execution Approach on Embedded Device
- 2020 - HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols implementations
- 2020 - FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution
- 2018 - IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
- 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
- 2016 - Scalable Graph-based Bug Search for Firmware Images
- 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
- 2015 - Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
- 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
- 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing
Firmware Emulation
- 2022 - What You See is Not What You Get: Revealing Hidden Memory Mapping for Peripheral Modeling
- 2022 - What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation (Extended Version)
- 2022 - BEERR: Bench of Embedded system Experiments for Reproducible Research
- 2022 - FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware
- 2022 - An Automated Approach to Re-Hosting Embedded Firmware Through Removing Hardware Dependencies
- 2021 - FIRMGUIDE: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
- 2021 - Automatic Firmware Emulation through Invalidity-guided Knowledge Inference(Extended Version)
- 2021 - Firmware Re-hosting Through Static Binary-level Porting
- 2021 - Jetset: Targeted Firmware Rehosting for Embedded Systems
- 2021 - Automatic Firmware Emulation through Invalidity-guided Knowledge Inference
Network fuzzing
- 2024 - Netfuzzlib: Adding First-Class Fuzzing Support to Network Protocol Implementations
- 2023 - NSFuzz: Towards Eficient and State-Aware Network Service Fuzzing - RCR Report
- 2023 - INTENDER: Fuzzing Intent-Based Networking with Intent-State Transition Guidance
- 2023 - NSFuzz: Towards Eficient and State-Aware Network Service Fuzzing
- 2022 - FitM: Binary-Only Coverage-Guided Fuzzing for Stateful Network Protocols
- 2022 - WThreadAFL:Deterministic Greybox Fuzzing for Multi-threadNetwork Servers
- 2022 - Model-Based Grey-Box Fuzzing of Network Protocols
- 2022 - Registered Report: NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing
- 2022 - SnapFuzz: An Efficient Fuzzing Framework for Network Applications
- 2022 - REST API Fuzzing by Coverage Level Guided Blackbox Testing
- 2022 - SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols using Snapshots
- 2022 - WAFL: Binary-Only WebAssembly Fuzzing with Fast Snapshots
- 2021 - Nyx-Net: Network Fuzzing with Incremental Snapshots
- 2021 - RapidFuzz: Accelerating Fuzzing via Generative Adversarial Networks
- 2021 - StateAFL: Greybox Fuzzing for Stateful Network Servers
- 2020 - AFLNET: A Greybox Fuzzer for Network Protocols
- 2020 - Finding Security Vulnerabilities in Network Protocol Implementations
Kernel fuzzing
- 2024 - SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing
- 2024 - SyzRetrospector: A Large-Scale Retrospective Study of Syzbot
- 2024 - SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer
- 2024 - MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency
- 2023 - SyzDirect: Directed Greybox Fuzzing for Linux Kernel
- 2023 - SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem
- 2023 - KextFuzz: A Practical Fuzzer for macOS Kernel EXTensions on Apple Silicon
- 2023 - WinkFuzz: Model-based Script Synthesis for Fuzzing
- 2023 - SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers
- 2023 - ACTOR: Action-Guided Kernel Fuzzing
- 2023 - KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations
- 2023 - BoKASAN: Binary-only Kernel Address Sanitizer for Effective Kernel Fuzzing
- 2023 - DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing
- 2023 - Towards Unveiling Exploitation Potential With Multiple Error Behaviors for Kernel Bugs
- 2023 - No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions
- 2022 - PrIntFuzz: fuzzing Linux drivers via automated virtual device simulation
- 2022 - KSG: Augmenting Kernel Fuzzing with System Call Specification Generation
- 2022 - Demystifying the Dependency Challenge in Kernel Fuzzing
- 2022 - Midas: Systematic Kernel TOCTTOU Protection
- 2021 - Evaluating Code Coverage for Kernel Fuzzers via Function Call Graph
- 2021 - ACHyb: a hybrid analysis approach to detect kernel access control vulnerabilities
- 2021 - CVFuzz: Detecting complexity vulnerabilities in OpenCL kernels via automated pathological input generation
- 2021 - HEALER: Relation Learning Guided Kernel Fuzzing
- 2021 - SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
- 2021 - NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis
- 2021 - Undo Workarounds for Kernel Bugs
- 2020 - A Hybrid Interface Recovery Method for Android Kernels Fuzzing
- 2020 - FINDING RACE CONDITIONS IN KERNELS:FROM FUZZING TO SYMBOLIC EXECUTION - THESIS
- 2020 - Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
- 2020 - X-AFL: a kernel fuzzer combining passive and active fuzzing
- 2020 - Identification of Kernel Memory Corruption Using Kernel Memory Secret Observation Mechanism
- 2020 - HFL: Hybrid Fuzzing on the Linux Kernel
- 2020 - Realistic Error Injection for System Calls
- 2020 - KRACE: Data Race Fuzzing for Kernel File Systems
- 2020 - USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
- 2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
- 2019 - Razzer: Finding Kernel Race Bugs through Fuzzing
- 2019 - Unicorefuzz: On the Viability of Emulation for Kernel space Fuzzing
- 2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
- 2017 - DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- 2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
Format specific fuzzing
- 2023 - Android Fuzzing: Balancing User-Inputs and Intents
- 2023 - ItyFuzz: Snapshot-Based Fuzzer for Smart Contract
- 2023 - BRF: eBPF Runtime Fuzzer
- 2023 - MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
- 2023 - EFCF: High Performance Smart Contract Fuzzing for Exploit Generation
- 2023 - ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
- 2023 - VIDEZZO: Dependency-aware Virtual Device Fuzzing
- 2023 - HyPFuzz: Formal-Assisted Processor Fuzzing
- 2023 - FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities
- 2022 - SFuzz: Slice-based Fuzzing for Real-Time Operating Systems
- 2022 - LFUZZ: Exploiting Locality for File-system Fuzzing
- 2022 - MUNDOFUZZ: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference
- 2022 - DTLS-Fuzzer: A DTLS Protocol State Fuzzer
- 2022 - FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks
- 2022 - TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities
- 2021 - V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing
- 2021 - FormatFuzzer: Effective Fuzzing of Binary File Formats
- 2020 - NYX: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
- 2020 - Tree2tree Structural Language Modeling for Compiler Fuzzing
- 2020 - Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
- 2020 - JS Engine - Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
- 2020 - JS Engine - Fuzzing JavaScript Engines with Aspect-preserving Mutation
- 2020 - CUDA Compiler - CUDAsmith: A Fuzzer for CUDA Compilers
- 2020 - Smart Contracts - sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts
- 2019 - Compiler Fuzzing: How Much Does It Matter?
- 2019 - Smart Contracts - Harvey: A Greybox Fuzzer for Smart Contracts
- 2017 - XML - Skyfire: Data-Driven Seed Generation for Fuzzing
Exploitation
- 2024 - K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel
- 2023 - Enhanced Memory Corruption Detection in C/C++ Programs
- 2023 - Automated Exploitable Heap Layout Generation for Heap Overflows Through Manipulation Distance-Guided Fuzzing
- 2023 - The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
- 2023 - Detecting Exploit Primitives Automatically for Heap Vulnerabilities on Binary Programs
- 2022 - RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64
- 2022 - Automatic Permission Check Analysis for Linux Kernel
- 2022 - OS-Aware Vulnerability Prioritization via Differential Severity Analysis
- 2022 - Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs
- 2022 - KASPER: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel
- 2022 - MaMaDroid 2.0 - The Holes of control flow graphs
- 2022 -ShadowHeap: Memory Safety through Efficient Heap Metadata Validation
- 2022 - MACH2: System for Root Cause Analysis of Kernel Vulnerabilities [THESIS]
- 2021 - Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis
- 2021 - MAJORCA: Multi-Architecture JOP and ROP Chain Assembler
- 2021 - A Novel Method for the Automatic Generation of JOP Chain Exploits
- 2021 - V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities
- 2021 - Identifying Valuable Pointers in Heap Data
- 2021 - OCTOPOCS: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept
- 2021 - Characterizing Vulnerabilities in a Major Linux Distribution
- 2021 - MAZE: Towards Automated Heap Feng Shui
- 2021 - Vulnerability Detection in C/C++ Source Code With Graph Representation Learning
- 2021 - mallotROPism: a metamorphic engine for malicious software variation development
- 2020 - Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
- 2020 - Shadow-Heap: Preventing Heap-based Memory Corruptions by Metadata Validation
- 2020 - Practical Fine-Grained Binary Code Randomization
- 2020 - Tiny-CFA: Minimalistic Control-Flow Attestation UsingVerified Proofs of Execution
- 2020 - Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters - PHD THESIS
- 2020 - ABCFI: Fast and Lightweight Fine-Grained Hardware-Assisted Control-Flow Integrity
- 2020 - HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities
- 2020 - Localizing Patch Points From One Exploit
- 2020 - Speculative Dereferencing of Registers: Reviving Foreshadow
- 2020 - HAEPG: An Automatic Multi-hop Exploitation Generation Framework
- 2020 - Exploiting More Binaries by Using Planning to Assemble ROP Exploiting More Binaries by Using Planning to Assemble ROP Attacks Attacks
- 2020 - ROPminer: Learning-Based Static Detection of ROP Chain Considering Linkability of ROP Gadgets
- 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
- 2020 - KASLR: Break It, Fix It, Repeat
- 2020 - ShadowGuard : Optimizing the Policy and Mechanism of Shadow Stack Instrumentation using Binary Static Analysis
- 2020 - VulHunter: An Automated Vulnerability Detection System Based on Deep Learning and Bytecode
- 2020 - Analysis and Evaluation of ROPInjector
- 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
- 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- 2020 - Egalito: Layout-Agnostic Binary Recompilation
- 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
- 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
- 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
- 2019 - Kernel Protection Against Just-In-Time Code Reuse
- 2019 - Kernel Exploitation Via Uninitialized Stack
- 2019 - KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities
- 2019 - SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel
- 2018 - HeapHopper: Bringing Bounded Model Checkingto Heap Implementation Security
- 2018 - K-Miner: Uncovering Memory Corruption in Linux
- 2017 - HAIT: Heap Analyzer with Input Tracing
- 2017 - DROP THE ROP: Fine-grained Control-flow Integrity for the Linux Kernel
- 2017 - kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse
- 2017 - Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
- 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
- 2016 - Scalable Graph-based Bug Search for Firmware Images
- 2015 - Cross-Architecture Bug Search in Binary Executables
- 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
- 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
- 2015 - PIE: Parser Identification in Embedded Systems
- 2014 - ret2dir: Rethinking Kernel Isolation
- 2014 - Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform
- 2012 - Anatomy of a Remote Kernel Exploit
- 2012 - A Heap of Trouble: Breaking the LinuxKernel SLOB Allocator
- 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
- 2011 - Protecting the Core: Kernel Exploitation Mitigations
- 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
- 2014 - ret2dir: Rethinking Kernel Isolation
- 2012 - Anatomy of a Remote Kernel Exploit
- 2012 - A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
- 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
- 2011 - Protecting the Core: Kernel Exploitation Mitigations
Static Binary Analysis
- 2021 - ICALLEE: Recovering Call Graphs for Binaries
- 2021 - EnBinDiff: Identifying Data-only Patches for Binaries
- 2021 - VIVA: Binary Level Vulnerability Identification via Partial Signature
- 2021 - Overview of the advantages and disadvantages of static code analysis tools
- 2021 - Multi-Level Cross-Architecture Binary Code Similarity Metric
- 2020 - VulDetector: Detecting Vulnerabilities using Weighted Feature Graph Comparison
- 2020 - DEEPBINDIFF: Learning Program-Wide Code Representations for Binary Diffing
- 2020 - BinDeep: A Deep Learning Approach to Binary Code Similarity Detection
- 2020 - Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned
- 2020 - iDEA: Static Analysis on the Security of Apple Kernel Drivers
- 2020 - HART: Hardware-Assisted Kernel Module Tracing on Arm
- 2020 - AN APPROACH TO COMPARING CONTROL FLOW GRAPHS BASED ON BASIC BLOCK MATCHING
- 2020 - How Far We Have Come: Testing Decompilation Correctness of C Decompilers
- 2020 - Dynamic Binary Lifting and Recompilation DISS
- 2020 - Similarity Based Binary Backdoor Detection via Attributed Control Flow Graph
- 2020 - IoTSIT: A Static Instrumentation Tool for IoT Devices
- 2019 - Code Similarity Detection using AST and Textual Information
- 2018 - CodEX: Source Code Plagiarism DetectionBased on Abstract Syntax Trees
- 2017 - rev.ng: a unified binary analysis framework to recover CFGs and function boundaries
- 2017 - Angr: The Next Generation of Binary Analysis
- 2016 - Binary code is not easy
- 2015 - Cross-Architecture Bug Search in Binary Executables
- 2014 - A platform for secure static binary instrumentation
- 2013 - MIL: A language to build program analysis tools through static binary instrumentation
- 2013 - Binary Code Analysis
- 2013 - A compiler-level intermediate representation based binary analysis and rewriting system
- 2013 - Protocol reverse engineering through dynamic and static binary analysis
- 2013 - BinaryPig: Scalable Static Binary Analysis Over Hadoop
- 2011 - BAP: A Binary Analysis Platform
- 2009 - Syntax tree fingerprinting for source code similarity detection
- 2008 - BitBlaze: A New Approach to Computer Security via Binary Analysis
- 2005 - Practical analysis of stripped binary code
- 2004 - Detecting kernel-level rootkits through binary analysis
Misc
- 2024 - Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services
- 2024 - A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard
- 2023 - MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries
- 2023 - ARMore: Pushing Love Back Into Binaries
- 2023 - gMutant: A gCov based Mutation Testing Analyser
- 2022 - Auto Off-Target: Enabling Thorough and Scalable Testing for Complex Software Systems
- 2022 - GRIN: Make Rewriting More Precise
- 2022 - CFINSIGHT: A Comprehensive Metric for CFI Policies
- 2022 - Odin: On-Demand Instrumentation with On-the-Fly Recompilation
- 2022 - Debloating Address Sanitizer
- 2021 - FMViz: Visualizing Tests Generated by AFL at the Byte-level
- 2021 - Raising MIPS Binaries to LLVM IR
- 2021 - yzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers
- 2021 - Igor: Crash Deduplication Through Root-Cause Clustering
- 2021 - UAFSan: an object-identifier-based dynamic approach for detecting use-after-free vulnerabilities
- 2021 - SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
- 2021 - LLSC: A Parallel Symbolic Execution Compiler for LLVM IR
- 2021 - FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques
- 2020 - Memory Error Detection Based on Dynamic Binary Translation
- 2020 - Sydr: Cutting Edge Dynamic Symbolic Execution
- 2020 - DrPin: A dynamic binary instumentator for multiple processor architectures
- 2020 - MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures
- 2020 - Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation
- 2020 - LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics
- 2020 - Dynamic Program Analysis Tools in GCC and CLANG Compilers
- 2020 - On Using k-means Clustering for Test Suite Reduction
- 2020 - Optimizing the Parameters of an Evolutionary Algorithm for Fuzzing and Test Data Generation
- 2020 - Inputs from Hell: Learning Input Distributions for Grammar-Based Test Generation
- 2020 - IdSan: An identity-based memory sanitizer for fuzzing binaries
- 2020 - An experimental study oncombining automated andstochastic test data generation - MASTER THESIS
- 2020 - FuzzGen: Automatic Fuzzer Generation
- 2020 - Fuzzing: On the Exponential Cost of Vulnerability Discovery
- 2020 - Poster: Debugging Inputs
- 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
- 2020 - Egalito: Layout-Agnostic Binary Recompilation
- 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
- 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
- 2020 - Fast Bit-Vector Satisfiability
- 2020 - MARDU: Efficient and Scalable Code Re-randomization
- 2020 - Towards formal verification of IoT protocols: A Review
- 2020 - Automating the fuzzing triage process
- 2020 - COMPARING AFL SCALABILITY IN VIRTUAL-AND NATIVE ENVIRONMENT
- 2020 - SYMBION: Interleaving Symbolic with Concrete Execution
- 2020 - Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
- 2019 - Toward the Analysis of Embedded Firmware through Automated Re-hosting
- 2019 - FUZZIFICATION: Anti-Fuzzing Techniques
- 2018 - VulinOSS: A Dataset of Security Vulnerabilities in Open-source Systems
- 2018 - HDDr: A Recursive Variantof the Hierarchical Delta Debugging Algorithm
- 2017 - Coarse Hierarchical Delta Debugging
- 2017 - VUDDY: A Scalable Approach for Vulnerable CodeClone Discovery
- 2017 - Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts
- 2017 - Synthesizing Program Input Grammars
- 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
- 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
- 2016 - Modernizing Hierarchical Delta Debugging
- 2016 - VulPecker: An Automated Vulnerability Detection SystemBased on Code Similarity Analysis
- 2016 - CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
- 2016 - RETracer: Triaging Crashes by Reverse Execution fromPartial Memory Dumps
- 2015 - PIE: Parser Identification in Embedded Systems
- 2010 - Iterative Delta Debugging
- 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
- 2006 - HDD: Hierarchical Delta Debugging
Surveys, SoKs, and Studies
- 2024 - SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
- 2024 - A Survey of Protocol Fuzzing
- 2024 - Large Language Models Based Fuzzing Techniques: A Survey
- 2024 - Fuzzing: Progress, Challenges, and Perspectives
- 2023 - A systematic review of fuzzing
- 2023 - An Empirical Study on AST-level mutation-based fuzzing techniques for JavaScript Engines
- 2023 - Software Bug Detection: Challenges and Synergies
- 2023 - Demystify the Fuzzing Methods: A Comprehensive Survey
- 2023 - The Human Side of Fuzzing: Challenges Faced by Developers During Fuzzing Activities
- 2023 - ASanity: On Bug Shadowing by Early ASan Exits
- 2023 - A Case Study on Fuzzing Satellite Firmware
- 2023 - Fuzzing the Latest NTFS in Linux with Papora: An Empirical Study
- 2023 - Fuzzing REST APIs for Bugs: An Empirical Analysis
- 2023 - Automated Binary Analysis: A Survey
- 2023 - Fuzzers for stateful systems: Survey and Research Directions
- 2022 - Detecting Vulnerability on IoT Device Firmware: A Survey
- 2022 - Fuzzing of Embedded Systems: A Survey
- 2022 - Embedded Fuzzing: a Review of Challenges, Tools, and Solutions
- 2022 - An empirical study of vulnerability discovery methods over the past ten years
- 2022 - Fuzzing vulnerability discovery techniques: Survey, challenges and future directions
- 2022 - Fuzzing: A Survey for Roadmap
- 2022 - How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes
- 2021 - Protocol Reverse-Engineering Methods and Tools: A Survey
- 2021 - Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection
- 2021 - A Systematic Review of Network Protocol Fuzzing Techniques
- 2021 - Vulnerability Detection is Just the Beginning
- 2021 - Evaluating Synthetic Bugs
- 2020 - A Practical, Principled Measure of Fuzzer Appeal:A Preliminary Study
- 2020 - A Systemic Review of Kernel Fuzzing
- 2020 - A Survey of Hybrid Fuzzing based on Symbolic Execution
- 2020 - A Study on Using Code Coverage Information Extracted from Binary to Guide Fuzzing
- 2020 - Study of Security Flaws in the Linux Kernel by Fuzzing
- 2020 - Dynamic vulnerability detection approaches and tools: State of the Art
- 2020 - Fuzzing: Challenges and Reflections
- 2020 - The Relevance of Classic Fuzz Testing: Have We Solved This One?
- 2020 - A Practical, Principled Measure of Fuzzer Appeal:A Preliminary Study
- 2020 - SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
- 2020 - A Quantitative Comparison of Coverage-Based Greybox Fuzzers
- 2020 - A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices
- 2020 - A systematic review of fuzzing based on machine learning techniques
- 2019 - A Survey of Binary Code Similarity
- 2019 - The Art, Science, and Engineering of Fuzzing: A Survey
- 2012 - Regression testing minimization, selection and prioritization: a survey
Top Related Projects
86,719
Papers from the computer science community to read and discuss.
4,121
dataset and code for 2016 paper "Learning a Driving Simulator"
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot