Note
The sole purpose of this repository is to help me organize recent academic papers related to fuzzing, binary analysis, IoT security, and general exploitation. This is a non-exhausting list, even though I'll try to keep it updated... Feel free to suggest decent papers via a PR.
Read & Tagged
- 2023 - Dissecting American Fuzzy Lop A FuzzBench Evaluation
- Tags:: AFL, collisions, hitcounts, timeout, novelty search, corpus culling, score calculation, corpus scheduling, splicing
- 2022 - DARWIN: Survival of the Fittest Fuzzing Mutators
- Tags: mutation scheduling, evolution strategy, AFL, AFL-MOpT, fuzzbench, magma, ecofuzz
- 2022 - Removing Uninteresting Bytes in Software Fuzzing
- Tags: seed optimization, seed minimization, diar, coverage-guided
- 2021 - An Empirical Study of OSS-Fuzz Bugs
- Tags: flaky bugs, clusterfuzz, sanitizer, bug detection, bug classification, time-to-fix, time-to-detect
- 2020 - Corpus Distillation for Effective Fuzzing
- Tags: corpus minimization, afl-cmin, google fuzzer test suite, FTS, minset, AFL
- 2020 - Symbolic execution with SymCC: Don't interpret, compile!
- Tags: KLEE, QSYM, LLVM, C, C++, compiler, symbolic execution, concolic execution, source code level, IR, angr, Z3, DARPA corpus, AFL
- 2020 - WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
- Tags: REDQUEEN, chunk-based formats, AFLSmart, I2S, checksums, magix bytes, QEMU, Eclipser, short fuzzing runs,
- 2020 - Efficient Binary-Level Coverage Analysis
- Tags: bcov, detour + trampoline, basic block coverage, sliced microexecution, superblocks, strongly connected components, dominator graph, BAP, angr, IDA, DynamoRIO, Intel PI, BAP, angr, IDA, DynamoRIO, Intel PIN
- 2020 - Test-Case Reduction via Test-Case Generation: Insights From the Hypothesis Reducer
- Tags: Test case reducer, property based testing, CSmith, test case generation, hierachical delta debugging
- 2020 - AFL++: Combining Incremental Steps of Fuzzing Research
- Tags: AFL++, AFL, MOpt, LAF-Intel, Fuzzbench, Ngram, RedQueen, Unicorn, QBDI, CmpLog, AFLFast
- 2020 - FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
- Tags: Ghdira, static analysis, sound disassembly, base address finder, BLE, vulnerability discovery
- 2020 - P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling
- Tags: HALucinator, emulation, firmware, QEMU, AFL, requires source, MCU, peripheral abstraction
- 2020 - What Exactly Determines the Type? Inferring Types with Context
- Tags: context assisted type inference, stripped binaries, variable and type reconstruction, IDA Pro, Word2Vec, CNN,
- 2020 - Causal Testing: Understanding Defects’ Root Causes
- Tags: Defects4J, causal relationships, Eclipse plugin, unit test mutation, program trace diffing, static value diffing, user study
- 2020 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
- Tags: RCA, program traces, input diversification, Intel PIN, Rust, CFG,
- 2020 - ParmeSan: Sanitizer-guided Greybox Fuzzing
- Tags: interprocedural CFG, data flow analysis, directed fuzzing (DGF), disregarding 'hot paths', LAVA-M based primitives, LLVM, Angora, AFLGo, ASAP, santizer dependent
- 2020 - Magma: A Ground-Truth Fuzzing Benchmark
- Tags: best practices, fuzzer benchmarking, ground truth, Lava-M
- 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
- Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad benchmarking
- 2020 - GREYONE: Data Flow Sensitive Fuzzing
- Tags: data-flow fuzzing, taint-guided mutation, input prioritization, constraint conformance, REDQUEEN, good evaluation, VUzzer
- 2020 - FairFuzz-TC: a fuzzer targeting rare branches
- Tags: AFL, required seeding, branch mask
- 2020 - Fitness Guided Vulnerability Detection with Greybox Fuzzing
- Tags: AFL, vuln specific fitness metric (headroom), buffer/integer overflow detection, AFLGo, pointer analysis, CIL, bad evaluation
- 2020 - TOFU: Target-Oriented FUzzer
- Tags: DGF, structured mutations, staged fuzzing/learning of cli args, target fitness, structure aware, Dijkstra for priority, AFLGo, Superion
- 2020 - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
- Tags:: sanitizer metadata, optimization, ASAN, MSan, AFL
- 2020 - Boosting Fuzzer Efficiency: An Information Theoretic Perspective
- Tags:: Shannon entropy, seed power schedule, libfuzzer, active SLAM, DGF, fuzzer efficiency
- 2020 - Learning Input Tokens for Effective Fuzzing
- Tags: dynamic taint tracking, parser checks, magic bytes, creation of dict inputs for fuzzers
- 2020 - A Review of Memory Errors Exploitation in x86-64
- Tags: NX, canaries, ASLR, new mitigations, mitigation evaluation, recap on memory issues
- 2020 - SoK: The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing
- Tags: SoK, directed grey box fuzzing, AFL, AFL mutation operators, DGF vs CGF
- 2020 - MemLock: Memory Usage Guided Fuzzing
- Tags: memory consumption, AFL, memory leak, uncontrolled-recursion, uncontrolled-memory-allocation, static analysis
- 2019 - Matryoshka: Fuzzing Deeply Nested Branches
- Tags: AFL, QSYM, Angora, path constraints, nested conditionals, (post) dominator trees, gradient descent, REDQUEEN, LAVA-M
- 2019 - Building Fast Fuzzers
- Tags: grammar based fuzzing, optimization, bold claims, comparison to badly/non-optimized fuzzers, python, lots of micro-optimizations, nice protocolling of failures, bad ASM optimization
- 2019 - Not All Bugs Are the Same: Understanding, Characterizing, and Classifying the Root Cause of Bugs
- Tags: RCA via bug reports, classification model, F score,
- 2019 - AntiFuzz: Impeding Fuzzing Audits of Binary Executables
- Tags: anti fuzzing, prevent crashes, delay executions, obscure coverage information, overload symbolic execution
- 2019 - MOpt: Optimized Mutation Scheduling for Fuzzers
- Tags: mutation scheduling, particle swarm optimization (PSO), AFL, AFL mutation operators, VUzzer,
- 2019 - FuzzFactory: Domain-Specific Fuzzing with Waypoints
- Tags: domain-specific fuzzing, AFL, LLVM, solve hard constraints like cmp, find dynamic memory allocations, binary-based
- 2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
- Tags: Ubuntu, file systems, library OS, ext4, brtfs, meta block mutations, edge cases
- 2019 - REDQUEEN: Fuzzing with Input-to-State Correspondence
- Tags: feedback-driven, AFL, magic-bytes, nested contraints, input-to-state correspondence, I2S
- 2019 - PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
- Tags: kernel, android, userland, embedded, hardware, Linux, device driver, WiFi
- 2019 - FirmFuzz: Automated IoT Firmware Introspection and Analysis
- Tags: emulation, firmadyne, BOF, XSS, CI, NPD, semi-automatic
- 2019 - Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
- Tags: emulation, qemu, afl, full vs user mode, syscall redirect, "augmented process emulation", firmadyne
- 2018 - A Survey of Automated Root Cause Analysisof Software Vulnerability
- Tags: Exploit mitigations, fuzzing basics, symbolic execution basics, fault localization, high level
- 2018 - PhASAR: An Inter-procedural Static Analysis Framework for C/C++
- Tags: LLVM, (inter-procedural) data-flow analysis, call-graph, points-to, class hierachy, CFG, IR
- 2018 - INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing
- Tags: LLVM, instrumentation optimization, graph algorithms, selective instrumentation, coverage calculation
- 2018 - What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
- Tags: embedded, challenges, heuristics, emulation, crash classification, fault detection
- 2018 - Evaluating Fuzz Testing
- Tags: fuzzing evaluation, good practices, bad practices
- 2017 - Root Cause Analysis of Software Bugs using Machine Learning Techniques
- Tags: ML, RC prediction for filed bug reports, unsupervised + supervised combination, RC categorisation, F score
- 2017 - kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
- Tags: intel PT, kernel, AFL, file systems, Windows, NTFS, Linux, ext, macOS, APFS, driver, feedback-driven
- 2016 - Driller: Argumenting Fuzzing Through Selective Symbolic Execution
- Tags: DARPA, CGC, concolic execution, hybrid fuzzer, binary based
- 2015 - Challenges with Applying Vulnerability Prediction Models
- Tags: VPM vs DPM, prediction models on large scale systems, files with frequent changes leave more vulns, older code exhibits more vulns
- 2014 - Optimizing Seed Selection for Fuzzing
- Tags: BFF, (weighted) minset, peach, cover set problem, seed transferabilty, time minset, size minset, round robin
- 2013 - Automatic Recovery of Root Causes from Bug-Fixing Changes
- Tags: ML + SCA, F score, AST, PPA, source tree analysis
Unread
Unread papers categorized by a common main theme.
General fuzzing implementations
- 2023 - Large Language Models are Edge-Case Fuzzers: Testing Deep Learning Libraries via FuzzGPT
- 2023 - SBFT Tool Competition 2023 - Fuzzing Track
- 2023 - CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing
- 2023 - Learning Seed-Adaptive Mutation Strategies for Greybox Fuzzing
- 2023 - Directed Greybox Fuzzing with Stepwise Constraint Focusing
- 2023 - Generation-based fuzzing? Don’t build a new generator, reuse!
- 2023 - RCABench: Open Benchmarking Platform for Root Cause Analysis
- 2023 - Arvin: Greybox Fuzzing Using Approximate Dynamic CFG Analysis
- 2023 - DAISY: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis
- 2023 - autofz: Automated Fuzzer Composition at Runtime
- 2023 - Towards Hybrid Fuzzing with Multi-level Coverage Tree and Reinforcement Learning in Greybox Fuzzing
- 2023 - Fuzzing, Symbolic Execution, and Expert Guidance for Better Testing
- 2023 - Fuzzing vs SBST: Intersections & Differences
- 2023 - Evaluating the Fork-Awareness of Coverage-Guided Fuzzers
- 2023 - Homo in Machina: Improving Fuzz Testing Coverage via Compartment Analysis
- 2023 - The fun in fuzzing - The debugging techniquie comes into its own
- 2023 - Reachable Coverage: Estimating Saturation in Fuzzing
- 2023 - A Seed Scheduling Method With a Reinforcement Learning for a Coverage Guided Fuzzing
- 2023 - SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration
- 2022 - Explainable Fuzzer Evaluation
- 2022 - Rare-Seed Generation for Fuzzing
- 2022 - How to Compare Fuzzers
- 2022 - Valkyrie: Improving Fuzzing Performance Through Deterministic Techniques
- 2022 - FUZZING DEEPER LOGIC WITH IMPEDING FUNCTION TRANSFORMATION
- 2022 - Alphuzz: Monte Carlo Search on Seed-Mutation Tree for Coverage-Guided Fuzzing
- 2022 - AutoGenD: fuzz driver generation for binary libraries without header files and symbol information
- 2022 - Mutation Optimization of Directional Fuzzing for Cumulative Defects
- 2022 - IMPROVING AFL++ CMPLOG: TACKLING THE BOTTLENECKS
- 2022 - One Fuzz Doesn’t Fit All: Optimizing Directed Fuzzing via Target-tailored Program State Restriction
- 2022 - POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems
- 2022 - Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle
- 2022 - Nimbus: Toward Speed Up Function Signature Recovery via Input Resizing and Multi-Task Learning
- 2022 - So Many Fuzzers, So Little Time
- 2022 - SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing
- 2022 - DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing
- 2022 - UltraFuzz: Towards Resource-saving in Distributed Fuzzing
- 2022 - Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots
- 2022 - FuzzerAid: Grouping Fuzzed Crashes Based On Fault Signatures
- 2022 - Automatically Seed Corpus and Fuzzing Executables Generation Using Test Framework
- 2022 - CAMFuzz: Explainable Fuzzing with Local Interpretation
- 2022 - Efficient Greybox Fuzzing to Detect Memory Errors
- 2022 - LibAFL: A Framework to Build Modular and Reusable Fuzzers
- 2022 - FishFuzz: Throwing Larger Nets to Catch Deeper Bugs
- 2022 - SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis
- 2022 - AMSFuzz: An adaptive mutation schedule for fuzzing
- 2022 - FixReverter: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
- 2022 - Multiple Targets Directed Greybox Fuzzing
- 2022 - Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs
- 2022 - DocTer: Documentation-Guided Fuzzing for Testing Deep Learning API Functions
- 2022 - Obtaining Fuzzing Results with Different Timeouts
- 2022 - FASSFuzzer—An Automated Vulnerability Detection System for Android System Services
- 2022 - WindRanger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks
- 2022 - Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds
- 2022 - GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs
- 2022 - AcoFuzz: Adaptive Energy Allocation for Greybox Fuzzing
- 2022 - TargetFuzz: Using DARTs to Guide Directed Greybox Fuzzers
- 2022 - Fast Fuzzing for Memory Errors
- 2022 - Stateful Greybox Fuzzing
- 2022 - Metamorphic Fuzzing of C++ Libraries
- 2022 - Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis
- 2022 - Comparing Fuzzers on a Level Playing Field with FuzzBench
- 2022 - Vulnerability-oriented directed fuzzing for binary programs
- 2022 - An Improvement of AFL Based On The Function Call Depth
- 2022 - FuzzingDriver: the Missing Dictionary to Increase Code Coverage in Fuzzers
- 2022 - BeDivFuzz: Integrating Behavioral Diversity into Generator-based Fuzzing
- 2022 - One Fuzzing Strategy to Rule Them All
- 2022 - Grammars for Free: Toward Grammar Inference for Ad Hoc Parsers
- 2022 - Fuzzing Class Specifications
- 2022 - Mutation Analysis: Answering the Fuzzing Challenge
- 2022 - Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths
- 2022 - BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning
- 2022 - MORPHUZZ: Bending (Input) Space to Fuzz Virtual Devices
- 2021 - A parallel fuzzing method based on two-stage mutation
- 2021 - Better Pay Attention Whilst Fuzzing
- 2021 - Diar: Removing Uninteresting Bytes from Seeds in Software Fuzzing
- 2021 - Reducing Time-To-Fix For Fuzzer Bugs
- 2021 - Casr-Cluster: Crash Clustering for Linux Applications
- 2021 - Fuzzm: Finding Memory Bugs through Binary-Only Instrumentation and Fuzzing of WebAssembly
- 2021 - InstruGuard: Find and Fix Instrumentation Errors for Coverage-based Greybox Fuzzing
- 2021 - POSTER: OS Independent Fuzz Testing of I/O Boundary
- 2021 - HDBFuzzer–Target-oriented Hybrid Directed Binary Fuzzer
- 2021 - ovAFLow: Detecting Memory Corruption Bugs with Fuzzing-based Taint Inference
- 2021 - SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
- 2021 - SiliFuzz: Fuzzing CPUs by proxy
- 2021 - Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing
- 2021 - Facilitating Parallel Fuzzing with Mutually-exclusive Task Distribution
- 2021 - PATA: Fuzzing with Path Aware Taint Analysis
- 2021 - BSOD: Binary-only Scalable fuzzing Of device Drivers
- 2021 - FuzzBench: An Open Fuzzer Benchmarking Platform and Service
- 2021 - My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers
- 2021 - Scalable Fuzzing of Program Binaries with E9AFL
- 2021 - HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs
- 2021 - BigMap: Future-proofing Fuzzers with Efficient Large Maps
- 2021 - Token-Level Fuzzing
- 2021 - Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection
- 2021 - LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating
- 2021 - ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities
- 2021 - KCFuzz: Directed Fuzzing Based on Keypoint Coverage
- 2021 - TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing
- 2021 - Fuzzing with optimized grammar-aware mutation strategies
- 2021 - Directed Fuzzing for Use-After-FreeVulnerabilities Detection
- 2021 - DIFUZZRTL: Differential Fuzz Testing to FindCPU Bugs
- 2021 - Z-Fuzzer: device-agnostic fuzzing of Zigbee protocol implementation
- 2021 - Fuzzing with Multi-dimensional Control of Mutation Strategy
- 2021 - Using a Guided Fuzzer and Preconditions to Achieve Branch Coverage with Valid Inputs
- 2021 - RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing
- 2021 - CoCoFuzzing: Testing Neural Code Models with Coverage-Guided Fuzzing
- 2021 - Seed Selection for Successful Fuzzing
- 2021 - Gramatron: Effective Grammar-Aware Fuzzing
- 2021 - Hyntrospect: a fuzzer for Hyper-V devices
- 2021 - FUZZOLIC: mixing fuzzing and concolic execution
- 2021 - QFuzz: Quantitative Fuzzing for Side Channels
- 2021 - Revizor: Fuzzing for Leaks in Black-box CPUs
- 2021 - Unleashing Fuzzing Through Comprehensive, Efficient, and Faithful Exploitable-Bug Exposing
- 2021 - Constraint-guided Directed Greybox Fuzzing
- 2021 - Test-Case Reduction and Deduplication Almost forFree with Transformation-Based Compiler Testing
- 2021 - RULF: Rust Library Fuzzing via API Dependency Graph Traversal
- 2021 - STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
- 2021 - PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State
- 2021 - MuDelta: Delta-Oriented Mutation Testing at Commit Time
- 2021 - CollabFuzz: A Framework for Collaborative Fuzzing
- 2021 - MUTAGEN: Faster Mutation-Based Random Testing
- 2021 - Inducing Subtle Mutations with Program Repair
- 2021 - Differential Analysis of X86-64 Instruction Decoders
- 2021 - On Introducing Automatic Test Case Generation in Practice: A Success Story and Lessons Learned
- 2021 - A Priority Based Path Searching Method for Improving Hybrid Fuzzing
- 2021 - IntelliGen: Automatic Driver Synthesis for Fuzz Testing
- 2021 - icLibFuzzer: Isolated-context libFuzzer for Improving Fuzzer Comparability
- 2021 - SN4KE: Practical Mutation Testing at Binary Level
- 2021 - One Engine to Fuzz ’em All: Generic Language Processor Testing with Semantic Validation
- 2021 - Growing A Test Corpus with Bonsai Fuzzing
- 2021 - Fuzzing Symbolic Expressions
- 2021 - JMPscare: Introspection for Binary-Only Fuzzing
- 2021 - An Improved Directed Grey-box Fuzzer
- 2021 - A Binary Protocol Fuzzing Method Based on SeqGAN
- 2021 - Refined Grey-Box Fuzzing with Sivo
- 2021 - PSOFuzzer: A Target-Oriented Software Vulnerability Detection Technology Based on Particle Swarm Optimization
- 2021 - MooFuzz: Many-Objective Optimization Seed Schedule for Fuzzer
- 2021 - CMFuzz: context-aware adaptive mutation for fuzzers
- 2021 - GTFuzz: Guard Token Directed Grey-Box Fuzzing
- 2021 - ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing
- 2021 - SymQEMU:Compilation-based symbolic execution for binaries
- 2021 - CONCOLIC EXECUTION TAILORED FOR HYBRID FUZZING THESIS
- 2021 - Breaking Through Binaries: Compiler-quality Instrumentationfor Better Binary-only Fuzzing
- 2021 - AlphaFuzz: Evolutionary Mutation-based Fuzzing as Monte Carlo Tree Search
- 2020 - Fuzzing with Fast Failure Feedback
- 2020 - LAFuzz: Neural Network for Efficient Fuzzing
- 2020 - MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique
- 2020 - Program State Abstraction for Feedback-Driven Fuzz Testing using Likely Invariants
- 2020 - PMFuzz: Test Case Generation for Persistent Memory Programs
- 2020 - FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs
- 2020 - Integrity: Finding Integer Errors by Targeted Fuzzing
- 2020 - ConFuzz: Coverage-guided Property Fuzzing for Event-driven Programs
- 2020 - AFLTurbo: Speed up Path Discovery for Greybox Fuzzing
- 2020 - Fuzzing Channel-Based Concurrency Runtimes using Types and Effects
- 2020 - DeFuzz: Deep Learning Guided Directed Fuzzing
- 2020 - CrFuzz: Fuzzing Multi-purpose Programs through InputValidation
- 2020 - EPfuzzer: Improving Hybrid Fuzzing with Hardest-to-reach Branch Prioritization
- 2020 - Fuzzing Based on Function Importance by Attributed Call Graph
- 2020 - UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
- 2020 - PathAFL: Path-Coverage Assisted Fuzzing
- 2020 - Path Sensitive Fuzzing for Native Applications
- 2020 - UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling
- 2020 - Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
- 2020 - SpecFuzz: Bringing Spectre-type vulnerabilities to the surface
- 2020 - Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
- 2020 - MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs
- 2020 - Evolutionary Grammar-Based Fuzzing
- 2020 - AFLpro: Direction sensitive fuzzing
- 2020 - CSI-Fuzz: Full-speed Edge Tracing Using Coverage Sensitive Instrumentation
- 2020 - Scalable Greybox Fuzzing for Effective Vulnerability Management DISS
- 2020 - HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing
- 2020 - Fuzzing Binaries for Memory Safety Errors with QASan
- 2020 - Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning
- 2020 - IJON: Exploring Deep State Spaces via Fuzzing
- 2020 - Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
- 2020 - PANGOLIN: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
- 2020 - UEFI Firmware Fuzzing with Simics Virtual Platform
- 2020 - Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities
- 2020 - FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning
- 2020 - HyDiff: Hybrid Differential Software Analysis
- 2019 - Engineering a Better Fuzzer with SynergicallyIntegrated Optimizations
- 2019 - Superion: Grammar-Aware Greybox Fuzzing
- 2019 - ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
- 2019 - Grimoire: Synthesizing Structure while Fuzzing
- 2019 - Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
- 2019 - SAVIOR: Towards Bug-Driven Hybrid Testing
- 2019 - FUDGE: Fuzz Driver Generation at Scale
- 2019 - NAUTILUS: Fishing for Deep Bugs with Grammars
- 2019 - Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing
- 2019 - EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers
- 2018 - Fuzz Testing in Practice: Obstacles and Solutions
- 2018 - PAFL: Extend Fuzzing Optimizations of Single Mode to Industrial Parallel Mode
- 2018 - PTfuzz: Guided Fuzzing with Processor Trace Feedback
- 2018 - Angora: Efficient Fuzzing by Principled Search
- 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
- 2018 - NEUZZ: Efficient Fuzzing with Neural Program Smoothing
- 2018 - CollAFL: path Sensitive Fuzzing
- 2018 - Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing
- 2018 - QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
- 2018 - Coverage-based Greybox Fuzzing as Markov Chain
- 2018 - MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
- 2018 - Singularity: Pattern Fuzzing for Worst Case Complexity
- 2018 - Smart Greybox Fuzzing
- 2018 - Hawkeye: Towards a Desired Directed Grey-box Fuzzer
- 2018 - PerfFuzz: Automatically Generating Pathological Inputs
- 2018 - FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
- 2018 - Enhancing Memory Error Detection forLarge-Scale Applications and Fuzz Testing
- 2018 - T-Fuzz: fuzzing by program transformation
- 2017 - Evaluating and improving fault localization
- 2017 - IMF: Inferred Model-based Fuzzer
- 2017 - Synthesizing Program Input Grammars
- 2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
- 2017 - Steelix: Program-State Based Binary Fuzzing
- 2017 - Designing New Operating Primitives to ImproveFuzzing Performance
- 2017 - VUzzer: Application-aware Evolutionary Fuzzing
- 2017 - DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
- 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
- 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
- 2013 - Scheduling Black-box Mutational Fuzzing
- 2013 - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
- 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing
- 2011 - Offset-Aware Mutation based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results
- 2010 - TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
- 2009 - Taint-based Directed Whitebox Fuzzing
- 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
- 2008 - Grammar-based Whitebox Fuzzing
- 2008 - Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing
- 2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
- 2008 - KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
- 2008 - Automated Whitebox Fuzz Testing
- 2005 - DART: Directed Automated Random Testing
- 1994 - Dominators, Super Blocks, and Program Coverage
IoT fuzzing
- 2023 - Icicle: A Re-Designed Emulator for Grey-Box Firmware Fuzzing
- 2022 - FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules
- 2022 - FuzzDocs: An Automated Security Evaluation Framework for IoT
- 2022 - AflIot: Fuzzing on linux-based IoT device with binary-level instrumentation
- 2022 - Tardis: Coverage-Guided Embedded Operating System Fuzzing
- 2022 - Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation
- 2022 - Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers
- 2022 - PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices
- 2022 - RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface
- 2022 - IoTInfer: Automated Blackbox Fuzz Testing of IoT Network Protocols Guided by Finite State Machine Inference
- 2022 - Debugger-driven Embedded Fuzzing
- 2022 - Game of Hide-and-Seek: Exposing Hidden Interfaces in Embedded Web Applications of IoT Devices
- 2022 - 𝜇AFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware
- 2022 - FirVer: Concolic Testing for Systematic Validation of Firmware Binaries
- 2022 - Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
- 2021 - CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels
- 2021 - An Efficient Feedback-enhanced Fuzzing Scheme for Linux-based IoT Firmwares
- 2021 - A Fuzzing Method for Embedded Software
- 2021 - Large-scale Firmware Vulnerability Analysis Based on Code Similarity
- 2021 - Towards Fast and Scalable Firmware Fuzzing with Dual-Level Peripheral Modeling
- 2021 - Riding the IoT Wave with VFuzz: Discovering Security Flaws in Smart Home
- 2021 - Zero WFuzzer: Target-Oriented Fuzzing for Web Interface of Embedded Devices
- 2021 - StFuzzer: Contribution-Aware Coverage-Guided Fuzzing for Smart Devices
- 2021 - Rtkaller: State-aware Task Generation for RTOS Fuzzing
- 2021 - IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware
- 2021 - Automatic Vulnerability Detection in Embedded Devices and Firmware: Survey and Layered Taxonomies
- 2021 - Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems
- 2021 - FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation
- 2020 - Verification of Embedded Software Binaries using Virtual Prototypes
- 2020 - μSBS: Static Binary Sanitization of Bare-metal Embedded Devices forFault Observability
- 2020 - Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
- 2020 - Vulnerability Detection in SIoT Applications: A Fuzzing Method on their Binaries
- 2020 - FirmAE: Towards Large-Scale Emulation of IoT Firmware forDynamic Analysis
- 2020 - FIRMNANO: Toward IoT Firmware Fuzzing Through Augmented Virtual Execution
- 2020 - ARM-AFL: Coverage-Guided Fuzzing Framework for ARM-Based IoT Devices
- 2020 - Bug detection in embedded environments by fuzzing and symbolic execution
- 2020 - FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware
- 2020 - EM-Fuzz: Augmented Firmware Fuzzing via Memory Checking
- 2020 - Verification of Embedded Binaries using Coverage-guided Fuzzing with System C-based Virtual Prototypes
- 2020 - DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis
- 2020 - Fw‐fuzz: A code coverage‐guided fuzzing framework for network protocols on firmware
- 2020 - Taint-Driven Firmware Fuzzing of Embedded Systems
- 2020 - A Dynamic Instrumentation Technology for IoT Devices
- 2020 - Vulcan: a state-aware fuzzing tool for wear OS ecosystem
- 2020 - A Novel Concolic Execution Approach on Embedded Device
- 2020 - HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols implementations
- 2020 - FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution
- 2018 - IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
- 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
- 2016 - Scalable Graph-based Bug Search for Firmware Images
- 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
- 2015 - Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
- 2014 - A Large-Scale Analysis of the Security of Embedded Firmwares
- 2013 - RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing
Firmware Emulation
- 2022 - What You See is Not What You Get: Revealing Hidden Memory Mapping for Peripheral Modeling
- 2022 - What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation (Extended Version)
- 2022 - BEERR: Bench of Embedded system Experiments for Reproducible Research
- 2022 - FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware
- 2022 - An Automated Approach to Re-Hosting Embedded Firmware Through Removing Hardware Dependencies
- 2021 - FIRMGUIDE: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
- 2021 - Automatic Firmware Emulation through Invalidity-guided Knowledge Inference(Extended Version)
- 2021 - Firmware Re-hosting Through Static Binary-level Porting
- 2021 - Jetset: Targeted Firmware Rehosting for Embedded Systems
- 2021 - Automatic Firmware Emulation through Invalidity-guided Knowledge Inference
Network fuzzing
- 2023 - INTENDER: Fuzzing Intent-Based Networking with Intent-State Transition Guidance
- 2023 - NSFuzz: Towards Eficient and State-Aware Network Service Fuzzing
- 2022 - FitM: Binary-Only Coverage-Guided Fuzzing for Stateful Network Protocols
- 2022 - WThreadAFL:Deterministic Greybox Fuzzing for Multi-threadNetwork Servers
- 2022 - Model-Based Grey-Box Fuzzing of Network Protocols
- 2022 - Registered Report: NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing
- 2022 - SnapFuzz: An Efficient Fuzzing Framework for Network Applications
- 2022 - REST API Fuzzing by Coverage Level Guided Blackbox Testing
- 2022 - SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols using Snapshots
- 2022 - WAFL: Binary-Only WebAssembly Fuzzing with Fast Snapshots
- 2021 - Nyx-Net: Network Fuzzing with Incremental Snapshots
- 2021 - RapidFuzz: Accelerating Fuzzing via Generative Adversarial Networks
- 2021 - StateAFL: Greybox Fuzzing for Stateful Network Servers
- 2020 - AFLNET: A Greybox Fuzzer for Network Protocols
- 2020 - Finding Security Vulnerabilities in Network Protocol Implementations
Kernel fuzzing
- 2023 - KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations
- 2023 - BoKASAN: Binary-only Kernel Address Sanitizer for Effective Kernel Fuzzing
- 2023 - DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing
- 2023 - Towards Unveiling Exploitation Potential With Multiple Error Behaviors for Kernel Bugs
- 2023 - No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions
- 2022 - PrIntFuzz: fuzzing Linux drivers via automated virtual device simulation
- 2022 - KSG: Augmenting Kernel Fuzzing with System Call Specification Generation
- 2022 - Demystifying the Dependency Challenge in Kernel Fuzzing
- 2022 - Midas: Systematic Kernel TOCTTOU Protection
- 2021 - Evaluating Code Coverage for Kernel Fuzzers via Function Call Graph
- 2021 - ACHyb: a hybrid analysis approach to detect kernel access control vulnerabilities
- 2021 - CVFuzz: Detecting complexity vulnerabilities in OpenCL kernels via automated pathological input generation
- 2021 - HEALER: Relation Learning Guided Kernel Fuzzing
- 2021 - SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
- 2021 - NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis
- 2021 - Undo Workarounds for Kernel Bugs
- 2020 - A Hybrid Interface Recovery Method for Android Kernels Fuzzing
- 2020 - FINDING RACE CONDITIONS IN KERNELS:FROM FUZZING TO SYMBOLIC EXECUTION - THESIS
- 2020 - Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
- 2020 - X-AFL: a kernel fuzzer combining passive and active fuzzing
- 2020 - Identification of Kernel Memory Corruption Using Kernel Memory Secret Observation Mechanism
- 2020 - HFL: Hybrid Fuzzing on the Linux Kernel
- 2020 - Realistic Error Injection for System Calls
- 2020 - KRACE: Data Race Fuzzing for Kernel File Systems
- 2020 - USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
- 2019 - Fuzzing File Systems via Two-Dimensional Input Space Exploration
- 2019 - Razzer: Finding Kernel Race Bugs through Fuzzing
- 2019 - Unicorefuzz: On the Viability of Emulation for Kernel space Fuzzing
- 2017 - Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
- 2017 - DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- 2008 - Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities
Format specific fuzzing
- 2023 - MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
- 2023 - EFCF: High Performance Smart Contract Fuzzing for Exploit Generation
- 2023 - ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
- 2023 - VIDEZZO: Dependency-aware Virtual Device Fuzzing
- 2023 - HyPFuzz: Formal-Assisted Processor Fuzzing
- 2023 - FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities
- 2022 - SFuzz: Slice-based Fuzzing for Real-Time Operating Systems
- 2022 - LFUZZ: Exploiting Locality for File-system Fuzzing
- 2022 - MUNDOFUZZ: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference
- 2022 - DTLS-Fuzzer: A DTLS Protocol State Fuzzer
- 2022 - FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks
- 2022 - TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities
- 2021 - V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing
- 2021 - FormatFuzzer: Effective Fuzzing of Binary File Formats
- 2020 - NYX: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
- 2020 - Tree2tree Structural Language Modeling for Compiler Fuzzing
- 2020 - Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
- 2020 - JS Engine - Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
- 2020 - JS Engine - Fuzzing JavaScript Engines with Aspect-preserving Mutation
- 2020 - CUDA Compiler - CUDAsmith: A Fuzzer for CUDA Compilers
- 2020 - Smart Contracts - sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts
- 2019 - Compiler Fuzzing: How Much Does It Matter?
- 2019 - Smart Contracts - Harvey: A Greybox Fuzzer for Smart Contracts
- 2017 - XML - Skyfire: Data-Driven Seed Generation for Fuzzing
Exploitation
- 2023 - Automated Exploitable Heap Layout Generation for Heap Overflows Through Manipulation Distance-Guided Fuzzing
- 2023 - The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
- 2023 - Detecting Exploit Primitives Automatically for Heap Vulnerabilities on Binary Programs
- 2022 - RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64
- 2022 - Automatic Permission Check Analysis for Linux Kernel
- 2022 - OS-Aware Vulnerability Prioritization via Differential Severity Analysis
- 2022 - Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs
- 2022 - KASPER: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel
- 2022 - MaMaDroid 2.0 - The Holes of control flow graphs
- 2022 -ShadowHeap: Memory Safety through Efficient Heap Metadata Validation
- 2022 - MACH2: System for Root Cause Analysis of Kernel Vulnerabilities [THESIS]
- 2021 - Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis
- 2021 - MAJORCA: Multi-Architecture JOP and ROP Chain Assembler
- 2021 - A Novel Method for the Automatic Generation of JOP Chain Exploits
- 2021 - V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities
- 2021 - Identifying Valuable Pointers in Heap Data
- 2021 - OCTOPOCS: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept
- 2021 - Characterizing Vulnerabilities in a Major Linux Distribution
- 2021 - MAZE: Towards Automated Heap Feng Shui
- 2021 - Vulnerability Detection in C/C++ Source Code With Graph Representation Learning
- 2021 - mallotROPism: a metamorphic engine for malicious software variation development
- 2020 - Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
- 2020 - Shadow-Heap: Preventing Heap-based Memory Corruptions by Metadata Validation
- 2020 - Practical Fine-Grained Binary Code Randomization
- 2020 - Tiny-CFA: Minimalistic Control-Flow Attestation UsingVerified Proofs of Execution
- 2020 - Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters - PHD THESIS
- 2020 - ABCFI: Fast and Lightweight Fine-Grained Hardware-Assisted Control-Flow Integrity
- 2020 - HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities
- 2020 - Localizing Patch Points From One Exploit
- 2020 - Speculative Dereferencing of Registers: Reviving Foreshadow
- 2020 - HAEPG: An Automatic Multi-hop Exploitation Generation Framework
- 2020 - Exploiting More Binaries by Using Planning to Assemble ROP Exploiting More Binaries by Using Planning to Assemble ROP Attacks Attacks
- 2020 - ROPminer: Learning-Based Static Detection of ROP Chain Considering Linkability of ROP Gadgets
- 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
- 2020 - KASLR: Break It, Fix It, Repeat
- 2020 - ShadowGuard : Optimizing the Policy and Mechanism of Shadow Stack Instrumentation using Binary Static Analysis
- 2020 - VulHunter: An Automated Vulnerability Detection System Based on Deep Learning and Bytecode
- 2020 - Analysis and Evaluation of ROPInjector
- 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
- 2020 - KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- 2020 - Egalito: Layout-Agnostic Binary Recompilation
- 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
- 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
- 2020 - Preventing Return Oriented Programming Attacks By Preventing Return Instruction Pointer Overwrites
- 2019 - Kernel Protection Against Just-In-Time Code Reuse
- 2019 - Kernel Exploitation Via Uninitialized Stack
- 2019 - KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities
- 2019 - SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel
- 2018 - HeapHopper: Bringing Bounded Model Checkingto Heap Implementation Security
- 2018 - K-Miner: Uncovering Memory Corruption in Linux
- 2017 - HAIT: Heap Analyzer with Input Tracing
- 2017 - DROP THE ROP: Fine-grained Control-flow Integrity for the Linux Kernel
- 2017 - kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse
- 2017 - Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
- 2017 - Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
- 2016 - Scalable Graph-based Bug Search for Firmware Images
- 2015 - Cross-Architecture Bug Search in Binary Executables
- 2015 - SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems
- 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
- 2015 - PIE: Parser Identification in Embedded Systems
- 2014 - ret2dir: Rethinking Kernel Isolation
- 2014 - Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform
- 2012 - Anatomy of a Remote Kernel Exploit
- 2012 - A Heap of Trouble: Breaking the LinuxKernel SLOB Allocator
- 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
- 2011 - Protecting the Core: Kernel Exploitation Mitigations
- 2015 - From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
- 2014 - ret2dir: Rethinking Kernel Isolation
- 2012 - Anatomy of a Remote Kernel Exploit
- 2012 - A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
- 2011 - Linux kernel vulnerabilities: state-of-the-art defenses and open problems
- 2011 - Protecting the Core: Kernel Exploitation Mitigations
Static Binary Analysis
- 2021 - ICALLEE: Recovering Call Graphs for Binaries
- 2021 - EnBinDiff: Identifying Data-only Patches for Binaries
- 2021 - VIVA: Binary Level Vulnerability Identification via Partial Signature
- 2021 - Overview of the advantages and disadvantages of static code analysis tools
- 2021 - Multi-Level Cross-Architecture Binary Code Similarity Metric
- 2020 - VulDetector: Detecting Vulnerabilities using Weighted Feature Graph Comparison
- 2020 - DEEPBINDIFF: Learning Program-Wide Code Representations for Binary Diffing
- 2020 - BinDeep: A Deep Learning Approach to Binary Code Similarity Detection
- 2020 - Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned
- 2020 - iDEA: Static Analysis on the Security of Apple Kernel Drivers
- 2020 - HART: Hardware-Assisted Kernel Module Tracing on Arm
- 2020 - AN APPROACH TO COMPARING CONTROL FLOW GRAPHS BASED ON BASIC BLOCK MATCHING
- 2020 - How Far We Have Come: Testing Decompilation Correctness of C Decompilers
- 2020 - Dynamic Binary Lifting and Recompilation DISS
- 2020 - Similarity Based Binary Backdoor Detection via Attributed Control Flow Graph
- 2020 - IoTSIT: A Static Instrumentation Tool for IoT Devices
- 2019 - Code Similarity Detection using AST and Textual Information
- 2018 - CodEX: Source Code Plagiarism DetectionBased on Abstract Syntax Trees
- 2017 - rev.ng: a unified binary analysis framework to recover CFGs and function boundaries
- 2017 - Angr: The Next Generation of Binary Analysis
- 2016 - Binary code is not easy
- 2015 - Cross-Architecture Bug Search in Binary Executables
- 2014 - A platform for secure static binary instrumentation
- 2013 - MIL: A language to build program analysis tools through static binary instrumentation
- 2013 - Binary Code Analysis
- 2013 - A compiler-level intermediate representation based binary analysis and rewriting system
- 2013 - Protocol reverse engineering through dynamic and static binary analysis
- 2013 - BinaryPig: Scalable Static Binary Analysis Over Hadoop
- 2011 - BAP: A Binary Analysis Platform
- 2009 - Syntax tree fingerprinting for source code similarity detection
- 2008 - BitBlaze: A New Approach to Computer Security via Binary Analysis
- 2005 - Practical analysis of stripped binary code
- 2004 - Detecting kernel-level rootkits through binary analysis
Misc
- 2023 - MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries
- 2023 - ARMore: Pushing Love Back Into Binaries
- 2023 - gMutant: A gCov based Mutation Testing Analyser
- 2022 - Auto Off-Target: Enabling Thorough and Scalable Testing for Complex Software Systems
- 2022 - GRIN: Make Rewriting More Precise
- 2022 - CFINSIGHT: A Comprehensive Metric for CFI Policies
- 2022 - Odin: On-Demand Instrumentation with On-the-Fly Recompilation
- 2022 - Debloating Address Sanitizer
- 2021 - FMViz: Visualizing Tests Generated by AFL at the Byte-level
- 2021 - Raising MIPS Binaries to LLVM IR
- 2021 - yzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers
- 2021 - Igor: Crash Deduplication Through Root-Cause Clustering
- 2021 - UAFSan: an object-identifier-based dynamic approach for detecting use-after-free vulnerabilities
- 2021 - SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
- 2021 - LLSC: A Parallel Symbolic Execution Compiler for LLVM IR
- 2021 - FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques
- 2020 - Memory Error Detection Based on Dynamic Binary Translation
- 2020 - Sydr: Cutting Edge Dynamic Symbolic Execution
- 2020 - DrPin: A dynamic binary instumentator for multiple processor architectures
- 2020 - MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures
- 2020 - Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation
- 2020 - LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics
- 2020 - Dynamic Program Analysis Tools in GCC and CLANG Compilers
- 2020 - On Using k-means Clustering for Test Suite Reduction
- 2020 - Optimizing the Parameters of an Evolutionary Algorithm for Fuzzing and Test Data Generation
- 2020 - Inputs from Hell: Learning Input Distributions for Grammar-Based Test Generation
- 2020 - IdSan: An identity-based memory sanitizer for fuzzing binaries
- 2020 - An experimental study oncombining automated andstochastic test data generation - MASTER THESIS
- 2020 - FuzzGen: Automatic Fuzzer Generation
- 2020 - Fuzzing: On the Exponential Cost of Vulnerability Discovery
- 2020 - Poster: Debugging Inputs
- 2020 - API Misuse Detection in C Programs: Practice on SSL APIs
- 2020 - Egalito: Layout-Agnostic Binary Recompilation
- 2020 - Verifying Software Vulnerabilities in IoT Cryptographic Protocols
- 2020 - μRAI: Securing Embedded Systems with Return Address Integrity
- 2020 - Fast Bit-Vector Satisfiability
- 2020 - MARDU: Efficient and Scalable Code Re-randomization
- 2020 - Towards formal verification of IoT protocols: A Review
- 2020 - Automating the fuzzing triage process
- 2020 - COMPARING AFL SCALABILITY IN VIRTUAL-AND NATIVE ENVIRONMENT
- 2020 - SYMBION: Interleaving Symbolic with Concrete Execution
- 2020 - Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
- 2019 - Toward the Analysis of Embedded Firmware through Automated Re-hosting
- 2019 - FUZZIFICATION: Anti-Fuzzing Techniques
- 2018 - VulinOSS: A Dataset of Security Vulnerabilities in Open-source Systems
- 2018 - HDDr: A Recursive Variantof the Hierarchical Delta Debugging Algorithm
- 2017 - Coarse Hierarchical Delta Debugging
- 2017 - VUDDY: A Scalable Approach for Vulnerable CodeClone Discovery
- 2017 - Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts
- 2017 - Synthesizing Program Input Grammars
- 2017 - Designing New Operating Primitives to Improve Fuzzing Performance
- 2017 - Instruction Punning: Lightweight Instrumentation for x86-64
- 2016 - Modernizing Hierarchical Delta Debugging
- 2016 - VulPecker: An Automated Vulnerability Detection SystemBased on Code Similarity Analysis
- 2016 - CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
- 2016 - RETracer: Triaging Crashes by Reverse Execution fromPartial Memory Dumps
- 2015 - PIE: Parser Identification in Embedded Systems
- 2010 - Iterative Delta Debugging
- 2009 - Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
- 2006 - HDD: Hierarchical Delta Debugging
Surveys, SoKs, and Studies
- 2023 - Fuzzing the Latest NTFS in Linux with Papora: An Empirical Study
- 2023 - Fuzzing REST APIs for Bugs: An Empirical Analysis
- 2023 - Automated Binary Analysis: A Survey
- 2023 - Fuzzers for stateful systems: Survey and Research Directions
- 2022 - Detecting Vulnerability on IoT Device Firmware: A Survey
- 2022 - Fuzzing of Embedded Systems: A Survey
- 2022 - Embedded Fuzzing: a Review of Challenges, Tools, and Solutions
- 2022 - An empirical study of vulnerability discovery methods over the past ten years
- 2022 - Fuzzing vulnerability discovery techniques: Survey, challenges and future directions
- 2022 - Fuzzing: A Survey for Roadmap
- 2022 - How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes
- 2021 - Protocol Reverse-Engineering Methods and Tools: A Survey
- 2021 - Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection
- 2021 - A Systematic Review of Network Protocol Fuzzing Techniques
- 2021 - Vulnerability Detection is Just the Beginning
- 2021 - Evaluating Synthetic Bugs
- 2020 - A Practical, Principled Measure of Fuzzer Appeal:A Preliminary Study
- 2020 - A Systemic Review of Kernel Fuzzing
- 2020 - A Survey of Hybrid Fuzzing based on Symbolic Execution
- 2020 - A Study on Using Code Coverage Information Extracted from Binary to Guide Fuzzing
- 2020 - Study of Security Flaws in the Linux Kernel by Fuzzing
- 2020 - Dynamic vulnerability detection approaches and tools: State of the Art
- 2020 - Fuzzing: Challenges and Reflections
- 2020 - The Relevance of Classic Fuzz Testing: Have We Solved This One?
- 2020 - A Practical, Principled Measure of Fuzzer Appeal:A Preliminary Study
- 2020 - SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
- 2020 - A Quantitative Comparison of Coverage-Based Greybox Fuzzers
- 2020 - A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices
- 2020 - A systematic review of fuzzing based on machine learning techniques
- 2019 - A Survey of Binary Code Similarity
- 2019 - The Art, Science, and Engineering of Fuzzing: A Survey
- 2012 - Regression testingminimization, selection and prioritization: a survey