Fuzzing

https://github.com/purseclab/fuzzusb/blob/main/paper/fuzzusb.pdf

Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017

https://www.microsoft.com/en-us/research/uploads/prod/2021/09/hyperfuzzer-ccs21.pdf

https://www.microsoft.com/en-us/research/uploads/prod/2021/09/hyperfuzzer-ccs21.pdf

https://gts3.org/assets/papers/2021/ding:snap.pdf

https://taesoo.kim/pubs/2021/jung:winnie.pdf

https://taesoo.kim/pubs/2021/jung:winnie.pdf

https://beerkay.github.io/papers/Berkay2021PGFuzzNDSS.pdf

https://chenbihuan.github.io/paper/ccs18-chen-hawkeye.pdf

https://acmccs.github.io/papers/p2123-corinaA.pdf

https://www.nds.rub.de/media/nds/veroeffentlichungen/2016/10/19/tls-attacker-ccs16.pdf

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.817.5616&rep=rep1&type=pdf

A superior fork to Google's AFL with more speed, more and better mutations, more and better instrumentation, and custom module support.

A mutation-based coverage guided fuzzer that increases branch coverage by solving path constraints without symbolic execution.

A REST API fuzzer that utilizes three data-driven designs working together to guide sequence generation, improve request generation quality, and capture unique errors caused by incorrect parameter usage.

A robust tool and framework designed for automated black-box testing of RESTful web APIs.

An experimental framework for building structure-aware, library API fuzzers.

A browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.

FANS is a fuzzing tool for fuzzing Android native system services. It contains four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.

A fuzzing tool for Android native system services with four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.

A differential fuzz testing approach for CPU verification.

A generic RISC-V processor fuzzing framework that can efficiently detect software triggerable functional bugs.

A tool to enable fuzzing for Spectre vulnerabilities.

Automatically generates and tests building blocks for Meltdown attacks with various faults and microcode assists.

A tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.

A web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.

A state-aware fuzzer for generating as many responses from a web application as possible without need of setting up a database.

A multi-transaction differential fuzzer for finding consensus bugs in Ethereum.

A Blockchain consensus protocol fuzzing framework that detects consensus memory related and logic bugs.

A fuzzer for database management systems (DBMSs).

(2023) - An action-guided kernel fuzzing framework that generates inputs leveraging triggered actions and their temporal relationships.

(2021) - A type-aware Windows kernel fuzzer that statically analyzes system binaries to infer system call types for more effective fuzzing.

(2020) - A coverage-guided fuzzing framework that detects data races in kernel file systems by exploring concurrency through multi-threaded syscall sequences.

(2019) - A kernel fuzzer that uses static analysis and two-phase fuzzing to detect race conditions and concurrency bugs in Linux kernels.

(2019) - A fuzzing framework for automatically discovering semantic bugs in file systems using input mutators, feedback engines, and customizable checkers.

(2019) - A file system fuzzer that finds memory corruptions in Linux kernel file systems by mutating both filesystem images and syscall sequences simultaneously.

(2017) - An interface-aware fuzzer for Linux kernel drivers that automatically recovers ioctl interfaces via LLVM analysis and generates targeted test cases.

(2017) - A kernel API fuzzer that leverages automated API model inference to discover vulnerabilities in macOS kernel APIs.

(2017) - A hardware-assisted x86-64 VM kernel fuzzing framework with performant VM reloads for finding OS kernel vulnerabilities.

(2015) - An unsupervised coverage-guided kernel fuzzer supporting FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, and Windows.

(2012) - A Linux system call fuzzer that generates semi-intelligent random arguments to syscalls, including valid file descriptors, flags, and range-biased values.