General
Readings
Readings: Books
Readings: General
- Evaluating Fuzz Testing
- FuzzingPaper: Recent Papers Related To Fuzzing
- Fuzzing: a survey
- Fuzzing: Hack, Art, and Science
- The Art, Science, and Engineering of Fuzzing: A Survey
- The Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes
Readings: Practice
- Billions and billions of constraints: Whitebox fuzz testing in production
- Building an ARM-based Fuzzing Cluster
- Circumventing Fuzzing Roadblocks with Compiler Transformations
- Fuzzers love assertions
- Fuzzing with AFL workshop
- Fuzzing workflows: a fuzz job from start to finish
- John Regehr
- One Weird Trick for Finding More Crashes: crasher recycling
- Statistical Evaluation of a Fuzzing Dictionary
- The Art of Fuzzing – Slides and Demos
- What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
Software
- Angora: a mutation-based fuzzer
- ClusterFuzz: a scalable fuzzing infrastructure which finds security and stability issues in software
- DeepState: A unit test-like interface for fuzzing and symbolic execution
- DeepState is a framework that provides C and C++ developers with a common interface to various symbolic execution and fuzzing engines. Users can write one test harness using a Google Test-like API, then execute it using multiple backends without having to learn the complexities of the underlying engines. It supports writing unit tests and API sequence tests, as well as automatic test generation.
- https://github.com/trailofbits/deepstate
- DeepState: Symbolic Unit Testing for C and C++
- Fuzzing an API with DeepState
- FuzzFactory: Domain-Specific Fuzzing with Waypoints
- Grammarinator: ANTLRv4 grammar-based test generator
- Honggfuzz
- JFS (JIT Fuzzing Solver)
- Constraint solver based on coverage-guided fuzzing
- https://github.com/delcypher/jfs
- Just Fuzz It: Solving Floating-Point Constraints using Coverage-Guided Fuzzing
- MoonLight: Fuzzing Corpus Design and Construction
- Nautilus: Fishing for Deep Bugs with Grammars
- Orthrus
- https://github.com/test-pipeline/orthrus
- Orthrus is a tool for managing, conducting, and assessing dictionary-based security (fuzz) testing for autotools projects. At the moment, it supports Clang/LLVM instrumentation and the AFL ecosystem (afl-fuzz, afl-utils, afl-cov). The ultimate aim is for Orthrus to be a generic wrapper around state-of-the-art fuzz and instrumentation tools on the one hand, and disparate build systems on the other.
- Static Program Analysis as a Fuzzing Aid
- Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing
- QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
- Radamsa
- RamFuzz: Combining Unit Tests, Fuzzing, and AI
- A fuzzer for individual method parameters
- RamFuzz is a fuzzer for individual method parameters in unit tests. A unit test can use RamFuzz to generate random parameter values for methods under test. The values are logged, and the log can be replayed to repeat the exact same test scenario. But RamFuzz also allows mutation of the replay, where some parts of the log are replayed while others are replaced by newly generated values. The new run is also logged, yielding a mutated test scenario and allowing the classic fuzzing evolution process of progressively mutating the input until a bug is triggered.
- https://github.com/dekimir/RamFuzz
- RamFuzz: A Framework for C++ Test Generation via Deep Learning - https://github.com/dekimir/RamFuzz/blob/master/sci/ramfuzz.md
- RapidFuzz
- TriforceAFL: AFL/QEMU fuzzing with full-system emulation.
- zzuf: a transparent application input fuzzer
Software: AFL
- american fuzzy lop (AFL)
- AFL++
- AFL-based-fuzzers-overview
- afl-utils
- afl-cov - AFL Fuzzing Code Coverage
- afl-cov: AFL fuzzing coverage CFG visualization
- afl-fuzz on different file systems
- AFL-Mutation-Chain
- AFLGo: Directed Greybox Fuzzing
- Awesome-AFL
- Driller: augmenting AFL with symbolic execution!
- Internals of AFL fuzzer - Compile Time Instrumentation
- WinAFL: A fork of AFL for fuzzing Windows binaries
- Zoo AFL: AFL utilities and modifications
Software: libFuzzer
- libFuzzer – a library for coverage-guided fuzz testing.
- Deconstructing LibProtobuf/Mutator Fuzzing
- Efficient Fuzzing Guide
- Fuzzing arbitrary functions in ELF binaries using LIEF and LibFuzzer
- Introduction to using libFuzzer with llvm-toolset
- libfuzzer-workshop
- libfuzzerfication
- libprotobuf-mutator
Software: Benchmarking
- fuzzer-test-suite: Set of tests for fuzzing engines
- FuzzBench: Fuzzer Benchmarking as a Service
Software: OS: Linux
- difuze: Fuzzer for Linux Kernel Drivers
- syzkaller: an unsupervised, coverage-guided kernel fuzzer
Software: OS: Windows
- Sienna Locomotive: A user-friendly fuzzing and crash triage tool for Windows
Software: Performance
Fuzzing applied to software performance.
- PerfFuzz: Automatically Generate Pathological Inputs for C/C++ programs
- perf fuzzer: Targeted fuzzing of the perf_event_open() system call
- SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
- A spin on libFuzzer so as to favor inputs incurring a slowdown. The key modifications consist of changing the fitness function, to favor inputs that excercise more basic block edges, as well as introducing probabilities in the selection of mutations to be performed, so as to preserve "locality" of the created inputs.
- https://github.com/nettrino/slowfuzz
- ACM CCS 2017
Talks
Talks: 2020
- Lightning in a Bottle: 25 Years of Fuzzing
Talks: 2019
- C++ Sanitizers and Fuzzing for the Windows Platform Using New Compilers, Visual Studio, and Azure
- Fuzzing for developers
- Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing
- Make your programs more reliable with Fuzzing
- Modern Source Fuzzing
- Testing Legacy Code - Fuzzing for Better Input Data
- What the Fuzz
Talks: 2018
- Adventures in Fuzzing
- Finding security vulnerabilities with modern fuzzing techniques
- Fuzzing Corpus Optimization - Moonwalking with Moonbeams
- Fuzzing with AFL
- Making Your Library More Reliable with Fuzzing
- Seems Exploitable: Exposing Hidden Exploitable Behaviors Using Extended Differential Fuzzing
- Structure aware fuzzing
- Want more stable kernel? Fuzz it!
Talks: 2017
- Between Testing and Formal Verification
- Finding Security Vulnerabilities by Fuzzing and Dynamic Code Analysis
- Fuzz or lose: why and how to make fuzzing a standard practice for C++
- Fuzz Testing
- Fuzzing with AFL
- Modern Fuzzing of Media-Processing Projects
Talks: 2016
- Effective File Format Fuzzing – Thoughts, Techniques and Results
- Fuzz Smarter Not Harder: An afl fuzz Primer
- The Smart Fuzzer Revolution
Talks: 2015
- Automated Software Testing for the 21st Century
Talks: 2007
- Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing
Tags:
native
reading
Last modified 03 November 2024