Research work based on syzkaller

newer first

• SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
• SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
• Rtkaller: State-aware Task Generation for RTOS Fuzzing
• BSOD: Binary-only Scalable fuzzing Of device Drivers
• Torpedo: A Fuzzing Framework for Discovering Adversarial Container Workloads
• A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
• Healer is a kernel fuzzer inspired by syzkaller. (pdf)
• SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers (source code)
• Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-thread Communication Analysis
• Undo Workarounds for Kernel Bugs (source code)
• HFL: Hybrid Fuzzing on the Linux Kernel
• A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
• Industry Practice of Coverage-Guided Enterprise Linux Kernel Fuzzing
• Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints (source code)
• Task selection and seed selection for Syzkaller using reinforcement learning (announce only)
• Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development
• FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing
• Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems (video, slides, source code)
• ALEXKIDD-FUZZER: Kernel Fuzzing Guided by Symbolic Information
• DIFUZE: Interface Aware Fuzzing for Kernel Drivers
• MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
• RAZZER: Finding Kernel Race Bugs through Fuzzing
• SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
• Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
• KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
• Synthesis of Linux Kernel Fuzzing Tools Based on Syscall
• Drill the Apple Core: Up & Down
• WSL Reloaded

Other kernel fuzzing work

• CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers
• KRACE: Data Race Fuzzing for Kernel File Systems
• trinity
• kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels (bridges AFL and Intel PT)
• kernel-fuzzing (bridges AFL and KCOV)
• A gentle introduction to Linux Kernel fuzzing (bridges AFL and KCOV)
• IMF: Inferred Model-based Fuzzer

Also see tech talks page.