Research work based on syzkaller
newer first
SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
Rtkaller: State-aware Task Generation for RTOS Fuzzing
BSOD: Binary-only Scalable fuzzing Of device Drivers
Torpedo: A Fuzzing Framework for Discovering Adversarial Container Workloads
A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
Healer
is a kernel fuzzer inspired by syzkaller. (
pdf
)
SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers
(
source code
)
Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-thread Communication Analysis
Undo Workarounds for Kernel Bugs
(
source code
)
HFL: Hybrid Fuzzing on the Linux Kernel
A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
Industry Practice of Coverage-Guided Enterprise Linux Kernel Fuzzing
Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
(
source code
)
Task selection and seed selection for Syzkaller using reinforcement learning
(announce only)
Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development
FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
(
video
,
slides
,
source code
)
ALEXKIDD-FUZZER: Kernel Fuzzing Guided by Symbolic Information
DIFUZE: Interface Aware Fuzzing for Kernel Drivers
MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
RAZZER: Finding Kernel Race Bugs through Fuzzing
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
Synthesis of Linux Kernel Fuzzing Tools Based on Syscall
Drill the Apple Core: Up & Down
WSL Reloaded
Other kernel fuzzing work
CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers
KRACE: Data Race Fuzzing for Kernel File Systems
trinity
kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
(bridges AFL and Intel PT)
kernel-fuzzing
(bridges AFL and KCOV)
A gentle introduction to Linux Kernel fuzzing
(bridges AFL and KCOV)
IMF: Inferred Model-based Fuzzer
Also see
tech talks page
.