|
| https://github.com/secnotes/fuzzing-tutorial |
| Home | https://secnotes.github.io/fuzzing-tutorial/index.html |
| English | https://secnotes.github.io/fuzzing-tutorial/index_en.html |
| Contributing | https://secnotes.github.io/fuzzing-tutorial/contributing.html |
| https://github.com/secnotes/Fuzzing-tutorial |
| English | https://secnotes.github.io/fuzzing-tutorial/index_en.html |
| The Fuzzing Book, 2019 | https://www.Fuzzingbook.org/ |
| Fuzzing for Software Security Testing and Quality Assurance, 2018 | https://www.amazon.com/Fuzzing-Software-Security-Testing-Assurance/dp/1608078507/ |
| The Art, Science, and Engineering of Fuzzing: A Survey, 2019 | https://ieeexplore.ieee.org/document/8863940 |
| Fuzzing: a survey, 2018 | https://cybersecurity.springeropen.com/articles/10.1186/s42400-018-0002-y |
| Cybersecurity | https://cybersecurity.springeropen.com/ |
| Evaluating Fuzz Testing, 2018 | http://www.cs.umd.edu/~mwh/papers/Fuzzeval.pdf |
| Fuzzing: Art, Science, and Engineering, 2018 | https://arxiv.org/pdf/1812.00140.pdf |
| Fuzzing: State of the art, 2018 | https://ieeexplore.ieee.org/document/8371326 |
| IEEE Transactions on Reliability | https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=24 |
| Source-and-Fuzzing, 2019 | https://github.com/lcatro/Source-and-Fuzzing |
| Effective File Format Fuzzing – Thoughts, Techniques and Results, 2015 | https://www.youtube.com/watch?v=qTTwqFRD1H8 |
| CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers, 2021 | https://www.jstage.jst.go.jp/article/transinf/E104.D/11/E104.D_2021NGP0005/_pdf |
| Better Pay Attention Whilst Fuzzing, 2022 | https://arxiv.org/pdf/2112.07143 |
| ADGFUZZ: Assignment Dependency-Guided Fuzzing for Robotic Vehicles, 2026 | https://www.ndss-symposium.org/ndss-paper/adgfuzz-assignment-dependency-guided-fuzzing-for-robotic-vehicles/ |
| ADGFuzz 已开源 | https://github.com/wyunc/ADGFuzz |
| An LLM-Driven Fuzzing Framework for Detecting Logic Instruction Bugs in PLCs, 2026 | https://www.ndss-symposium.org/ndss-paper/an-llm-driven-fuzzing-framework-for-detecting-logic-instruction-bugs-in-plcs/ |
| BSFuzzer: Context-Aware Semantic Fuzzing for BLE Logic Flaw Detection, 2026 | https://www.ndss-symposium.org/ndss-paper/bsfuzzer-context-aware-semantic-fuzzing-for-ble-logic-flaw-detection/ |
| BSFuzz 已开源 | https://github.com/yangting111/BSFuzz |
| DOM-XSS Detection via Webpage Interaction Fuzzing and URL Component Synthesis, 2026 | https://www.ndss-symposium.org/ndss-paper/dom-xss-detection-via-webpage-interaction-fuzzing-and-url-component-synthesis/ |
| FirmAgent: Leveraging Fuzzing to Assist LLM Agents with IoT Firmware Vulnerability Discovery, 2026 | https://www.ndss-symposium.org/ndss-paper/firmagent-leveraging-fuzzing-to-assist-llm-agents-with-iot-firmware-vulnerability-discovery/ |
| FirmAgent 已开源 | https://github.com/vul337/FirmAgent |
| 看雪解读 | https://bbs.kanxue.com/thread-291020.htm |
| Fuzzilicon: A Post-Silicon Microcode-Guided x86 CPU Fuzzer, 2026 | https://www.ndss-symposium.org/ndss-paper/fuzzilicon-a-post-silicon-microcode-guided-x86-cpu-fuzzer/ |
| GoldenFuzz: Generative Golden Reference Hardware Fuzzing, 2026 | https://www.ndss-symposium.org/ndss-paper/goldenfuzz-generative-golden-reference-hardware-fuzzing/ |
| HyperMirage: Direct State Manipulation in Hybrid Virtual CPU Fuzzing, 2026 | https://www.ndss-symposium.org/ndss-paper/hypermirage-direct-state-manipulation-in-hybrid-virtual-cpu-fuzzing/ |
| HyperMirage 已开源 | https://github.com/tum-itsec/hypermirage |
| MUTATO: Enhancing Fuzz Drivers with Adaptive API Option Mutation, 2026 | https://www.ndss-symposium.org/ndss-paper/mutato-enhancing-fuzz-drivers-with-adaptive-api-option-mutation/ |
| PhyFuzz: Detecting Sensor Vulnerabilities with Physical Signal Fuzzing, 2026 | https://www.ndss-symposium.org/ndss-paper/phyfuzz-detecting-sensor-vulnerabilities-with-physical-signal-fuzzing/ |
| PortRush: Detect Write Port Contention Side-Channel Vulnerabilities via Hardware Fuzzing, 2026 | https://www.ndss-symposium.org/ndss-paper/portrush-detect-write-port-contention-side-channel-vulnerabilities-via-hardware-fuzzing/ |
| ReFuzz: Reusing Tests for Processor Fuzzing with Contextual Bandits, 2026 | https://www.ndss-symposium.org/ndss-paper/refuzz-reusing-tests-for-processor-fuzzing-with-contextual-bandits/ |
| RTCON: Context-Adaptive Function-Level Fuzzing for RTOS Kernels, 2026 | https://www.ndss-symposium.org/ndss-paper/rtcon-context-adaptive-function-level-fuzzing-for-rtos-kernels/ |
| RTCON 已开源 | https://github.com/kaist-hacking/RTCON |
| SYSYPHUZZ: the Pressure of More Coverage, 2026 | https://www.ndss-symposium.org/ndss-paper/sysyphuzz-the-pressure-of-more-coverage/ |
| Sysyphuzz 已开源 | https://github.com/HexHive/Sysyphuzz |
| Automatic Library Fuzzing through API Relation Evolvement, 2025 | https://www.ndss-symposium.org/ndss-paper/automatic-library-Fuzzing-through-api-relation-evolvement/ |
| Blackbox Fuzzing of Distributed Systems with Multi-Dimensional Inputs and Symmetry-Based Feedback Pruning, 2025 | https://www.ndss-symposium.org/ndss-paper/blackbox-Fuzzing-of-distributed-systems-with-multi-dimensional-inputs-and-symmetry-based-feedback-pruning/ |
| DistFuzz 已开源 | https://github.com/zouyonghao/DistFuzz |
| DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing, 2025 | https://www.ndss-symposium.org/ndss-paper/dumpling-fine-grained-differential-javascript-engine-Fuzzing/ |
| 已开源 | https://github.com/two-heart/dumpling-artifact-evaluation |
| FuzzUER: Enabling Fuzzing of UEFI Interfaces on EDK-2, 2025 | https://www.ndss-symposium.org/ndss-paper/Fuzzuer-enabling-Fuzzing-of-uefi-interfaces-on-edk-2/ |
| ICSQuartz: Scan Cycle-Aware and Vendor-Agnostic Fuzzing for Industrial Control Systems, 2025 | https://www.ndss-symposium.org/ndss-paper/icsquartz-scan-cycle-aware-and-vendor-agnostic-Fuzzing-for-industrial-control-systems/ |
| ISCQuartz | https://github.com/momalab/ICSQuartz |
| MALintent: Coverage Guided Intent Fuzzing Framework for Android, 2025 | https://www.ndss-symposium.org/ndss-paper/malintent-coverage-guided-intent-Fuzzing-framework-for-android/ |
| 已开源 | https://github.com/sslab-gatech/MALintent |
| Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution States, 2025 | https://www.ndss-symposium.org/ndss-paper/moneta-ex-vivo-gpu-driver-Fuzzing-by-recalling-in-vivo-execution-states/ |
| QMSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing, 2025 | https://www.ndss-symposium.org/ndss-paper/qmsan-efficiently-detecting-uninitialized-memory-errors-during-Fuzzing/ |
| QMSan | https://github.com/heinzeen/qmsan |
| TWINFuzz: Differential Testing of Video Hardware Acceleration Stacks, 2025 | https://www.ndss-symposium.org/ndss-paper/twinFuzz-differential-testing-of-video-hardware-acceleration-stacks/ |
| twinFuzz | https://github.com/CISPA-SysSec/twinFuzz |
| Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices, 2025 | https://www.ndss-symposium.org/ndss-paper/truman-constructing-device-behavior-models-from-os-drivers-to-Fuzz-virtual-devices/ |
| 中文解读 | https://zhuanlan.zhihu.com/p/1892291730214199900 |
| DeepGo: Predictive Directed Greybox Fuzzing, 2024 | https://www.ndss-symposium.org/ndss-paper/deepgo-predictive-directed-greybox-Fuzzing/ |
| EnclaveFuzz: Finding Vulnerabilities in SGX Applications, 2024 | https://www.ndss-symposium.org/ndss-paper/enclaveFuzz-finding-vulnerabilities-in-sgx-applications/ |
| 已开源 | https://github.com/vul337/EnclaveFuzz |
| Large Language Model guided Protocol Fuzzing, 2024 | https://www.ndss-symposium.org/ndss-paper/large-language-model-guided-protocol-Fuzzing/ |
| ChatAFL 已开源 | https://github.com/ChatAFLndss/ChatAFL |
| MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency, 2024 | https://www.ndss-symposium.org/ndss-paper/mock-optimizing-kernel-Fuzzing-mutation-with-context-aware-dependency/ |
| 待开源 | https://github.com/m0ck1ng/mock |
| Predictive Context-sensitive Fuzzing, 2024 | https://www.ndss-symposium.org/ndss-paper/predictive-context-sensitive-Fuzzing/ |
| 已开源 | https://github.com/eurecom-s3/predictive-cs-Fuzzing |
| ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing, 2024 | https://www.ndss-symposium.org/ndss-paper/reqsminer-automated-discovery-of-cdn-forwarding-request-inconsistencies-and-dos-attacks-with-grammar-based-Fuzzing/ |
| 已开源 | https://github.com/Konano/ReqsMiner |
| ShapFuzz: Efficient Fuzzing via Shapley-Guided Byte Selection, 2024 | https://www.ndss-symposium.org/ndss-paper/shapFuzz-efficient-Fuzzing-via-shapley-guided-byte-selection/ |
| 已开源 | https://github.com/ShapFuzz/ShapFuzz |
| Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software, 2023 | https://www.ndss-symposium.org/ndss-paper/assessing-the-impact-of-interface-vulnerabilities-in-compartmentalized-software/ |
| 已开源 | https://github.com/confFuzz/confFuzz |
| FuzzILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities, 2023 | https://www.ndss-symposium.org/ndss-paper/Fuzzilli-Fuzzing-for-javascript-jit-compiler-vulnerabilities/ |
| 已开源 | https://github.com/googleprojectzero/Fuzzilli |
| No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions, 2023 | https://www.ndss-symposium.org/ndss-paper/no-grammar-no-problem-towards-Fuzzing-the-linux-kernel-without-system-call-descriptions/ |
| FuzzNG 已开源 | https://github.com/BUseclab/FuzzNG |
| DARWIN: Survival of the Fittest Fuzzing Mutators, 2023 | https://www.ndss-symposium.org/ndss-paper/darwin-survival-of-the-fittest-Fuzzing-mutators/ |
| 已开源 | https://github.com/TUDA-SSL/DARWIN |
| LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols, 2023 | https://www.ndss-symposium.org/ndss-paper/loki-state-aware-Fuzzing-framework-for-the-implementation-of-blockchain-consensus-protocols/ |
| OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables, 2023 | https://www.ndss-symposium.org/ndss-paper/obsan-an-out-of-bound-sanitizer-to-harden-dnn-executables/ |
| 已开源 | https://github.com/yanzuochen/obsan |
| Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators, 2022 | https://www.ndss-symposium.org/ndss-paper/auto-draft-248/ |
| MobFuzz: Adaptive Multi-objective Optimization in Gray-box Fuzzing, 2022 | https://www.ndss-symposium.org/ndss-paper/auto-draft-199/ |
| FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware, 2022 | https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf |
| FirmWire | https://github.com/FirmWire/FirmWire |
| EMS: History-Driven Mutation for Coverage-based Fuzzing, 2022 | https://nesa.zju.edu.cn/download/lcy_pdf_ems_ndss22.pdf |
| Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection, 2022 | https://www.ndss-symposium.org/ndss-paper/auto-draft-198/ |
| datAFLow: Towards a Data-Flow-Guided Fuzzer, 2022 | https://www.ndss-symposium.org/ndss-paper/auto-draft-273/ |
| Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases, 2021 | https://www.ndss-symposium.org/ndss-paper/favocado-Fuzzing-the-binding-code-of-javascript-engines-using-semantically-correct-test-cases/ |
| Favocado | https://github.com/favocado/Favocado |
| WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning, 2021 | https://www.ndss-symposium.org/ndss-paper/winnie-Fuzzing-windows-applications-with-harness-synthesis-and-fast-cloning/ |
| WINNIE | https://github.com/sslab-gatech/winnie |
| PGFuzz: Policy-Guided Fuzzing for Robotic Vehicles, 2021 | https://www.ndss-symposium.org/ndss-paper/pgFuzz-policy-guided-Fuzzing-for-robotic-vehicles/ |
| PGFuzz | https://github.com/purseclab/PGFuzz |
| Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing, 2021 | https://www.ndss-symposium.org/ndss-paper/reinforcement-learning-based-hierarchical-seed-scheduling-for-greybox-Fuzzing/ |
| HFL: Hybrid Fuzzing on the Linux Kernel, 2020 | https://www.unexploitable.systems/publication/kimhfl/ |
| HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing, 2020 | https://www.researchgate.net/publication/339164746_HotFuzz_Discovering_Algorithmic_Denial-of-Service_Vulnerabilities_Through_Guided_Micro-Fuzzing |
| Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization, 2020 | https://www.ndss-symposium.org/wp-content/uploads/2020/02/24422.pdf |
| TortoiseFuzz | https://github.com/TortoiseFuzz/TortoiseFuzz |
| PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary, 2019 | https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf |
| INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing, 2018 | https://www.ndss-symposium.org/wp-content/uploads/2018/07/bar2018_14_Hsu_paper.pdf |
| IOTFuzzER: Discovering Memory Corruptions in IoT Through App-based Fuzzing, 2018 | https://secnotes.github.io/fuzzing-tutorial/### 固件 |
| What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices | http://s3.eurecom.fr/docs/ndss18_muench.pdf |
| Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, 2018 | https://lifeasageek.github.io/papers/han:meds.pdf |
| DELTA: A Security Assessment Framework for Software-Defined Networks, 2017 | https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss201702A-1LeePaper.pdf |
| AidFuzzer: Adaptive Interrupt-Driven Firmware Fuzzing via Run-Time State Recognition, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/wang-jianqiang |
| GenHuzz: An Efficient Generative Hardware Fuzzer, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/wu-lichao |
| Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/bolcskei |
| Encarsia 开源链接 | https://github.com/comsec-group/encarsia |
| Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/solt |
| 知乎 | https://zhuanlan.zhihu.com/p/1927138475397874487 |
| NASS: Fuzzing All Native Android System Services with Interface Awareness and Coverage, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/mao |
| NASS 已开源 | https://github.com/iromise/fans |
| LLFuzz: An Over-the-Air Dynamic Testing Framework for Cellular Baseband Lower Layers, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/hoang |
| 工具已开源 | https://github.com/SysSec-KAIST/LLFuzz |
| Waltzz: WebAssembly Runtime Fuzzing with Stack-Invariant Transformation, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/zhang-lingming |
| 看雪 | https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458451152&idx=2&sn=4abbf7a643b93027529e12442608aca2&chksm=b18fcc5a86f8454cb6051aab6a45751ad736285e3f46e92436edb2b963b46bee27da5e0c9922&scene=27 |
| 开源链接 | https://zenodo.org/records/14718828 |
| MBFuzzer: A Multi-Party Protocol Fuzzer for MQTT Brokers, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/song-xiangpu |
| ctfiot | https://www.ctfiot.com/272328.html |
| 开源链接 | https://zenodo.org/records/14710570 |
| ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/deng |
| 实验数据开源 | https://github.com/vul337/IDFuzz |
| IDFuzz: Intelligent Directed Grey-box Fuzzing, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/chen-yiyang |
| 实验数据开源 | https://github.com/vul337/IDFuzz |
| Robust, Efficient, and Widely Available Greybox Fuzzing for COTS Binaries with System Call Pattern Feedback, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/xiao-jifan |
| SAFuzz 已开源 | https://github.com/Nova-xiao/SPFuzz |
| BLuEMan: A Stateful Simulation-based Fuzzing Framework for Open-Source RTOS Bluetooth Low Energy Protocol Stacks, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/kao |
| BLuEMan 已开源 | https://github.com/zoolab-org/blueman.artifact |
| ELFuzz: Efficient Input Generation via LLM-driven Synthesis Over Fuzzer Space, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/chen-chuyang |
| elFuzz 已开源 | https://github.com/OSUSecLab/elFuzz |
| Hybrid Language Processor Fuzzing via LLM-Based Constraint Solving, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/yang-yupeng |
| hlpFuzz 源码及附件 | https://zenodo.org/records/15606061 |
| From Alarms to Real Bugs: Multi-target Multi-step Directed Greybox Fuzzing for Static Analysis Result Verification, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/bao-andrew |
| Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/zhang-kunpeng |
| G2Fuzz 已开源 | https://github.com/G2Fuzz/G2Fuzz |
| Fuzzing the PHP Interpreter via Dataflow Fusion, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/jiang-yuancheng |
| XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/shi-youkun |
| Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection, 2025 | https://www.usenix.org/conference/usenixsecurity25/presentation/lin-zihan |
| A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/schilling |
| TSAN | https://github.com/CISPA-SysSec/binary-tsan |
| Critical Code Guided Directed Greybox Fuzzing for Commits, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/xiang-yi |
| WAFLGO | https://github.com/He1loNice/WAFLGo |
| EL3XIR: Fuzzing COTS Secure Monitors, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/lindenmeier |
| EL3XIR | https://github.com/HexHive/EL3XIR |
| Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/asmita |
| HYPERPILL: Fuzzing for Hypervisor-bugs by leveraging the Hardware Virtualization Interface, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/bulekov |
| HyperPill | https://github.com/HexHive/HyperPill |
| MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic Firmware, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/chesser |
| Fuzzware | https://github.com/MultiFuzz/MultiFuzz |
| SDFuzz: Target States Driven Directed Fuzzing, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/li-penghui |
| SHiFT: Semi-hosted Fuzz Testing for Embedded Applications, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/mera |
| SHiFT | https://github.com/RiS3-Lab/SHiFT |
| Towards Generic Database Management System Fuzzing, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/yang-yupeng |
| WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/borkar |
| Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/bars |
| 工具原型已开源 | https://github.com/Fuzztruction/Fuzztruction |
| DynSQL: Stateful Fuzzing for Database Management Systems with Complex and Valid SQL Query Generation, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/jiang-zu-ming |
| FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/wang-junjie |
| FuzzJIT | https://github.com/SpaceNaN/Fuzzjit |
| GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/peng |
| GLeeFuzz | https://github.com/HexHive/GLeeFuzz |
| Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-cen |
| PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/li-wen |
| POLYFuzz | https://github.com/Daybreak2019/PolyFuzz |
| AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/shi-ji |
| Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/zhao-yudi |
| TEFuzz 已开源 | https://github.com/seclab-fudan/TEFuzz |
| MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/chen-xingman |
| MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/xu-jinyan |
| MorFuzz | https://github.com/sycuricon/MorFuzz |
| MINER: A Hybrid Data-Driven Approach for REST API Fuzzing, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/lyu |
| MINER | https://github.com/puppet-meteor/MINER |
| KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/yin |
| KextFuzz | https://github.com/vul337/KextFuzz |
| Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/kim-jiwon |
| DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/yuan-ming |
| DDRace | https://github.com/vul337/DDRace |
| CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/wang-dawei |
| CarpetFuzz | https://github.com/waugustus/CarpetFuzz |
| BoKASAN: Binary-only Kernel Address Sanitizer for Effective Kernel Fuzzing, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/cho |
| Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/luo-zhengxiong |
| autofz: Automated Fuzzer Composition at Runtime, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/fu-yu-fu |
| autofz | https://github.com/sslab-gatech/autofz |
| MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/myung |
| TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities, 2022 | https://arxiv.org/abs/2201.09941 |
| Morphuzz: Bending (Input) Space to Fuzz Virtual Devices, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/bulekov |
| Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski |
| Fuzzware | https://github.com/Fuzzware-Fuzzer/Fuzzware |
| FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/kim |
| FuzzOrigin | https://github.com/compsec-snu/Fuzzorigin |
| DriFuzz: Harvesting Bugs in Device Drivers from Golden Seeds, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/shen-zekun |
| DriFuzz | https://github.com/buszk/driFuzz-concolic |
| Fuzzing Hardware Like Software, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/trippel |
| AFL | https://github.com/google/AFL |
| hw-Fuzzing | https://github.com/googleinterns/hw-Fuzzing |
| BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/garbelini |
| braktooth_esp32_bluetooth_classic_attacks | https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks |
| AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/krupp |
| AmpFuzz | https://github.com/cispa/ampFuzz |
| SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/cloosters |
| sgxFuzz | https://github.com/uni-due-syssec/sgxFuzz |
| FRAMESHIFTER: Manipulating HTTP/2 Frame Sequences with Fuzzing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/jabiyev |
| frameshifter | https://github.com/bahruzjabiyev/frameshifter |
| FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-zenong |
| StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/zhao-bodong |
| StateFuzz | https://github.com/vul337/StateFuzz |
| SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs inLinux kernel, 2022 | https://www.usenix.org/system/files/sec22summer_zou.pdf |
| Constraint-guided Directed Greybox Fuzzing, 2021 | https://www.usenix.org/conference/usenixsecurity21/presentation/lee-gwangmu |
| UNIFuzz: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers, 2021 | https://www.usenix.org/biblio-6129 |
| Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, 2021 | https://www.usenix.org/conference/usenixsecurity21/presentation/schumilo |
| RUB-SysSec | https://github.com/RUB-SysSec |
| Nyx | https://github.com/RUB-SysSec/Nyx |
| Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing, 2021 | https://www.usenix.org/conference/usenixsecurity21/presentation/nagy |
| The Use of Likely Invariants as Feedback for Fuzzers, 2021 | https://www.usenix.org/conference/usenixsecurity21/presentation/fioraldi |
| eurecom-s3 | https://github.com/eurecom-s3 |
| invscov | https://github.com/eurecom-s3/invscov |
| Analysis of DTLS Implementations Using Protocol State Fuzzing, 2020 | https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean |
| TLS-Attacker | https://github.com/tls-attacker/TLS-Attacker |
| EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit, 2020 | https://www.usenix.org/conference/usenixsecurity20/presentation/yue |
| EcoFuzz | https://github.com/MoonLight-SteinsGate/EcoFuzz |
| FANS: Fuzzing Android Native System Services via Automated Interface Analysis, 2020 | https://www.usenix.org/conference/usenixsecurity20/presentation/liu |
| 刘保证 | http://netsec.ccert.edu.cn/people/iromise/ |
| 开源连接 | https://github.com/iromise/fans |
| Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection, 2020 | https://www.usenix.org/conference/usenixsecurity20/presentation/jiang |
| FuzzGen: Automatic Fuzzer Generation, 2020 | https://www.usenix.org/conference/usenixsecurity20/presentation/ispoglou |
| FuzzGen | https://github.com/HexHive/FuzzGen |
| GREYONE: Data Flow Sensitive Fuzzing, 2020 | https://www.usenix.org/conference/usenixsecurity20/presentation/gan |
| SweynTooth: Unleashing Mayhem over Bluetooth Low Energy, 2020 | https://www.usenix.org/conference/atc20/presentation/garbelini |
| sweyntooth_bluetooth_low_energy_attacks | https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks |
| Fuzzification: Anti-Fuzzing Techniques, 2019 | https://www.usenix.org/conference/usenixsecurity19/presentation/jung |
| AntiFuzz: Impeding Fuzzing Audits of Binary Executables, 2019 | https://www.usenix.org/conference/usenixsecurity19/presentation/guler |
| MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation, 2018 | https://www.usenix.org/conference/usenixsecurity18/presentation/pailoor |
| MoonShine | https://github.com/shankarapailoor/moonshine |
| QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018 | https://www.usenix.org/conference/usenixsecurity18/presentation/yun |
| QSYM | https://github.com/sslab-gatech/qsym |
| OSS-Fuzz - Google's continuous Fuzzing service for open source software, 2017 | https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/serebryany |
| kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017 | https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schumilo |
| FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization, 2025 | https://www.computer.org/csdl/proceedings-article/sp/2025/223600a002/21B7PVDny6I |
| 代码已开源 | https://github.com/NESA-Lab/FirmRCA |
| Predator: Directed Web Application Fuzzing for Efficient Vulnerability Validation, 2025 | https://www.computer.org/csdl/proceedings-article/sp/2025/223600a066/21B7Ray6BkA |
| RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes, 2025 | https://www.computer.org/csdl/proceedings-article/sp/2025/223600a003/21B7PWv1JGU |
| 工具已开源 | https://github.com/kaist-hacking/RGFuzz |
| AFGen: Whole-Function Fuzzing for Applications and Libraries, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a011/1RjE9PjiDss |
| 代码即将开源 | https://github.com/Marsman1996/AFGen |
| Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a109/1Ub23heRtUA |
| DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a096/1Ub234bjuWA |
| tlspuffin | https://github.com/tlspuffin/tlspuffin |
| LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a127/1Ub23HQTJ1C |
| Predecessor-aware Directed Greybox Fuzzing, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a040/1RjEaeMELbq |
| SATURN: Host-Gadget Synergistic USB Driver Fuzzing, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a051/1RjEaqzRsfC |
| Saturn | https://github.com/THU-WingTecher/Saturn |
| SoK: Prudent Evaluation Practices for Fuzzing, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a137/1Ub23V26Svm |
| SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a070/1RjEaG9OpTa |
| SyzTrust | https://github.com/SyzTrust/syztrust |
| Titan: Efficient Multi-target Directed Greybox Fuzzing, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a059/1RjEaxqvmQ8 |
| To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux' Wireless Stacks through VirtIO Devices, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a024/1RjEa0y9RMQ |
| VirtFuzz | https://github.com/cyruscyliu/virtFuzz-evaluation |
| DEVFuzz: Automatic Device Model-Guided Device Driver Fuzzing, 2023 | https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Nrc0AgBCgM/pdf |
| DEVFuzz | https://github.com/lzto/afl-proxy.git |
| ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing, 2023 | https://arxiv.org/abs/2304.04233 |
| Finding Specification Blind Spots via Fuzz Testing, 2023 | https://cs.uwaterloo.ca/~m285xu/assets/publication/fast-paper.pdf |
| RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing, 2023 | https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0Ek1SE6c/pdf |
| SegFuzz: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing, 2023 | https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1NrbZrWlldK/pdf |
| SegFuzz | https://github.com/casys-kaist/segFuzz.git |
| SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration, 2023 | https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Js0DBwgpwY/pdf |
| SelectFuzz | https://github.com/cuhk-seclab/SelectFuzz |
| TEEzz: Fuzzing Trusted Applications on COTS Android Devices, 2023 | https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7XWu6nJe/pdf |
| UTOPIA: Automatic Generation of Fuzz Driver using Unit Tests, 2023 | https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1He7YBzoF0c/pdf |
| VIDEZZO: Dependency-aware Virtual Device Fuzzing, 2023 | https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Nrc0ztdpDy/pdf |
| ViDeZZo | https://github.com/HexHive/ViDeZZo |
| Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities, 2023 | https://www.computer.org/csdl/proceedings-article/sp/2023/933600a116/1He7XPiaynS |
| Witcher | https://github.com/sefcom/Witcher |
| JIGSAW: Efficient and Scalable Path Constraints Fuzzing, 2022 | https://www.cs.ucr.edu/~heng/pubs/jigsaw_sp22.pdf |
| JIGSAW | https://github.com/R-Fuzz/jigsaw |
| PATA: Fuzzing with Path Aware Taint Analysis, 2022 | http://www.wingtecher.com/themes/WingTecherResearch/assets/papers/sp22.pdf |
| FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022 | https://ieeexplore.ieee.org/document/9833593 |
| Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis, 2022 | https://arxiv.org/abs/2203.12064 |
| K-Scheduler | https://github.com/Dongdongshe/K-Scheduler |
| BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning, 2022 | https://qingkaishi.github.io/public_pdfs/SP22.pdf |
| DiFuzzRTL: Differential Fuzz Testing to Find CPU Bugs, 2021 | https://ieeexplore.ieee.org/document/9519470 |
| DiFuzzRTL | https://github.com/compsec-snu/diFuzz-rtl |
| StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting, 2021 | https://ieeexplore.ieee.org/document/9519407 |
| ZhangZhuoSJTU | https://github.com/ZhangZhuoSJTU |
| StochFuzz | https://github.com/ZhangZhuoSJTU/StochFuzz |
| NtFuzz: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis, 2021 | https://ieeexplore.ieee.org/document/9519448 |
| SoftSec-KAIST | https://github.com/SoftSec-KAIST |
| NTFuzz | https://github.com/SoftSec-KAIST/NTFuzz |
| Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices, 2021 | https://ieeexplore.ieee.org/document/9519432 |
| ucsb-seclab | https://github.com/ucsb-seclab |
| diane | https://github.com/ucsb-seclab/diane |
| One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation, 2021 | https://ieeexplore.ieee.org/document/9519403 |
| s3team | https://github.com/s3team |
| Polyglot | https://github.com/s3team/Polyglot |
| IJON: Exploring Deep State Spaces via Fuzzing, 2020 | https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2020/02/27/IJON-Oakland20.pdf |
| Krace: Data Race Fuzzing for Kernel File Systems, 2020 | https://www.cc.gatech.edu/~mxu80/pubs/xu:krace.pdf |
| Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction, 2020 | https://qingkaishi.github.io/public_pdfs/SP2020.pdf |
| RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization, 2020 | https://www.semanticscholar.org/paper/RetroWrite%3A-Statically-Instrumenting-COTS-Binaries-Dinesh-Burow/845cafb153b0e4b9943c6d9b6a7e42c14845a0d6 |
| Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing, 2019 | https://www.computer.org/csdl/proceedings-article/sp/2019/666000b122/19skgbGVFEQ |
| UnTracer | https://github.com/FoRTE-Research/UnTracer-AFL |
| Fuzzing File Systems via Two-Dimensional Input Space Exploration, 2019 | https://www.computer.org/csdl/proceedings-article/sp/2019/666000a594/19skfLYOpaw |
| JANUS | https://github.com/sslab-gatech/janus |
| NEUZZ: Efficient Fuzzing with Neural Program Smoothing, 2019 | https://www.computer.org/csdl/proceedings-article/sp/2019/666000a900/19skg5XghG0 |
| neuzz | https://github.com/Dongdongshe/neuzz |
| Razzer: Finding Kernel Race Bugs through Fuzzing, 2019 | https://www.computer.org/csdl/proceedings-article/sp/2019/666000a296/19skfwZLirm |
| Razzer | https://github.com/compsec-snu/razzer |
| Angora: Efficient Fuzzing by Principled Search, 2018 | http://web.cs.ucdavis.edu/~hchen/paper/chen2018angora.pdf |
| Angora | https://github.com/AngoraFuzzer/Angora |
| CollAFL: Path Sensitive Fuzzing, 2018 | http://chao.100871.net/papers/oakland18.pdf |
| CollAFL | https://github.com/batgui/collafl |
| T-Fuzz: Fuzzing by program transformation, 2018 | https://nebelwelt.net/publications/files/18Oakland.pdf |
| T-Fuzz | https://github.com/HexHive/T-Fuzz |
| Skyfire: Data-Driven Seed Generation for Fuzzing, 2017 | https://www.ieee-security.org/TC/SP2017/papers/42.pdf |
| RVISmith: Fuzzing Compilers for RVV Intrinsics, 2025 | https://arxiv.org/abs/2507.03773 |
| RVISmith 开源链接 | https://github.com/yibo2000/RVISmith |
| Fuzzing Processing Pipelines for Zero-Knowledge Circuits, 2025 | https://arxiv.org/abs/2411.02077 |
| Circuzz | https://github.com/Rigorous-Software-Engineering/circuzz |
| Error Messages to Fuzzing: Detecting XPS Parsing Vulnerabilities in Windows Printing Components, 2025 | https://ccs25files.zoolab.org/main/ccsfa/pChLGVk0/3719027.3744807.pdf |
| SyzSpec: Specification Generation for Linux Kernel Fuzzing via Under-Constrained Symbolic Execution, 2025 | https://www.cs.ucr.edu/~zhiyunq/pub/ccs25_syzspec.pdf |
| 郝宇 | https://zhyfeng.github.io/ |
| SyzParam: Incorporating Runtime Parameters into Kernel Driver Fuzzing, 2025 | https://arxiv.org/abs/2501.10002 |
| Intent-aware Fuzzing for Android Hardened Application, 2025 | https://s2-lab.github.io/assets/AHAFuzz_CCS25.pdf |
| 已开源 | https://github.com/S2-Lab/AHA-fuzz |
| A Qualitative Analysis of Fuzzing Tool Usability and Challenges, 2025 | https://www.usenix.org/conference/soups2025/presentation/zhao-poster |
| Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks, 2025 | https://arxiv.org/abs/2509.13740 |
| ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory, 2025 | https://ccs25files.zoolab.org/main/ccsfb/6v0fxegK/3719027.3765129.pdf |
| DriveFuzz: Enhancing CPU Fuzzing via Diverse Instruction Construction, 2025 | https://ccs25files.zoolab.org/main/ccsfb/Kao8sgTE/3719027.3765167.pdf |
| PromeFuzz: A Knowledge-Driven Approach to Fuzzing Harness Generation with Large Language Models, 2025 | https://ccs25files.zoolab.org/main/ccsfb/Re4TSIGe/3719027.3765222.pdf |
| LIFTFuzz: Validating Binary Lifters through Context-aware Fuzzing with GPT, 2024 | https://dl.acm.org/doi/10.1145/3658644.3670276 |
| 开源 | https://github.com/zyt755/LIFTFuzz |
| https://github.com/zyt755/LIFTFuzz, 2024 | https://dl.acm.org/doi/10.1145/3658644.3670278 |
| FuzzCache | https://github.com/secureweb/Fuzzcache |
| RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces, 2024 | https://dl.acm.org/doi/10.1145/3658644.3670320 |
| ASNFuzzGen | https://github.com/fics/asnFuzzgen |
| RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices, 2024 | https://dl.acm.org/doi/10.1145/3658644.3670342 |
| 脚本 | https://github.com/kzLiu2017/RIoTFuzzer |
| On Understanding and Forecasting Fuzzers Performance with Static Analysis, 2024 | https://dl.acm.org/doi/10.1145/3658644.3670348 |
| FOX: Coverage-guided Fuzzing as Online Stochastic Control, 2024 | https://dl.acm.org/doi/10.1145/3643659.3648562 |
| 开源 | https://github.com/FOX-Fuzz/FOX |
| Prompt Fuzzing for Fuzz Driver Generation, 2024 | https://arxiv.org/abs/2312.17677 |
| DarthShader: Fuzzing WebGPU Shader Translators & Compilers, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690209 |
| darthshader | https://github.com/wgslFuzz/darthshader |
| Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690216 |
| OSmart: Whitebox Program Option Fuzzing, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690228 |
| Program Environment Fuzzing, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690229 |
| EnvFuzz | https://github.com/GJDuck/EnvFuzz |
| ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690231 |
| ProphetFuzz | https://github.com/NASP-THU/ProphetFuzz |
| Leveraging Binary Coverage for Effective Generation Guidance in Kernel Fuzzing, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690232 |
| Toss a Fault to BpfChecker: Revealing Implementation Flaws for eBPF runtimes with Differential Fuzzing, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690237 |
| BpfChecker | https://github.com/blocksecteam/BpfChecker |
| No Peer, no Cry: Network Application Fuzzing via Fault Injection, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690274 |
| Fuzztruction-Net | https://github.com/Fuzztruction/Fuzztruction-net-experiments |
| Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690278 |
| FlakJack | https://github.com/sefcom/flakjack |
| CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690320 |
| Fuzzing JavaScript Engines with a Graph-based IR, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690336 |
| CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon, 2024 | https://dl.acm.org/doi/10.1145/3658644.3690376 |
| DSFuzz: Detecting Deep State Bugs with Dependent State Exploration, 2023 | https://dl.acm.org/doi/10.1145/3576915.3616594 |
| Fuzz on the Beach: Fuzzing Solana Smart Contracts, 2023 | https://arxiv.org/abs/2309.03006 |
| Greybox Fuzzing of Distributed Systems, 2023 | https://mengrj.github.io/files/CCS23.pdf |
| 已开源 | https://github.com/dsFuzz/mallory |
| HOPPER: Interpretative Fuzzing for Libraries, 2023 | https://dl.acm.org/doi/10.1145/3576915.3616610 |
| Hopper 开源地址 | https://github.com/FuzzAnything/Hopper |
| 腾讯安全大数据实验室 | http://www.baidu.com/link?url=aWqSg8WuLS7zTXIhjBtwYRtDkRYa9FBRmZWPvPgPJ6x5cZJO7SHTqM_YAqot7DF1LdMA6fwn0IJGpbWxnGHsfglRNqwnqNY5tH1I_LyyH0Gt78Po_-Jbb0O2e0dXJH7pyLfzX4YfzOgNJNNEcFS6AbdYK4AP_wRnMMHAXgZiv9zHGFa84udhi8xZfIY5pvkJnOP3Wi7-uzNkugatATRZ6K |
| Profile-guided System Optimizations for Accelerated Greybox Fuzzing, 2023 | https://dl.acm.org/doi/10.1145/3576915.3616636 |
| AFL/AFL++ 分支代码 | https://secnotes.github.io/fuzzing-tutorial/AFL/AFL++ 分支代码 |
| NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic, 2023 | https://dl.acm.org/doi/10.1145/3576915.3623103 |
| NestFuzz | https://github.com/fdu-sec/NestFuzz |
| SyzDirect: Directed Greybox Fuzzing for Linux Kernel, 2023 | https://dl.acm.org/doi/10.1145/3576915.3623146 |
| SyzDirect | https://github.com/seclab-fudan/SyzDirect |
| PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing, 2023 | https://dl.acm.org/doi/10.1145/3576915.3623166 |
| PyRTFuzz 已开源 | https://github.com/awen-li/PyRTFuzz |
| Poster: Combining Fuzzing with Concolic Execution for IoT Firmware Testing, 2023 | https://dl.acm.org/doi/10.1145/3576915.3624373 |
| SFuzz: Slice-based Fuzzing for Real-Time Operating Systems, 2022 | https://dl.acm.org/doi/10.1145/3548606.3559367 |
| LibAFL: A Framework to Build Modular and Reusable Fuzzers, 2022 | https://dl.acm.org/doi/10.1145/3548606.3560602 |
| LibAFL | https://github.com/AFLplusplus/LibAFL |
| JIT-Picking: Differential Fuzzing of JavaScript Engines, 2022 | https://dl.acm.org/doi/10.1145/3548606.3560624 |
| MC2: Rigorous and Efficient Directed Greybox Fuzzing, 2022 | https://dl.acm.org/doi/10.1145/3548606.3560648 |
| Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases, 2021 | https://www.ndss-symposium.org/ndss-paper/favocado-Fuzzing-the-binding-code-of-javascript-engines-using-semantically-correct-test-cases/ |
| Favocado | https://github.com/favocado/Favocado |
| WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning, 2021 | https://www.ndss-symposium.org/ndss-paper/winnie-Fuzzing-windows-applications-with-harness-synthesis-and-fast-cloning/ |
| WINNIE | https://github.com/sslab-gatech/winnie |
| PGFuzz: Policy-Guided Fuzzing for Robotic Vehicles, 2021 | https://www.ndss-symposium.org/ndss-paper/pgFuzz-policy-guided-Fuzzing-for-robotic-vehicles/ |
| PGFuzz | https://github.com/purseclab/PGFuzz |
| Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing, 2021 | https://www.ndss-symposium.org/ndss-paper/reinforcement-learning-based-hierarchical-seed-scheduling-for-greybox-Fuzzing/ |
| DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017 | https://acmccs.github.io/papers/p2123-corinaA.pdf |
| DIFUZE | https://github.com/ucsb-seclab/difuze |
| Learning to Fuzz from Symbolic Execution with Application to Smart Contracts, 2019 | https://files.sri.inf.ethz.ch/website/papers/ccs19-ilf.pdf |
| Matryoshka: Fuzzing deeply nested branches, 2019 | https://web.cs.ucdavis.edu/~hchen/paper/chen2019matryoshka.pdf |
| Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 2018 | https://chenbihuan.github.io/paper/ccs18-chen-hawkeye.pdf |
| IMF: Inferred Model-based Fuzzer, 2017 | http://daramg.gift/paper/han-ccs2017.pdf |
| SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017 | https://www.informatics.indiana.edu/xw7/papers/p2139-you.pdf |
| Directed Greybox Fuzzing, 2017 | https://dl.acm.org/citation.cfm?id=3134020 |
| SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017 | https://arxiv.org/pdf/1708.08437.pdf |
| DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017 | https://acmccs.github.io/papers/p2123-corinaA.pdf |
| DIFUZE | https://github.com/ucsb-seclab/difuze |
| Radamsa | https://gitlab.com/akihe/radamsa |
| zzuf | https://github.com/samhocevar/zzuf |
| afl-unicorn: Fuzzing The 'UnFuzzable' | https://www.youtube.com/watch?v=OheODvF0884 |
| Battelle | https://www.battelle.org/cyber |
| 中文字幕 | https://www.bilibili.com/video/av83051615/ |
| 工具 | https://github.com/Battelle/afl-unicorn |
| Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing | https://dl.acm.org/doi/10.1145/3319535.3354249 |
| Intriguer | https://github.com/seclab-yonsei/intriguer |
| UnicoreFuzz: On the Viability of Emulation for Kernelspace Fuzzing | https://www.usenix.org/system/files/woot19-paper_maier.pdf |
| unicoreFuzz | https://github.com/fgsect/unicoreFuzz |
| libFuzzer | http://llvm.org/docs/LibFuzzer.html |
| HonggFuzz | https://github.com/google/honggFuzz |
| syzkaller | https://github.com/google/syzkaller |
| frida-Fuzzer | https://github.com/andreafioraldi/frida-Fuzzer |
| winafl | https://github.com/googleprojectzero/winafl |
| trinity | https://github.com/kernelslacker/trinity |
| NtCall64 | https://github.com/hfiref0x/NtCall64 |
| kDriver-Fuzzer | https://github.com/k0keoyo/kDriver-Fuzzer |
| Fuzzball | https://github.com/bitblaze-Fuzzball/Fuzzball |
| Sulley | https://github.com/OpenRCE/sulley |
| BooFuzz | https://github.com/jtpereyda/booFuzz |
| BooFuzz | https://github.com/jtpereyda/booFuzz |
| Sulley | https://github.com/OpenRCE/sulley |
| Fuzzowski | https://github.com/nccgroup/Fuzzowski |
| Peach | https://github.com/MozillaSecurity/peach |
| Defensics | https://www.synopsys.com/software-integrity/security-testing/Fuzz-testing.html |
| bsSTORM | https://beyondsecurity.com/bestorm-and-the-sdl.html?cn-reloaded=1 |
| API-Fuzzer | https://github.com/Fuzzapi/API-Fuzzer |
| domato | https://github.com/googleprojectzero/domato |
| SHiFT: Semi-hosted Fuzz Testing for Embedded Applications, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/mera |
| SHiFT | https://github.com/RiS3-Lab/SHiFT |
| MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic Firmware, 2024 | https://www.usenix.org/conference/usenixsecurity24/presentation/chesser |
| Fuzzware | https://github.com/MultiFuzz/MultiFuzz |
| LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices, 2024 | https://www.computer.org/csdl/proceedings-article/sp/2024/313000a127/1Ub23HQTJ1C |
| Hangtian Liu | https://www.computer.org/csdl/search/default?type=author&givenName=Hangtian&surname=Liu |
| Poster: Combining Fuzzing with Concolic Execution for IoT Firmware Testing, 2023 | https://dl.acm.org/doi/10.1145/3576915.3624373 |
| Forming Faster Firmware Fuzzers, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/seidel |
| SAFIREFuzz | https://github.com/pr0me/SAFIREFuzz |
| FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules, 2023 | https://www.usenix.org/conference/usenixsecurity23/presentation/angelakopoulos |
| FirmSole | https://github.com/BUseclab/FirmSolo |
| Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, 2022 | https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski |
| Fuzzware | https://github.com/Fuzzware-Fuzzer/Fuzzware |
| Automatic Firmware Emulation through Invalidity-guided Knowledge Inference, 2021 | https://www.usenix.org/conference/usenixsecurity21/presentation/zhou |
| μEmu | https://github.com/MCUSec/uEmu |
| IOTFuzzER: Discovering Memory Corruptions in IoT Through App-based Fuzzing | https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_01A-1_Chen_paper.pdf |
| IOTFuzzer | https://github.com/zyw-200/IOTFuzzer_Full |
| FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation | https://www.usenix.org/conference/usenixsecurity19/presentation/zheng |
| FIRM-AFL | https://github.com/zyw-200/FirmAFL |
| FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution | https://ieeexplore.ieee.org/document/8990098 |
| IEEE Access | https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639 |
| FIRMCORN | https://github.com/FIRMCORN-Fuzzing/FIRMCORN |
| AFL漏洞挖掘技术漫谈(一):用AFL开始你的第一次Fuzzing | https://www.freebuf.com/articles/system/191543.html |
| AFL漏洞挖掘技术漫谈(二):Fuzz结果分析和代码覆盖率 | https://www.freebuf.com/articles/system/197678.html |
| 深入分析 afl / qemu-mode(qemu模式) / afl-unicorn 编译及安装存在的问题以及相应的解决方案 | https://blog.csdn.net/song_lee/article/details/105082092 |
| AFL二三事——源码分析(上篇) | https://xz.aliyun.com/t/10315 |
| AFL二三事——源码分析(下篇) | https://xz.aliyun.com/t/10316 |
| IoT 设备网络协议 Fuzz 测试工具booFuzz实战 | https://blog.csdn.net/song_lee/article/details/104334096 |
| Fuzz实战之libFuzzer | https://www.secpulse.com/archives/71898.html |
| 深入探究文件Fuzz工具之Peach实战 | https://www.freebuf.com/sectool/120650.html |
| 工控网络协议 Fuzz 测试:用peach对modbus协议进行 Fuzz 测试 | https://cloud.tencent.com/developer/article/1093368 |
| Peach原理简介与实战:以Fuzz Web API为例 | https://www.freebuf.com/sectool/219584.html |
| 内核漏洞挖掘技术系列(1)——trinity | https://xz.aliyun.com/t/4760 |
| 内核漏洞挖掘技术系列(2)——bochspwn | https://xz.aliyun.com/t/4800 |
| 内核漏洞挖掘技术系列(3)——bochspwn-reloaded(1) | https://xz.aliyun.com/t/4921 |
| 内核漏洞挖掘技术系列(3)——bochspwn-reloaded(2) | https://xz.aliyun.com/t/4932 |
| 内核漏洞挖掘技术系列(4)——syzkaller(1) | https://xz.aliyun.com/t/5079 |
| Syzkaller入门知识总结 | https://www.freebuf.com/sectool/323886.html |
| 从0开始Fuzzing之旅: 使用Syzkaller进行Linux驱动漏洞挖掘 | https://www.freebuf.com/sectool/285699.html |
| 从0到1开始使用syzkaller进行Linux内核漏洞挖掘 | https://bbs.pediy.com/thread-265405.htm |
| Fuzzing a Pixel 3a Kernel with Syzkaller | https://blog.senyuuri.info/2020/04/16/Fuzzing-a-pixel-3a-kernel-with-syzkaller/ |
| 基于 Unicorn 和 LibFuzzer 的模拟执行 Fuzzing | http://galaxylab.com.cn/%e5%9f%ba%e4%ba%8eunicorn%e5%92%8clibFuzzer%e7%9a%84%e6%a8%a1%e6%8b%9f%e6%89%a7%e8%a1%8cFuzzing/ |
| uniFuzzer | https://github.com/PAGalaxyLab/uniFuzzer |
| IoT固件Rehosting综述 | https://www.freebuf.com/articles/endpoint/335783.html |
| 贡献指南 | https://github.com/secnotes/Fuzzing-tutorial/blob/main/CONTRIBUTING.md |
| http://creativecommons.org/licenses/by-sa/4.0/ |
| 知识共享署名-相同方式共享 4.0 国际许可协议 | http://creativecommons.org/licenses/by-sa/4.0/ |
| Recent Papers/Blogs/Tools Related to Fuzzing | https://secnotes.github.io/fuzzing-tutorial/#recent-papersblogstools-related-to-fuzzing |
| Books | https://secnotes.github.io/fuzzing-tutorial/#books |
| Other | https://secnotes.github.io/fuzzing-tutorial/#other |
| NDSS | https://secnotes.github.io/fuzzing-tutorial/#ndss |
| 2026 | https://secnotes.github.io/fuzzing-tutorial/#2026 |
| 2025 | https://secnotes.github.io/fuzzing-tutorial/#2025 |
| 2024 | https://secnotes.github.io/fuzzing-tutorial/#2024 |
| 2023 | https://secnotes.github.io/fuzzing-tutorial/#2023 |
| 2022 | https://secnotes.github.io/fuzzing-tutorial/#2022 |
| 2021 | https://secnotes.github.io/fuzzing-tutorial/#2021 |
| 2020 ⤵ | https://secnotes.github.io/fuzzing-tutorial/#2020 |
| USENIX Security | https://secnotes.github.io/fuzzing-tutorial/#usenix-security |
| 2025 | https://secnotes.github.io/fuzzing-tutorial/#2025 |
| 2024 | https://secnotes.github.io/fuzzing-tutorial/#2024 |
| 2023 | https://secnotes.github.io/fuzzing-tutorial/#2023 |
| 2022 | https://secnotes.github.io/fuzzing-tutorial/#2022 |
| 2021 | https://secnotes.github.io/fuzzing-tutorial/#2021 |
| 2020 | https://secnotes.github.io/fuzzing-tutorial/#2020 |
| 2019 ⤵ | https://secnotes.github.io/fuzzing-tutorial/#2019 |
| IEEE S&P | https://secnotes.github.io/fuzzing-tutorial/#ieee-sp |
| 2025 | https://secnotes.github.io/fuzzing-tutorial/#2025 |
| 2024 | https://secnotes.github.io/fuzzing-tutorial/#2024 |
| 2023 | https://secnotes.github.io/fuzzing-tutorial/#2023 |
| 2022 | https://secnotes.github.io/fuzzing-tutorial/#2022 |
| 2021 | https://secnotes.github.io/fuzzing-tutorial/#2021 |
| 2020 | https://secnotes.github.io/fuzzing-tutorial/#2020 |
| 2019 ⤵ | https://secnotes.github.io/fuzzing-tutorial/#2019 |
| ACM CCS | https://secnotes.github.io/fuzzing-tutorial/#acm-ccs |
| 2025 | https://secnotes.github.io/fuzzing-tutorial/#2025 |
| 2024 | https://secnotes.github.io/fuzzing-tutorial/#2024 |
| 2023 | https://secnotes.github.io/fuzzing-tutorial/#2023 |
| 2022 ⤵ | https://secnotes.github.io/fuzzing-tutorial/#2022 |
| Tools | https://secnotes.github.io/fuzzing-tutorial/#tools |
| 变异器 | https://secnotes.github.io/fuzzing-tutorial/#变异器 |
| 二进制 | https://secnotes.github.io/fuzzing-tutorial/#二进制 |
| API/协议 | https://secnotes.github.io/fuzzing-tutorial/#api协议 |
| 固件 | https://secnotes.github.io/fuzzing-tutorial/#固件 |
| Blogs | https://secnotes.github.io/fuzzing-tutorial/#blogs |
| Contribute | https://secnotes.github.io/fuzzing-tutorial/#contribute |
| License | https://secnotes.github.io/fuzzing-tutorial/#license |