ABOUT ME

    -

    Today
    -
    Yesterday
    -
    Total
    -
    • For Advanced Fuzzing
      Theory/fuzzing theory 2023. 1. 3. 14:11

      User-Mode Application Fuzzing

      1. Strategy

      1.1. Mutation Strategy

      - Deterministic: bitflip, byteflip, arithmetic in/decrease, interesting value, special charactor

      - Havoc: Same Deterministic, random byte, delete byte, insert byte, overwrite byte

      - Custom: ?

      - Radamsa [Github]

      - AFLSmart: Smart Greybox Fuzzing [PDF, Github]

      - Redqueen: Fuzzing with Input-to-State Correspondence, NDSS '19 [PDFSlideVideoGithub]

      1.2. Mutation Scheduling

      - MOPT: Optimized Mutation Scheduling for Fuzzers, USENIX '19 [PDF, Slide, Video, Github]

      - AFL++: EXPLORE, EXPLOIT, COE, FAST, LINEAR, QUAD, mmopt, rare, seek

      1.3. Coverage

      - DynamoRio[Github], Tinyinst[Github], QEMU[Github], IntelPT[Github]

      - LLVM, GCC

      2. Speed

      2.1. 부하 제거를 통한 속도 향상

      - peAFL, Make static instrumentation great again, High performance fuzzing for Windows system, BlueHatIL '19 [Slide, Video, Github]

      - peafl64 [Github]

      - Designing New Operating Primitives to Improve Fuzzing Performance, ACM CCS '17 [PDF, Video, Github]

      2.2. 퍼저 성능 향상

      - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, USENIX '21 [PDF, Slide]

      - Persistent mode on WinAFL [Github], Jackalope [Github]

      - AFL++, USENIX '20 Woot [PDFGithub]

      2.3. Distribute Fuzzing

      - Network를 이용한 distribute fuzzing 수행, share seeds

      - UltraFuzz: Towards Resource-saving in Distributed Fuzzing, TSE '22 [PDF, Git]

      3. Seed Pool

      3.1. 시드 풀이 많을 수록 유리함

      - 시드 풀이 많을수로 다양한 커버리지를 테스트해볼 확률이 높음

      - 같은 커버리지를 갖는 시드에 대해서는 퍼저가 처냄(Pre-Processing)

      3.2. Quality of seed set

      - regression test set과 일반 seed의 차이 존재: Targeted

      3.3. Seed Selection

      - Optimizing Seed Selection for Fuzzing, USENIX '14 [PDF, Video]

      JavaScript Fuzzing

      1. JsFunFuzz [Github]
      2. Fuzzing with Code Fragments(LangFuzz), USENIX '12 [PDF, Slide, Video]
      3. CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines, NDSS '19 [PDF, Video, Github]
      4. Fuzzilli [Github]
      5. Superion: grammar-aware greybox fuzzing, ISEC '19 [PDF, Github]
      6. Fuzzing JavaScript Engines with Aspect-preserving Mutation(DIE), S&P '20 [PDF, Slide, Video, Github]
      7. JIT-Picking: Differential Fuzzing of JavaScript Engines, ACM CCS '22 [PDF, Github]

      Kernel Fuzzing

      1. syzkaller [Github]

      2. kAFL [Github]

      3. NtFuzz [Github]

       

      계속...

      저작자표시 비영리 변경금지

      'Theory > fuzzing theory' 카테고리의 다른 글

      Fuzzing: What is the Fuzzing?  (0) 2021.02.15

      관련글 관련글 더보기

    Designed by Tistory.

    티스토리툴바