Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-fuzz
https://github.com/houjingyi233/awesome-fuzz
- The Fuzzing Book
- Fuzzing for Software Security Testing and Quality Assurance(2nd Edition)
- Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on Qemu
- TinyInst
- sulley
- Tickling ksmbd: fuzzing SMB in the Linux kernel
- Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
- 基于快照的fuzz工具wtf的基础使用
- https://fuzzing-project.org/
- https://j00ru.vexillium.org/
- https://securitylab.github.com/research/
- https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-1-fuzzing-gegl-with-fuzzuf.html
- https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-2-evaluating-performance.html
- https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-3-patch-analysis-and-poc.html
- https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-4-hunting-and-exploiting-0.html
- ADVANCED FUZZING UNMASKS ELUSIVE VULNERABILITIES
- KernelFuzzer
- SimpleNTSyscallFuzzer
- Fuzzing WeChat’s Wxam Parser
- Fuzzing RDPEGFX with "what the fuzz"
- Fuzzing RDP: Holding the Stick at Both Ends
- Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology
- Fuzzing Closed Source PDF Viewers
- 50 CVEs in 50 Days: Fuzzing Adobe Reader
- Creating a fuzzing harness for FoxitReader 9.7 ConvertToPDF Function
- Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 Year
- FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service
- Escaping the sandbox: A bug that speaks for itself
- Fuzzing Image Parsing in Windows, Part One: Color Profiles
- Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory
- Fuzzing Image Parsing in Windows, Part Three: RAW and HEIF
- Fuzzing Image Parsing in Windows, Part Four: More HEIF
- Fuzzing the Office Ecosystem
- Document parsers "research" as passive income
- How I Found 16 Microsoft Office Excel Vulnerabilities in 6 Months
- https://github.com/TCA-ISCAS/Cooper
- COOPER: Testing the Binding Code of Scripting Languages with Cooperative Mutation
- Smash PostScript Interpreters Using A Syntax-Aware Fuzzer
- ThreatLabz Discovers 117 Vulnerabilities in Microsoft 365 Apps Via the SketchUp 3D Library - Part 1
- ThreatLabz Discovers 117 Vulnerabilities in Microsoft 365 Apps Via the SketchUp 3D Library - Part 2
- A year of Windows kernel font fuzzing Part-1 the results
- A year of Windows kernel font fuzzing Part-2 the techniques
- Filesystem Fuzzing with American Fuzzy lop
- KCSAN
- KTSAN
- krace
- razzer
- https://github.com/purseclab/fuzzusb
- FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks
- https://github.com/messlabnyu/DrifuzzProject/
- Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds
- https://github.com/secsysresearch/DRFuzz
- Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators
- Double-Free RCE in VLC. A honggfuzz how-to
- Android greybox fuzzing with AFL++ Frida mode
- Hunting for Android Privilege Escalation with a 32 Line Fuzzer
- The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
- https://github.com/little-leiry/CuPerFuzzer
- Leveraging Android Permissions: A Solver Approach
- https://github.com/houjingyi233/macOS-iOS-system-security
- https://github.com/zhangysh1995/awesome-database-testing
- https://github.com/xairy/vmware-exploitation
- https://github.com/gerhart01/Hyper-V-Internals
- Hunting for bugs in VirtualBox (First Take)
- Browser fuzzing at Mozilla
- https://github.com/RUB-SysSec/JIT-Picker
- Jit-Picking: Differential Fuzzing of JavaScript Engines
- https://github.com/SoftSec-KAIST/CodeAlchemist
- CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines
- https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks
- https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks
- Stateful Black-Box Fuzzing of BLE Devices Using Automata Learning
- https://github.com/efchatz/WPAxFuzz
- https://github.com/alipay/Owfuzz
- https://github.com/comsec-group/cascade-artifacts
- https://github.com/intel/yarpgen