newer first
- SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers (source code)
- Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-thread Communication Analysis
- Undo Workarounds for Kernel Bugs (source code)
- HFL: Hybrid Fuzzing on the Linux Kernel
- A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
- Industry Practice of Coverage-Guided Enterprise Linux Kernel Fuzzing
- Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints (source code)
- Task selection and seed selection for Syzkaller using reinforcement learning (announce only)
- Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development
- FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing
- Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems (video, slides, source code)
- ALEXKIDD-FUZZER: Kernel Fuzzing Guided by Symbolic Information
- DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
- RAZZER: Finding Kernel Race Bugs through Fuzzing
- SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
- Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
- KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- Synthesis of Linux Kernel Fuzzing Tools Based on Syscall
- Drill the Apple Core: Up & Down
- WSL Reloaded
- CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers
- Healer is a kernel fuzzer inspired by syzkaller.
- KRACE: Data Race Fuzzing for Kernel File Systems
- trinity
- kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels (bridges AFL and Intel PT)
- kernel-fuzzing (bridges AFL and KCOV)
- A gentle introduction to Linux Kernel fuzzing (bridges AFL and KCOV)
- IMF: Inferred Model-based Fuzzer
Also see tech talks page.