Dear researchers, feel free to contact us at syzkaller@googlegroups.com if you need any assistance.
newer first
- SyzDirect: Directed Greybox Fuzzing for Linux Kernel
- KIT: Testing OS-Level Virtualization for Functional Interference Bugs
- SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers
- GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs
- Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis
- Linux Kernel Enriched Corpus : corpus.db
- HotBPF - An On-demand and On-the-fly Memory Protection
- KASPER: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel
- VaultFuzzer: A state-based approach for Linux kernel
- Demystifying the Dependency Challenge in Kernel Fuzzing
- SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning
- SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
- Rtkaller: State-aware Task Generation for RTOS Fuzzing
- BSOD: Binary-only Scalable fuzzing Of device Drivers
- Torpedo: A Fuzzing Framework for Discovering Adversarial Container Workloads
- A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
- Healer is a kernel fuzzer inspired by syzkaller. (pdf)
- SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers (source code)
- Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-thread Communication Analysis
- Undo Workarounds for Kernel Bugs (source code)
- HFL: Hybrid Fuzzing on the Linux Kernel
- A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces
- Industry Practice of Coverage-Guided Enterprise Linux Kernel Fuzzing
- Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints (source code)
- Task selection and seed selection for Syzkaller using reinforcement learning (announce only)
- Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development
- FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing
- Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems (video, slides, source code)
- ALEXKIDD-FUZZER: Kernel Fuzzing Guided by Symbolic Information
- DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
- RAZZER: Finding Kernel Race Bugs through Fuzzing
- SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
- Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
- KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
- Synthesis of Linux Kernel Fuzzing Tools Based on Syscall
- Drill the Apple Core: Up & Down
- WSL Reloaded
- Hydra: Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework (github)
- Janus: Fuzzing File Systems via Two-Dimensional Input Space Exploration (github)
- CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers
- KRACE: Data Race Fuzzing for Kernel File Systems
- trinity
- kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels (bridges AFL and Intel PT)
- kernel-fuzzing (bridges AFL and KCOV)
- A gentle introduction to Linux Kernel fuzzing (bridges AFL and KCOV)
- IMF: Inferred Model-based Fuzzer
Also see tech talks page.