Archived Notes
Symbolic Execution
- A-Survey-of-Symbolic-Execution-Techniques.Paper; Very detailed survey published in 2018, capturing some early works.
- Symbolic-execution-for-software-testing-Three-decades-later.Paper; Just a survey.
- EXE-Automatically-Generating-Inputs-of-Death.Paper; EXE, one of the foundamental research on concolic execution.
- Coyote-C-An-Industrial-Strength-Fully-Automated-Unit-Testing-Tool.Paper; Claims to be fully automated.
- CUTE-A-Concolic-Unit-Testing-Engine-for-C.Paper; CUTE, one of the foundamental research on concolic execution.
- DART-Directed-Automated-Random-Testing.Paper; DART, one of the foundamental research on concolic execution.
- KLEE-unassisted-and-automatic-generation-of-high-coverage-tests-for-complex-systems-programs.Paper; KLEE, one of the foundamental research on concolic execution.
- ♥QSYM-A-practical-concolic-execution-engine-tailored-for-hybrid-fuzzing.Paper; QSYM, super well structured paper, essentially it is optimizing concolic execution with ideas from fuzzing.
- Symbolic-execution-with-SYMCC-dont-interpret-compile.Paper; SymCC, compile rather than interpret!
Kernel Testing
- Leveraging-Binary-Coverage-for-Effective-Generation-Guidance-in-Kernel-Fuzzing.Paper; Proposed the idea of including memory info in metrics for kernel fuzzing.
- Toward-Rigorous-Object-Code-Coverage-Criteria.Paper; Some work on collecting and categorizing assembly instructions that creates branching.
- Discovering-instructions-for-robust-binary-level-coverage-criteria.Paper; More work on collecting and categorizing assembly instructions that creates branching.
- HFL-Hybrid-Fuzzing-on-the-Linux-Kernel.Paper; Kernel hybrid fuzzing based on Syzkaller and S2E.
- KSG-Augmenting-Kernel-Fuzzing-with-System-Call-Specification-Generation.Paper; Automatic syscall spec generation in Syzlang.
- SyzGen++-Dependency-Inference-for-Augmenting-Kernel-Driver-Fuzzing.Paper; Automatically inferring dependencies between syscalls and generating specifications without requiring source code.
- KernelGPT-Enhanced-Kernel-Fuzzing-via-Large-Language-Models.Paper; The first approach to automatically synthesizing syscall specifications via LLMs.
Arm Architecture
- A-tour-of-the-ARM-architecture-and-its-Linux-support.Video; A 40 min Youtube video explaining core concepts of ARM architecture.
- You-Cant-Judge-a-Binary-by-Its-Header-Data-Code-Separation-for-Non-Standard-ARM-Binaries-using-Pseudo-Labels.Paper; The first step to automate the analysis of non-standard binaries.
- ♥ARMore-Pushing-Love-Back-Into-Binaries.Paper; The first efficient, robust, and heuristic-free static binary rewriter for arbitrary aarch64 binaries.
Bisimulation and Coinduction
- Advanced-Topics-in-Bisimulation-and-Coinduction.Video; A series of Youtube video recording lectures related to bisimulation and coinduction.
Firmware Testing
- 𝜇AFL-Non-intrusive-Feedback-driven-Fuzzing-for-Microcontroller-Firmware.Paper; A fuzzing tool for embedded firmware that puts hardware in the loop.
- Extracting-Firmware-from-Embedded-Devices-SPI-NOR-Flash.Video; Introducing a method to extract firmware from SPI NOR flash.
- Ninja-towards-transparent-tracing-and-debugging-on-ARM.Paper; Debug hardware with PMU and ETM.
- AidFuzzer-Adaptive-Interrupt-Driven-Firmware-Fuzzing-via-Run-Time-State-Recognition.Paper; Firmware fuzzing related.
公众号及知乎文章
- 通用Linux-x64内核态shellcode编写技巧.Article; 谈及了一些x86内核地址kaslr相关的内容.
- OSDI-2025-论文评述-Day-1-Session-3-AI-Systems-I.Article; 论文总结.
- OSDI-2025-论文评述-Day-2-Session-7-Kernel-and-Operating-Systems-I.Article; 论文总结.
- OSDI-2025-论文评述-Day-3-Session-8-Kernel-and-Operating-Systems-II.Article; 论文总结.
Bug Bounty & Vulnerability
- Puny-Code-0-Click-Account-Takeover.Article; An interesting account takeover bug bounty using purely unicode in email address.
- CVE-2025-48384-Breaking-Git-with-a-carriage-return-and-cloning-RCE.Article; A vulnerability found in Git related to carriage return.
Security Related
- Container-Breakouts-Escape-Techniques-in-Cloud-Environments.Article; Reviews container escape techniques.
Virtualization and Simulation
- Xen-and-the-Art-of-Virtualization.Paper; Introducing Xen, the hypervisor.
Artificial Intelligence
- A-tale-of-two-Claudes.Article; Some comments on Claude.