Archived Notes

Symbolic Execution

A-Survey-of-Symbolic-Execution-Techniques.Paper; Very detailed survey published in 2018, capturing some early works.
Symbolic-execution-for-software-testing-Three-decades-later.Paper; Just a survey.
EXE-Automatically-Generating-Inputs-of-Death.Paper; EXE, one of the foundamental research on concolic execution.
Coyote-C-An-Industrial-Strength-Fully-Automated-Unit-Testing-Tool.Paper; Claims to be fully automated.
CUTE-A-Concolic-Unit-Testing-Engine-for-C.Paper; CUTE, one of the foundamental research on concolic execution.
DART-Directed-Automated-Random-Testing.Paper; DART, one of the foundamental research on concolic execution.
KLEE-unassisted-and-automatic-generation-of-high-coverage-tests-for-complex-systems-programs.Paper; KLEE, one of the foundamental research on concolic execution.
♥QSYM-A-practical-concolic-execution-engine-tailored-for-hybrid-fuzzing.Paper; QSYM, super well structured paper, essentially it is optimizing concolic execution with ideas from fuzzing.
Symbolic-execution-with-SYMCC-dont-interpret-compile.Paper; SymCC, compile rather than interpret!

Leveraging-Binary-Coverage-for-Effective-Generation-Guidance-in-Kernel-Fuzzing.Paper; Proposed the idea of including memory info in metrics for kernel fuzzing.
Toward-Rigorous-Object-Code-Coverage-Criteria.Paper; Some work on collecting and categorizing assembly instructions that creates branching.
Discovering-instructions-for-robust-binary-level-coverage-criteria.Paper; More work on collecting and categorizing assembly instructions that creates branching.
HFL-Hybrid-Fuzzing-on-the-Linux-Kernel.Paper; Kernel hybrid fuzzing based on Syzkaller and S2E.
KSG-Augmenting-Kernel-Fuzzing-with-System-Call-Specification-Generation.Paper; Automatic syscall spec generation in Syzlang.
SyzGen++-Dependency-Inference-for-Augmenting-Kernel-Driver-Fuzzing.Paper; Automatically inferring dependencies between syscalls and generating specifications without requiring source code.
KernelGPT-Enhanced-Kernel-Fuzzing-via-Large-Language-Models.Paper; The first approach to automatically synthesizing syscall specifications via LLMs.

A-tour-of-the-ARM-architecture-and-its-Linux-support.Video; A 40 min Youtube video explaining core concepts of ARM architecture.
You-Cant-Judge-a-Binary-by-Its-Header-Data-Code-Separation-for-Non-Standard-ARM-Binaries-using-Pseudo-Labels.Paper; The first step to automate the analysis of non-standard binaries.
♥ARMore-Pushing-Love-Back-Into-Binaries.Paper; The first efficient, robust, and heuristic-free static binary rewriter for arbitrary aarch64 binaries.

Advanced-Topics-in-Bisimulation-and-Coinduction.Video; A series of Youtube video recording lectures related to bisimulation and coinduction.

Puny-Code-0-Click-Account-Takeover.Article; An interesting account takeover bug bounty using purely unicode in email address.
CVE-2025-48384-Breaking-Git-with-a-carriage-return-and-cloning-RCE.Article; A vulnerability found in Git related to carriage return.