Archived Notes
Symbolic Execution
- A-Survey-of-Symbolic-Execution-Techniques.Paper; Very detailed survey published in 2018, capturing some early works.
- Symbolic-execution-for-software-testing-Three-decades-later.Paper; Just a survey.
- EXE-Automatically-Generating-Inputs-of-Death.Paper; EXE, one of the foundamental research on concolic execution.
- Coyote-C-An-Industrial-Strength-Fully-Automated-Unit-Testing-Tool.Paper; Claims to be fully automated.
- CUTE-A-Concolic-Unit-Testing-Engine-for-C.Paper; CUTE, one of the foundamental research on concolic execution.
- DART-Directed-Automated-Random-Testing.Paper; DART, one of the foundamental research on concolic execution.
- KLEE-unassisted-and-automatic-generation-of-high-coverage-tests-for-complex-systems-programs.Paper; KLEE, one of the foundamental research on concolic execution.
- ♥QSYM-A-practical-concolic-execution-engine-tailored-for-hybrid-fuzzing.Paper; QSYM, super well structured paper, essentially it is optimizing concolic execution with ideas from fuzzing.
- Symbolic-execution-with-SYMCC-dont-interpret-compile.Paper; SymCC, compile rather than interpret!
Kernel Testing
- Leveraging-Binary-Coverage-for-Effective-Generation-Guidance-in-Kernel-Fuzzing.Paper; Proposed the idea of including memory info in metrics for kernel fuzzing.
- Toward-Rigorous-Object-Code-Coverage-Criteria.Paper; Some work on collecting and categorizing assembly instructions that creates branching.
- Discovering-instructions-for-robust-binary-level-coverage-criteria.Paper; More work on collecting and categorizing assembly instructions that creates branching.
- HFL-Hybrid-Fuzzing-on-the-Linux-Kernel.Paper; Kernel hybrid fuzzing based on Syzkaller and S2E.
- KSG-Augmenting-Kernel-Fuzzing-with-System-Call-Specification-Generation.Paper; Automatic syscall spec generation in Syzlang.
- SyzGen++-Dependency-Inference-for-Augmenting-Kernel-Driver-Fuzzing.Paper; Automatically inferring dependencies between syscalls and generating specifications without requiring source code.
- KernelGPT-Enhanced-Kernel-Fuzzing-via-Large-Language-Models.Paper; The first approach to automatically synthesizing syscall specifications via LLMs.
Arm Architecture
- A-tour-of-the-ARM-architecture-and-its-Linux-support.Video; A 40 min Youtube video explaining core concepts of ARM architecture.
- You-Cant-Judge-a-Binary-by-Its-Header-Data-Code-Separation-for-Non-Standard-ARM-Binaries-using-Pseudo-Labels.Paper; The first step to automate the analysis of non-standard binaries.
- ♥ARMore-Pushing-Love-Back-Into-Binaries.Paper; The first efficient, robust, and heuristic-free static binary rewriter for arbitrary aarch64 binaries.
Bisimulation and Coinduction
- Advanced-Topics-in-Bisimulation-and-Coinduction.Video; A series of Youtube video recording lectures related to bisimulation and coinduction.
Firmware Testing
- 𝜇AFL-Non-intrusive-Feedback-driven-Fuzzing-for-Microcontroller-Firmware.Paper; A fuzzing tool for embedded firmware that puts hardware in the loop.
- Extracting-Firmware-from-Embedded-Devices-SPI-NOR-Flash.Video; Introducing a method to extract firmware from SPI NOR flash.
公众号文章
- 通用Linux-x64内核态shellcode编写技巧.Article; 谈及了一些x86内核地址kaslr相关的内容.
Bug Bounty & Vulnerability
- Puny-Code-0-Click-Account-Takeover.Article; An interesting account takeover bug bounty using purely unicode in email address.