Fuzzing for fun and for $$$ S. Bekrar & Fabien Duchene
A high-level discussion of the end-to-end fuzzing process with reasonably up to date and detailed ideas for common/typical fuzzing
Hybrid Fuzz Testing: Discovering Software Bugs via Fuzzing and Symbolic Execution Brian S. Pak
Using Symbolic Execution to generate random fuzzing inputs that exercise the discovered code paths within a piece of software.
Everyone Has His or Her Own Fuzzer Beist
Introduction to fuzzing that touches on IL, Symbolic Exection, more ‘intelligent’ fuzzing, crash binning, and tips for beginners.
Windows kernel fuzzing for beginners Ben Nagy
An introduction to getting started fuzzing modern windows based usermode-to-kernel interfaces
Fuzzing: The state of the art Richard McNally, Ken Yiu, Duncan Grove and Damien Garhardy (Australian DoD)
A study of recent advances in fuzzing, surveying the current state of technologies and concepts in use today.
DSTO-TN-1043 PR [pdf]
GDI Font Fuzzing in Windows Kernel for Fun Lee Ling Chuan & Chan Lee Yee
Fuzzing the GDI TrueType & GDI Bitmap fonts on the windows platform
SAGE: Whitebox Fuzzing for Security Testing Patrice Godefroid & Michael Y. Levin & David Molnar
An article in Communications magazine introducing Microsoft’s highly regarded SAGE fuzzer.
Fuzz Testing: Improving Medical Device Quality & Safety MDISS & Codenomicon
Warning: Sales-oriented. A high-level overview of applying fuzzing to medical devices.
Fuzz Testing for Dummies Art Manion & Michael Orlando
Introduction to the basics of fuzzing, discussion of CERT fuzzing tools (BFF/FOE) and results/vulns discovered
Showing how security has (and hasn’t) improved, after ten years of trying Dan Kaminsky & Michael Eddington & Adam Checchitti
A case study of using fuzzing to attempt to analyse whether the general state of software security has improved over the last ten years
Showing How Security Has Improved [pdf]
Offset-Aware Mutation Based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results Sanjay Rawat & Laurent Mounier
Using taint analysis to modify specific byte offsets in the original seed files to hunt down and execute dangerous code paths
Industrial Bug Mining Ben Nagy
A high-level view of the end-to-end fuzzing process, focussing on bug triage, scaling, binary instrumentation
Zero-Knowledge fuzzing Vincenzo Iozzo
Building and applying a fuzzer without the need to have an in-depth understanding of the protocol/format/input being manipulated
Crash analysis with bitblaze Charlie Miller & UC Berkeley
Introduction to ‘bitblaze’ – a tool to determine exploitability and priority of crashes post-fuzzing
Introduction to Fuzzing Dan Guido
A university-level introduction to major fuzzing topics
Prospecting for rootite Ben Nagy & The Grugq
Overview of obtaining seed files and solving the Set Cover Problem, for maximum fuzzer code coverage
In Memory Fuzzing sinn3r
Introduction and how to use a new in-memory fuzzing tool
Fuzzing: The SMB Case Laurent Gaffie
Introduction to SMB, how to approach fuzzing using a library of packet captures, case-study of bugs found
Letting your fuzzer know about target’s internals Rodrigo Rubira Branco
Using feedback from debuggers and taint analysis to direct fuzzing efforts
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang & Tao Wei & Guaofe Gu & Wei Zou
Defeating the common problem of invalid checksums by using taint analysis
Fuzzing in the cloud (Microsoft position statement) Patrice Godefroid & David Molnar
A statement released by Microsoft suggesting that “the cloud” will revolutionise fuzzing, and why.
How to FAIL at Fuzzing Ben Nagy
A high-level run-through of Ben’s Kiwicon talk, offering some insightful but rarely discussed ideas
Babysitting an army of monkeys Charlie Miller
Fuzzing 4 products (Acrobat Reader PDF, OS X Preview PDF, OpenOffice PPT, MS Office PPT) with 5 lines of python
cmiller-CSW-2010 [pdf - file has been messed up. does anyone have a better copy?]
Fuzzgrind: an automatic fuzzing tool Gabriel Campana
Using taint analysis to ensure a fuzzer reaches all possible code paths. Uses STP and Valgrind
Fuzzing the phone in your phone Charlie Miller & Collin Mulliner
Searching for phone-application specific vulnerabilities in smartphones
Demystifying Fuzzers Michael Eddington
The process of applying fuzzers to find security flaws, and fuzzers involvement in the SDL
Fuzzing for security flaws John Heasman
University-level introduction to the main concepts behind fuzzing and fuzzers
Deep Fuzzing MS Word / Office (With Ruby) Ben Nagy
Massively parallelized high-speed fuzzing of MS Office documents
A New Fuzzing Framework [pptx]
Taint-based Directed Whitebox Fuzzing Vijay Ganesh & Tim Leek & Martin Rinard
Using taint analysis as feedback into the mutation process to get more coverage when fuzzing
Making software dumber Tavis Ormandy
Feedback-directed fuzzing using taint analysis to explore an applications internals. Introduction to google tool Flayer
Fusil the fuzzer Victor Stinner
Presenting Fusil: a python fuzzing framework that has claimed bugs in a variety common applications.
zzuf – multiple purpose fuzzer Sam Hocevar
Introduction to using the zzuf multi-purpose input fuzzer
Fuzz By Number – More Data About Fuzzing Than You Ever Wanted To Know Charlie Miller
A showdown between GPF, Taof, ProxyFuzz, Mu-4000, Codenomicon, beSTORM, and some application specific fuzzers.
GSM Protocol Fuzzing Harald Welte
Introduction to GSM, application of fuzzing to GSM
Exposing Vulnerabilities in Media Software David Thiel
Discussion of fuzzing applied specifically to media software. Includes case studies.
Grammar-based Whitebox Fuzzing Patrice Godefroid & Adam Kiezun & Michael Y. Levin
In-depth paper on how to use whitebox fuzzing to test complex highly-structured input of applications using a grammar of their valid inputs.
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs Cristian Cadar & Daniel Dunbar & Dawson Engler
Introduction and overview of KLEE, a tool that can generate test input and achieve considerably high coverage of code within the target application
Fuzzing WTF? what fuzzing was, is, and soon will be Mikko Varpiola & Nate Kube
A discussion of the history, current situation, and future ideas for fuzzing, focusing on genetic techniques
Fuzzing Sucks! Introducing the sulley fuzzing framework Pedram Amini & Aaron Portnoy
An introduction to why sulley was developed, followed by a brief discussion of it’s various components and how it works.
Fuzzing & exploiting wireless device drivers Sylvester Keil & Clemens Kolbitsch
Fuzzing 802.11 drivers
DeepSec__Keil_Kolbitsch – Presentation Virtual_Fuzzing [pdf]
KiF – a stateful SIP fuzzer Humberto J. Abdelnur & Radu State & Olivier Festor
Analysis of fuzzing SIP and discussion of KiF, a SIP fuzzing tool, and also discusses vulnerabilities discovered.
Fuzzing in Microsoft and Fuzzguru Framework John Neystadt
A brief overview of microsoft’s Fuzzguru framework
Analysis of Mutation and Generation-Based Fuzzing Charlie Miller & Zachary N.J. Peterson
A discussion and research-backed comparison of generational vs mutational fuzzing against PNG files
Wi-Fi Advanced Fuzzing Laurent Butti
Fuzzing 802.11 and discussion of some discovered vulnerabilities
Fuzzing Frameworks Pedram Amini & Aaron Portnoy
Discussion of existing fuzzing frameworks, introduction and exploration of the Sulley fuzzing framework
Fuzzing with Code Coverage Charlie Miller
Using code coverage results to improve fuzzing, find better crash testcases. Also touches on evolutionary fuzzing.
Automated Whitebox Fuzz Testing Patrice Godefroid & Michael Y. Levin & David Molnar
Microsoft & UC Berkeley’s paper on whitebox fuzzing, including symbolic execution, constraint solving, and discussion of Microsofts SAGE.
Flayer: Exposing Application Internals Will Drewry & Tavis Ormandy
Introduction to the flayer tool; a dynamic taint analysis integrated within valgrind.
The evolving art of fuzzing Jared DeMott
An early paper covering the major aspects of fuzzing
The Art of File Format Fuzzing Michael Sutton & Adam Greene
The process of fuzzing file formats on multiple platforms
The Advantages of Block-Based Protocol Analysis for Security Testing Dave Aitel
Breaking protocols down into logical blocks and creating models to fuzz from. Introduction to the infamous SPIKE fuzzer.
An empirical Study of the Reliability of UNIX Utilities Barton P Miller & Lars Fredriksen & Bryan So
The original paper studying unexpected input into unix utilities.