Home » Tags

论文总结

fuzz整理

#TODO [[SemFuzz Semantics-based Automatic Generation of Proof-of-Concept Exploits]] 变异策略分为粗细粒度 粗粒度:将每次的输入称之为模糊实例,测量模糊实例和脆弱函数之间的距离(距离是两者之间最短路径的节点数),...

June 22, 2023 · 2 min · 918 words · JUHUA 创建: June 22, 2023 | 更新: June 22, 2023 | 时长: 2分钟 | JUHUA

SemFuzz 总结笔记

information source common vulnerabilities and exposures (CVE) systems CVE - CVE (mitre.org) Linux git logs CVE - CVE (mitre.org) bug descriptions posted on forums and blogs SEMANTIC INFORMATION RETRIEVING NLP tool process these information, output calling sequence. so, fuzzer utilizes the sequences to guidline the fuzz this part i want know how the fuzzer use these sequences, how two prune the unreachable path I noticed that the example both have...

June 22, 2023 · 1 min · 467 words · JUHUA 创建: June 22, 2023 | 更新: June 22, 2023 | 时长: 1分钟 | JUHUA

The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing 总结笔记

具体内容可看 [[The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing]] 术语缩写 : PUT program under test DSE directed symbolic execution 定向符号执行 DGF 现在的一些研究方向(内容): 设计新的 fitness 距离 相似度(比距离有优势)![[...

June 22, 2023 · 2 min · 735 words · JUHUA 创建: June 22, 2023 | 更新: June 22, 2023 | 时长: 2分钟 | JUHUA

What You Corrupt Is Not What You Crash Challenges in Fuzzing Embedded Devices 总结笔记

[[What You Corrupt Is Not What You Crash Challenges in Fuzzing Embedded Devices]] 参考:浅谈固件Fuzz_黑客技术 (hackdig.com) 嵌入式设备分类 基于 Linux OS 的嵌入式设备:对于初次接触固件漏洞挖掘的读者往往接触的都是...

June 22, 2023 · 2 min · 717 words · JUHUA 创建: June 22, 2023 | 更新: June 22, 2023 | 时长: 2分钟 | JUHUA

模糊测试分类

2023-06-22 16:07 L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing. DSN 2022 关于蓝牙设备的fuzz 解决的问题:不能有效地生成蓝牙的畸形数据包 本文提出的方法生成的畸形数据包数量增加了46倍,数...

June 22, 2023 · 4 min · 1583 words · JUHUA 创建: June 22, 2023 | 更新: June 22, 2023 | 时长: 4分钟 | JUHUA