UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities

Driver Module Framework

Improving AFL by using Intel PT to collect branch information

FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.

GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.

FairFuzz: AFL extension targeting rare branches

AFL + DynamoRIO = fuzzing binaries with no source code on Linux

An IDA plugin that eases reversing of binaries that have been code-size-optimized with function outlining

MOpt-AFL provided by the paper "MOPT: Optimized Mutation Scheduling for Fuzzers"

USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types

american fuzzy lop for network fuzzing (unofficial) -- official afl site is http://lcamtuf.coredump.cx/afl/

Using CVE-2023-21768 to manual map kernel mode driver

Application Fuzzing: Tools, Techniques, and Best Practices

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

StateAFL: A Greybox Fuzzer for Stateful Network Servers

LPE exploit for CVE-2023-36802

BSOD: Binary-only Scalable fuzzing Of device Drivers

Windows驱动编程

Exploit targeting NT kernel in 24H2 Windows Insider Preview

OSS-Sydr-Fuzz - OSS-Fuzz fork for hybrid fuzzing (fuzzer+DSE) open source software.

fuzzing + concolic = fuzzolic :)

An AFL implementation with UnTracer (our coverage-guided tracer)

Symbolic Execution Over Processor Traces

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

Exploit for CVE-2023-36802 targeting MSKSSRV.SYS driver