… We implemented this algorithm into LIBFUZZER and call our fuzzer SGFUZZ (Stateful
Greybox Fuzzer). Starting with an initial seed corpus T and until a timeout is reached or the user …

… The aim of this work is to develop a greybox fuzzer (StateAFL) for network servers that only
… to what the AFL fuzzer achieved for stateless programs. The proposed fuzzer instruments the …

… blackbox fuzzing (SBF), such as Peach [5] and BooFuzz [6]. By … stateful coveragebased
greybox fuzzing (SCGF) to solve the above problems. AFLNET [7] was the first greybox fuzzer for …

… inputs, a greybox fuzzer can be steered, … greybox fuzzing aware of the input structure [7],
[16]–[18]. In contrast, we suggest to make greybox fuzzing aware of the state space of a stateful …

… This paper proposes a model-based grey-box fuzzing … (MAT) framework and grey-box
fuzzing guided by the learned model … for stateful protocol fuzzing, termed model-based grey-box …

… protocol fuzzers to highlight the challenges when addressing stateful network protocol …
a state-driven smart graybox protocol fuzzer called SGPFuzzer that can fully test stateful network …

… knowledge of coverage-guided greybox fuzzing and directed greybox fuzzing. Section 3
evaluates the collected state-of-the-art directed greybox fuzzers based on the extracted metrics …

… progress in fuzzing, we build a greybox fuzzing framework to … stateful software systems;
however, it does not achieve verification. Our work substantially extends directed greybox fuzzing …

… stateful black-box fuzz testing techniques. By constructing a protocol state machine model,
stateful black-box fuzz … -based grey box stateful protocol fuzzer in network protocol fuzz testing…

… We have proposed an automated stateful and introspection-driven grey-box fuzzer towards
Linux-based firmware images. It utilizes the message-state queue to satisfy authentication, …