{FIRM-AFL}:{High-Throughput} greybox fuzzing of {IoT} firmware via augmented process emulation
Cyber attacks against IoT devices are a severe threat. These attacks exploit software
vulnerabilities in IoT firmware. Fuzzing is an effective software testing technique for finding …
vulnerabilities in IoT firmware. Fuzzing is an effective software testing technique for finding …
[PDF][PDF] Avatar 2: A multi-target orchestration platform
Dynamic binary analysis techniques play a central role to study the security of software
systems and detect vulnerabilities in a broad range of devices and applications. Over the …
systems and detect vulnerabilities in a broad range of devices and applications. Over the …
FaaSLight: General Application-level Cold-start Latency Optimization for Function-as-a-Service in Serverless Computing
Serverless computing is a popular cloud computing paradigm that frees developers from
server management. Function-as-a-Service (FaaS) is the most popular implementation of …
server management. Function-as-a-Service (FaaS) is the most popular implementation of …
Repeatable reverse engineering with PANDA
B Dolan-Gavitt, J Hodosh, P Hulin, T Leek… - Proceedings of the 5th …, 2015 - dl.acm.org
We present PANDA, an open-source tool that has been purpose-built to support whole
system reverse engineering. It is built upon the QEMU whole system emulator, and so …
system reverse engineering. It is built upon the QEMU whole system emulator, and so …
DTaint: detecting the taint-style vulnerability in embedded device firmware
K Cheng, Q Li, L Wang, Q Chen… - 2018 48th Annual …, 2018 - ieeexplore.ieee.org
A rising number of embedded devices are reachable in the cyberspace, such as routers,
cameras, printers, etc. Those devices usually run firmware whose code is proprietary with …
cameras, printers, etc. Those devices usually run firmware whose code is proprietary with …
Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation
Greybox fuzzing has become one of the most effective vulnerability discovery techniques.
However, greybox fuzzing techniques cannot be directly applied to applications in IoT …
However, greybox fuzzing techniques cannot be directly applied to applications in IoT …
[PDF][PDF] SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets.
Software patching is a crucial mitigation approach against Spectre-type attacks. It utilizes
serialization instructions to disable speculative execution of potential Spectre gadgets in a …
serialization instructions to disable speculative execution of potential Spectre gadgets in a …
[PDF][PDF] Extract Me If You Can: Abusing PDF Parsers in Malware Detectors.
Owing to the popularity of the PDF format and the continued exploitation of Adobe Reader,
the detection of malicious PDFs remains a concern. All existing detection techniques rely on …
the detection of malicious PDFs remains a concern. All existing detection techniques rely on …
Deepmem: Learning graph neural network models for fast and robust memory forensic analysis
Kernel data structure detection is an important task in memory forensics that aims at
identifying semantically important kernel data structures from raw memory dumps. It is …
identifying semantically important kernel data structures from raw memory dumps. It is …
Capturing malware propagations with code injections and code-reuse attacks
D Korczynski, H Yin - Proceedings of the 2017 ACM SIGSAC …, 2017 - dl.acm.org
Defending against malware involves analysing large amounts of suspicious samples. To
deal with such quantities we rely heavily on automatic approaches to determine whether a …
deal with such quantities we rely heavily on automatic approaches to determine whether a …