Papers
Academic papers and articles that I read related to web hacking, fuzzing, etc. / 阅读过的Web安全方向、模糊测试方向的一些论文与阅读笔记
Install / Use
/learn @LyleMi/PapersREADME
Papers
Recently read academic papers, articles on Web Security/Fuzzing, etc., and some reading notes written by myself or excerpted from other sources.
Table of Contents
- Recommend Conferences
- ACM
- ACM CCS
- ACSAC
- ASE
- Arxiv
- AsiaCCS
- Black Hat
- Black Hat Asia
- Black Hat EU
- Black Hat USA
- Black Hat WorkShop
- Blog
- CCS
- DSN
- Defcon
- ESEC/FSE
- FSE
- H2HC
- HITB
- ICSE
- ICST
- IEEE
- IEEE S&P
- IEEE-ACM
- IJCAI
- ISCA
- ISSTA
- MS
- Misc
- NDSS
- OOPSLA
- Offensive
- OffensiveCon
- PLDI
- PPT
- QPSS
- RAID
- SIGMOD
- SIGPLAN
- Secwest
- TSE
- USENIX ATC
- Usenix
- WOOT
- Whitepaper
Recommend Conferences
| Conference | Full Name | dblp Link | | ----- | ----- | ----- | | CCS | ACM Conference on Computer and Communications Security | https://dblp.uni-trier.de/db/conf/uss/ | | Usenix | USENIX Security Symposium | https://dblp.uni-trier.de/db/conf/ccs/ | | S&P | IEEE Symposium on Security and Privacy | https://dblp.uni-trier.de/db/conf/sp/ | | NDSS | ISOC Network and Distributed System Security Symposium | https://dblp.uni-trier.de/db/conf/ndss/ |
ACM
| Title | Authors | Organization | Year | Keywords | | --- | --- | --- | --- | --- | | Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables | Schwartz | | 2018 | Decompile | | Automatic exploit generation | | | | Fuzz | | Predicting vulnerable software components | | | | Fuzz | | Scheduling Black-box Mutational Fuzzing | | | | Fuzz | | Symbolic execution for software testing three decades later | | | | Fuzz | | evaluating fuzz testing | | | | Fuzz |
ACM CCS
| Title | Authors | Organization | Year | Keywords | | --- | --- | --- | --- | --- | | Alert Alchemy: SOC Workflows and Decisions in the Management of NIDS Rules | Mathew Vermeer | Technische Universiteit Delft | 2023 | NIDS | | Black Ostrich: Web Application Scanning with String Solvers | Benjamin Eriksson | Chalmers Tekniska Högskola | 2023 | Web;Spider | | Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs | Yue Zhang | The Ohio State University | 2023 | Mini-Program;Secret Leak | | Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers | Dominik Trevor Noß | Ruhr-Universität Bochum | 2023 | DOM | | Lost along the Way: Understanding and Mitigating Path-Misresolution Threats to Container Isolation | Zhi Li | Huazhong University of Science and Technology | 2023 | Container Isolation | | Passive SSH key compromise via lattices | Keegan Ryan | University of California, San Diego | 2023 | SSH | | PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing | Wen Li | Washington State University | 2023 | Fuzz;Python | | Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers | Fenglu Zhang | Tsinghua University | 2023 | DNS | | Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications | Nanzi Yang | Xidian University | 2023 | k8s | | TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers | Wei Xu | Wei Xu | 2023 | Tsinghua University | | Understanding and Detecting Abused Image Hosting Modules as Malicious Services | Geng Hong | Fudan University, Shanghai, China | 2023 | Abuse | | Whole-Program Control-Flow Path Attestation | Nikita Yadav | Indian Institute of Science | 2023 | Control-Flow |
ACSAC
| Title | Authors | Organization | Year | Keywords | | --- | --- | --- | --- | --- | | Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones | Imtiaz Karim | Purdue University | 2019 | Fuzz |
ASE
| Title | Authors | Organization | Year | Keywords | | --- | --- | --- | --- | --- | | BigFuzz: Efficient Fuzz Testing for Data Analytics using Framework Abstraction | Qian Zhang | University of California, Los Angeles | 2020 | Fuzz | | Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences | Yuqi Chen | Singapore University of Technology and Design, Singapore | 2019 | Fuzz | | FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage | Caroline Lemieux | University of California, Berkeley, USA | 2018 | Fuzz;AFL |
Arxiv
| Title | Authors | Organization | Year | Keywords | | --- | --- | --- | --- | --- | | Building Fast Fuzzers | Rahul Gopinath and Andreas Zeller | CISPA | 2019 | Fuzz | | Improving Grey-Box Fuzzing by Modeling Program Behavior | | | 2019 | Fuzz | | Adaptive Grey-Box Fuzz-Testing with Thompson Sampling | | | | Fuzz | | Attention Is All You Need | | | | Fuzz | | Deep Reinforcement Fuzzing | | | | Fuzz | | FuzzerGym A Competitive Framework for Fuzzing | | | | Fuzz | | Fuzzing Art, Science and Engineering | | | | Fuzz | | Leveraging Textual Specifications for Grammar-based Fuzzing of Network Protocols | | | | Fuzz | | NEUZZ Efficient Fuzzing with Neural Program Learning | | | | Fuzz | | NEUZZ Efficient Fuzzing with Neural Program Smoothing | | | | Fuzz | | Not all bytes are equal Neural byte sieve for fuzzing | | | | Fuzz | | TensorFuzz Debugging Neural Networks with Coverage-GUided Fuzzing | | | | Fuzz | | neural machine translation inspired binary code similarity comparison beyond function pairs | | | | Fuzz |
AsiaCCS
| Title | Authors | Organization | Year | Keywords | | --- | --- | --- | --- | --- | | A Feature-Oriented Corpus for Understanding, Evaluating and Improving Fuzz Testing | Xiaogang Zhu | Swinburne University of Technology | 2019 | Fuzzing | | PTrix Efficient Hardware-Assisted Fuzzing for COTS Binary | Yaohui Chen | Northeastern University | 2019 | Fuzz | | Practical Side-Channel Attacks against WPA-TKIP | Domien Schepers | | 2019 | Wi;Fi | | ScriptProtect: Mitigating UnsafeThird-Party JavaScript Practices | Marius Musch | TU Braunschweig | 2019 | XSS |
Black Hat
| Title | Authors | Organization | Year | Keywords | | --- | --- | --- | --- | --- | | A New Class of DNS Vulnerabilities Affecting Many DNS-as-Service Platforms | Shir Tamari | Wiz.io | 2021 | DNS;Cloud | | ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication | Marcus Brinkmann | Ruhr University Bochum | 2021 | TLS | | Another Road Leads to the Host: From a Message to VM Escape on Nvidia vGPU | Wenxiang Qian | Tencent Blade Team | 2021 | VM Escape | | Breaking the Isolation: Cross-Account AWS Vulnerabilities | Shir Tamari | Wiz.io | 2021 | AWS;Cloud | | Bypassing Windows Hello for Business and Pleasure | Omer Tsarfati | CyberArk | 2021 | Windows;Auth | | Do You Speak My Language? Make Static Analysis Engines Understand Each Other | Ibrahim Elsayed | Facebook | 2021 | Static Analysis | | Let's Attack Let's Encrypt | Haya Shulman | | 2021 | Crypto;CA | | Mobius Band: Explore Hyper-V Attack Interface through Vulnerabilities Internals | Zhenhao Hong | Ant Group Light-Year Security Lab | 2021 | Hyper-V;Exploit | | hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day | Peleg Hadar | SafeBreach Labs | 2021 | Fuzz;Virtual | | 0-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars | Zhiqiang Cai | KeenLab | 2019 | Car | | API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web | Joshua Maddux | PKC Security | 2019 | Web;SSRF;API | | All the 4G Modules Could be Hacked | Shupeng Gao | Baidu Security Lab | 2019 | 4G;IoT | | Attack Surface as a Service | Anna Westelius | Arkose Labs | 2019 | PPT | | Attacking And Defending The Microsoft Cloud | Sean Metcalf | | 2019 | Web | | Battle Of Windows Service A Silver Bullet To Discover File Privilege Escalation Bugs Automatically | Wenxu Wu (@Ma7h1as) | Xuanwu Lab of Tencent | 2019 | Windows;Fuzz;Logic | | DevSecOps : What, Why and How | Anant Shrivastava | NotSoSecure | 2019 | DevSecOps | | Dragonblood: Attacking the Dragonfly Handshake of WPA3 | Mathy Vanhoef | New York University Abu Dhabi | 2019 | Wifi | | Exploiting Qualcomm WLAN and Modem Over The Air | Xiling Gong | Tencent Blade Team | 2019 | WLAN | | HTTP Desync Attacks: Smashing into the Cell Next Door | James Kettle | PortSwigger Web Security | 2019 | Web | | HostSplit: Exploitable Antipatterns in Unicode Normalization | Jonathan Birch | Microsoft | 2019 | IDN | | I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy | Matt Wixey | PwC | 2019 | Social Engineering | | Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs | Orange Tsai | DEVCORE | 2019 | Web | | Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception | Luke Valenta | Cloudflare | 2019 | Web | | Munoz SSO Wars The Token Menace | Alvaro Munoz | | 2019 | Web;Auth;SAML | | Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale | Aladdin Almubayed | Netflix | 2019 | Supply Chain | | The Enemy Within: Modern Supply Chain Attacks | Eric Doerr | MSRC | 2019 | Supply Chain | | WebAssembly A New World of Native Exploits On The Web | | | 2018 | WebAssembly | | HEIST HTTP Encrypted Information Can Be Stolen Through TCP Windows | | | 2016 | HTTPS Side-Channel | | Molinyawe Shell On Earth From Browser To System Compromise | | | 2016 | Fuzz | | Unicorn: Next Generation CPU Emulator Framework | NGUYEN Anh Quynh | | 2015 | Emulator | | the power of pair one template that reveals 100 plus u
