Skip to content

Instantly share code, notes, and snippets.

View R00tkitSMM's full-sized avatar

R00tkitSMM

107 followers · 2 following
View GitHub Profile
@R00tkitSMM
R00tkitSMM / deepfuzzing.md
Last active February 28, 2025 20:57
deepfuzzing.md

Improving Fuzzing Code Coverage with Neural Networks

Modern fuzzers like AFL (American Fuzzy Lop) use coverage-guided mutation to explore program paths. However, they can plateau on complex conditions or structured inputs due to blind random mutations. Neural networks offer a way to guide fuzzing beyond random chance—by learning patterns in inputs and program behavior—to improve code coverage. This document explores the best neural network approaches (surrogate models, reinforcement learning, and generative models) and how they boost code coverage in fuzzing, summarizing key research and potential workflow improvements.

1. Surrogate Neural Models for Guidance (Neural Program Smoothing)

One successful approach is to use surrogate neural networks to approximate a program’s branching behavior, thereby enabling gradient-guided input generation. NEUZZ (2019) pioneered this by training a feed-forward neural network to learn a smooth approximation of the target program’s logic.

@R00tkitSMM
R00tkitSMM / gist:8c7ddebc9c903f5f54a0d6a5774dc79e
Created October 31, 2024 10:52
filter out other file formats
bool isKTX2Header(const uint8_t *buffer, size_t size) {
const uint8_t ktx2Identifier[12] = {0xAB, 0x4B, 0x54, 0x58, 0x20, 0x32,
0x30, 0xBB, 0x0D, 0x0A, 0x1A, 0x0A};
if (size < 12) {
return false; // Buffer is too small to be a KTX2 header
}
// Compare the first 12 bytes of the buffer with the KTX2 identifier
return memcmp(buffer, ktx2Identifier, 12) == 0;
@R00tkitSMM
R00tkitSMM / e1000.c
Created August 20, 2022 17:36
Bug in Parallels Desktop
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <unistd.h>
#include <stdint.h>
#include <time.h>
#define RAH_VALID(1 << 31) /* AV */
@R00tkitSMM
R00tkitSMM / gist:1ff53355dbf74714dec99429e802af10
Created July 15, 2022 16:24
Parallels_desktop_e1000_crash.c
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <unistd.h>
#include <stdint.h>
#include <time.h>
#define RAH_VALID (1 << 31) /* AV */
@R00tkitSMM
R00tkitSMM / gist:bdf966621ec8131c00d55ccf3eff9384
Last active March 12, 2022 18:04
1-
fleh_dispatch64(asm code arm64 exception vector) -> sleh_synchronous ->
handle_abort -> handle_kernel_abort ->
panic_with_thread_kernel_state("Kernel data abort.", state);
2-
Entry(hndl_alltraps)
mov %esi, %eax
testb $3, %al
@R00tkitSMM
R00tkitSMM / kas_info.c
Created March 10, 2022 21:45
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>
int main(int argc, char** argv)
{
void *handle;
int (*kas_info)(int, uint64_t *, size_t *);
size_t kaslr_size = 0;