【学术沙龙】NISL 11月03日活动预告 - TO BE ON AIR

清华大学网络与信息安全实验室学术沙龙，欢迎关注~ 

This is the Paper Reading Seminar of Network and Information Security Lab (NISL) at Tsinghua University. Tune in for more details!

* 本次分享对外公开直播，线上参会者要求实名备注“姓名-单位”

1.【论文分享】Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities

• Presenter: 穆柯橪

• Conference: IEEE S&P 2023

• Authors:

  Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel,Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé

• Abstract:

  This paper implements a gray-box coverage-guided mutational fuzzing tool, Witcher, targeting at SQL injection and command injection vulnerabilities based on AFL, which is suitable for multiple Web programming languages and can find more vulnerabilities than mainstream black-box fuzzing tools.

• Link to paper:

  https://pagabuc.me/docs/oakland23_witcher.pdf

2.【论文分享】BinProv: Binary Code Provenance Identification without Disassembly

• Presenter: 朱文宇

• Conference: RAID 2022

• Authors:

  Xu He, Shu Wang, Yunlong Xing, Pengbin Feng, Haining Wang, Qi Li, Songqing Chen, Kun Sun

• Abstract:

  This paper proposes a BERT-based compiler provenance tool, which avoids disassembly and works well on obfuscated binary code.

• Link to paper:

  https://dl.acm.org/doi/abs/10.1145/3545948.3545956