WOOT - researchr conference series publications

researchr

You are not signed in
Sign in
Sign up

Viewing Publication 1 - 100 from 191

2020

Office Document Security and PrivacyJens Müller 0007, Fabian Ising, Christian Mainka, Vladislav Mladenov, Sebastian Schinzel, Jörg Schwenk. woot 2020: [doi]

Unearthing the TrustedCore: A Critical Review on Huawei's Trusted Execution EnvironmentMarcel Busch, Johannes Westphal, Tilo Müller. woot 2020: [doi]

Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel PointersHaehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu Wang 0001, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. woot 2020: [doi]

ToothPicker: Apple Picking in the iOS Bluetooth StackDennis Heinze, Jiska Classen, Matthias Hollick. woot 2020: [doi]

OS Security Is Hard: Why All the Fuzzers in the World Won't Change the Way Platform Security Is Failing UsAlex Ionescu. woot 2020: [doi]

NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based ToolkitSteffen Klee, Alexandros Roussos, Max Maass, Matthias Hollick. woot 2020: [doi]

AFL++ : Combining Incremental Steps of Fuzzing ResearchDominik Maier, Heiko Eißfeldt, Andrea Fioraldi, Marc Heuse. woot 2020: [doi]

Hardware Security Is Hard: How Hardware Boundaries Define Platform SecurityAlex Matrosov. woot 2020: [doi]

One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit MicrocontrollersJohannes Obermaier, Marc Schink, Kosma Moczek. woot 2020: [doi]

Automatic Generation of Compact Printable Shellcodes for x86Dhrumil Patel, Aditya Basu, Anish Mathuria. woot 2020: [doi]

When Oblivious is Not: Attacks against OPAMNirjhar Roy, Nikhil Bansal, Gourav Takhar, Nikhil Mittal, Pramod Subramanyan. woot 2020: [doi]

When Is a Proof Actually Not?Vanessa Teague. woot 2020: [doi]

Firmware Insider: Bluetooth Randomness is Mostly RandomJörn Tillmanns, Jiska Classen, Felix Rohrbach, Matthias Hollick. woot 2020: [doi]

Bankrupt Covert Channel: Turning Network Predictability into VulnerabilityDmitrii Ustiugov, Plamen Petrov 0003, M. R. Siavash Katebzadeh, Boris Grot. woot 2020: [doi]

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low EnergyJianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, Dongyan Xu. woot 2020: [doi]

14th USENIX Workshop on Offensive Technologies, WOOT 2020, August 11, 2020Yuval Yarom, Sarah Zennou, editors, USENIX Association, 2020. [doi]

2019

RISC-V: #AlphanumericShellcodingHadrien Barral, Rémi Géraud-Stewart, Georges-Axel Jaloyan, David Naccache. woot 2019: [doi]

A better zip bombDavid Fifield. woot 2019: [doi]

13th USENIX Workshop on Offensive Technologies, WOOT 2019, Santa Clara, CA, USA, August 12-13, 2019Alex Gantman, Clémentine Maurice, editors, USENIX Association, 2019. [doi]

Defeating Cisco Trust Anchor: A Case-Study of Recent Advancements in Direct FPGA Bitstream ManipulationJatin Kataria, Rick Housley, Joseph Pantoga, Ang Cui. woot 2019: [doi]

How Sharp is SHARP ?Dixit Kumar, Chavhan Sujeet Yashavant, Biswabandan Panda, Vishal Gupta. woot 2019: [doi]

Who Spent My EOS? On the (In)Security of Resource Management of EOS.IOSangsup Lee, Daejun Kim, Dongkwan Kim, Sooel Son, Yongdae Kim. woot 2019: [doi]

Unicorefuzz: On the Viability of Emulation for Kernelspace FuzzingDominik Maier, Benedikt Radtke, Bastian Harren. woot 2019: [doi]

Two methods for exploiting speculative control flow hijacksAndrea Mambretti, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Anil Kurmus. woot 2019: [doi]

MIN()imum Failure: EMFI Attacks against USB StacksColin O'Flynn. woot 2019: [doi]

Cross-Router Covert ChannelsAdar Ovadia, Rom Ogen, Yakov Mallah, Niv Gilboa, Yossi Oren. woot 2019: [doi]

D-TIME: Distributed Threadless Independent Malware Execution for Runtime ObfuscationJithin Pavithran, Milan Patnaik, Chester Rebeiro. woot 2019: [doi]

Distributed Password Hash Computation on Commodity Heterogeneous Programmable PlatformsBranimir Pervan, Josip Knezovic, Katja Pericin. woot 2019: [doi]

Automatic Wireless Protocol Reverse EngineeringJohannes Pohl, Andreas Noack. woot 2019: [doi]

Taking a Look into Execute-Only MemoryMarc Schink, Johannes Obermaier. woot 2019: [doi]

Alternative (ab)uses for HTTP Alternative ServicesTrishita Tiwari, Ari Trachtenberg. woot 2019: [doi]

Vacuums in the Cloud: Analyzing Security in a Hardened IoT EcosystemFabian Ullrich, Jiska Classen, Johannes Eger, Matthias Hollick. woot 2019: [doi]

Breaking Turtles All the Way Down: An Exploitation Chain to Break out of VMware ESXiHanqing Zhao, Yanyu Zhang, Kun Yang, Taesoo Kim. woot 2019: [doi]

2018

Optimizing Recurrent Pulsing Attacks using Application-Layer Amplification of Open DNS ResolversJonas Bushart. woot 2018: [doi]

Security Analysis of eIDAS - The Cross-Country Authentication Scheme in EuropeNils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk. woot 2018: [doi]

Swipe Your Fingerprints! How Biometric Authentication Simplifies Payment, Access and Identity FraudJulian Fietkau, Starbug, Jean-Pierre Seifert. woot 2018: [doi]

Fishy Faces: Crafting Adversarial Images to Poison Face AuthenticationGiuseppe Garofalo, Vera Rimmer, Tim Van hamme, Davy Preuveneers, Wouter Joosen. woot 2018: [doi]

SoK: Make JIT-Spray Great AgainRobert Gawlik, Thorsten Holz. woot 2018: [doi]

NEMESYS: Network Message Syntax Reverse Engineering by Analysis of the Intrinsic Structure of Individual MessagesStephan Kleber, Henning Kopp, Frank Kargl. woot 2018: [doi]

Spectre Returns! Speculation Attacks using the Return Stack BufferEsmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, Nael B. Abu-Ghazaleh. woot 2018: [doi]

Tools for Active and Passive Network Side-Channel Detection for Web ApplicationsMichael Lescisin, Qusay H. Mahmoud. woot 2018: [doi]

You Snooze, You Lose: Measuring PLC Cycle Times under AttacksMatthias Niedermaier, Jan-Ole Malchow, Florian Fischer, Daniel Marzin, Dominik Merli, Volker Roth 0002, Alexander von Bodisco. woot 2018: [doi]

Sensorless, Permissionless Information Exfiltration with Wi-Fi Micro-JammingRom Ogen, Kfir Zvi, Omer Shwartz, Yossi Oren. woot 2018: [doi]

Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless ProtocolsJohannes Pohl, Andreas Noack. woot 2018: [doi]

12th USENIX Workshop on Offensive Technologies, WOOT 2018, Baltimore, MD, USA, August 13-14, 2018Christian Rossow, Yves Younan, editors, USENIX Association, 2018. [doi]

Browser history re: visitedMichael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, Deian Stefan. woot 2018: [doi]

Physical Adversarial Examples for Object DetectorsDawn Song, Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li 0044, Amir Rahmati, Florian Tramèr, Atul Prakash, Tadayoshi Kohno. woot 2018: [doi]

Symbolic Execution of Security Protocol Implementations: Handling Cryptographic PrimitivesMathy Vanhoef, Frank Piessens. woot 2018: [doi]

Hitag 2 Hell - Brutally Optimizing Guess-and-Determine AttacksAram Verstegen, Roel Verdult, Wouter Bokslag. woot 2018: [doi]

Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet ScaleAlexander Vetterl, Richard Clayton. woot 2018: [doi]

A Feasibility Study of Radio-frequency Retroreflector AttackSatohiro Wakabayashi, Seita Maruyama, Tatsuya Mori, Shigeki Goto, Masahiro Kinugawa, Yu-ichi Hayashi. woot 2018: [doi]

2017

Stalling Live Migrations on the CloudAhmed Atya, Azeem Aqil, Karim Khalil, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas F. La Porta. woot 2017: [doi]

dr0wned - Cyber-Physical Attack with Additive ManufacturingSofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Jacob Gatlin, Yuval Elovici. woot 2017: [doi]

One Car, Two Frames: Attacks on Hitag-2 Remote Keyless Entry Systems RevisitedRyad Benadjila, Mathieu Renard, José Lopes-Esteves, Chaouki Kasmi. woot 2017: [doi]

unCaptcha: A Low-Resource Defeat of reCaptcha's Audio ChallengeKevin Bock, Daven Patel, George Hughey, Dave Levin. woot 2017: [doi]

Software Grand Exposure: SGX Cache Attacks Are PracticalFerdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, Ahmad-Reza Sadeghi. woot 2017: [doi]

BADFET: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault InjectionAng Cui, Rick Housley. woot 2017: [doi]

11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, August 14-15, 2017William Enck, Collin Mulliner, editors, USENIX Association, 2017. [doi]

Breaking and Fixing GridcoinMartin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk. woot 2017: [doi]

SPEAKE(a)R: Turn Speakers to Microphones for Fun and ProfitMordechai Guri, Yosef A. Solewicz, Andrey Daidakulov, Yuval Elovici. woot 2017: [doi]

fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor CustomizationsRoee Hay. woot 2017: [doi]

Adversarial Example Defense: Ensembles of Weak Defenses are not StrongWarren He, James Wei, Xinyun Chen, Nicholas Carlini, Dawn Song. woot 2017: [doi]

AutoCTF: Creating Diverse Pwnables via Automated Bug InjectionPatrick Hulin, Andy Davis, Rahul Sridhar, Andrew Fasano, Cody Gallagher, Aaron Sedlacek, Tim Leek, Brendan Dolan-Gavitt. woot 2017: [doi]

Automated PCB Reverse EngineeringStephan Kleber, Henrik Ferdinand Nölscher, Frank Kargl. woot 2017: [doi]

From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacksAnil Kurmus, Nikolas Ioannou, Nikolaos Papandreou, Thomas P. Parnell. woot 2017: [doi]

Shedding too much Light on a Microcontroller's Firmware ProtectionJohannes Obermaier, Stefan Tatschner. woot 2017: [doi]

White-Stingray: Evaluating IMSI Catchers Detection ApplicationsShinjo Park, Altaf Shaik, Ravishankar Borgaonkar, Andrew Martin, Jean-Pierre Seifert. woot 2017: [doi]

POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault InjectionJames Patrick-Evans, Lorenzo Cavallaro, Johannes Kinder. woot 2017: [doi]

Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring SystemLuca Reverberi, David Oswald. woot 2017: [doi]

Static Exploration of Taint-Style Vulnerabilities Found by FuzzingBhargava Shastry, Federico Maggi, Fabian Yamaguchi, Konrad Rieck, Jean-Pierre Seifert. woot 2017: [doi]

Shattered Trust: When Replacement Smartphone Components AttackOmer Shwartz, Amir Cohen, Asaf Shabtai, Yossi Oren. woot 2017: [doi]

Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability DiscoveryTommi Unruh, Bhargava Shastry, Malte Skoruppa, Federico Maggi, Konrad Rieck, Jean-Pierre Seifert, Fabian Yamaguchi. woot 2017: [doi]

One Side-Channel to Bring Them All and in the Darkness Bind Them: Associating Isolated Browsing SessionsTom van Goethem, Wouter Joosen. woot 2017: [doi]

Exploitations of Uninitialized Uses on macOS SierraZhenquan Xu, Gongshen Liu, Tielei Wang, Hao Xu. woot 2017: [doi]

2016

10th USENIX Workshop on Offensive Technologies, WOOT 16, Austin, TX, August 8-9, 2016USENIX Association, 2016. [doi]

AVLeak: Fingerprinting Antivirus Emulators through Black-Box TestingJeremy Blackthorne, Alexei Bulazel, Andrew Fasano, Patrick Biernat, Bülent Yener. woot 2016: [doi]

A Rising Tide: Design Exploits in Industrial Control SystemsAlexander Bolshev, Jason Larsen, Marina Krotofil, Reid Wightman. woot 2016: [doi]

Fillory of PHY: Toward a Periodic Table of Signal Corruption Exploits and Polyglots in Digital RadioSergey Bratus, Travis Goodspeed, Ange Albertini, Debanjum S. Solanky. woot 2016: [doi]

Truck Hacking: An Experimental Analysis of the SAE J1939 StandardYelizaveta Burakova, Bill Hass, Leif Millar, André Weimerskirch. woot 2016: [doi]

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLSHanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic. woot 2016: [doi]

Eavesdropping One-Time Tokens Over Magnetic Secure Transmission in Samsung PayDaeseon Choi, YounHo Lee. woot 2016: [doi]

Controlling UAVs with Sensor Input Spoofing AttacksDrew Davidson, Hao Wu, Robert Jellinek, Vikas Singh, Thomas Ristenpart. woot 2016: [doi]

How to Phone Home with Someone Else's Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic SensorsBenyamin Farshteindiker, Nir Hasidim, Asaf Grosz, Yossi Oren. woot 2016: [doi]

How to Break Microsoft Rights Management ServicesMartin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk. woot 2016: [doi]

Non-Deterministic Timers for Hardware Trojan Activation (or How a Little Randomness Can Go the Wrong Way)Frank Imeson, Saeed Nejati, Siddharth Garg, Mahesh V. Tripunitara. woot 2016: [doi]

malWASH: Washing Malware to Evade Dynamic AnalysisKyriakos K. Ispoglou, Mathias Payer. woot 2016: [doi]

A Security Analysis of an In-Vehicle Infotainment and App PlatformSahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, Damon McCoy. woot 2016: [doi]

This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion PumpYoung-Seok Park, Yunmok Son, Hocheol Shin, Dohyun Kim, Yongdae Kim. woot 2016: [doi]

Acceleration Attacks on PBKDF2: Or, What Is inside the Black-Box of oclHashcat?Andrew Ruddick, Jeff Yan. woot 2016: [doi]

Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation CorrectnessDavid Rupprecht, Kai Jansen, Christina Pöpper. woot 2016: [doi]

Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network TrafficBrendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan Xu, John Qian. woot 2016: [doi]

Sampling Race: Bypassing Timing-Based Analog Active Sensor Spoofing Detection on Analog-Digital SystemsHocheol Shin, Yunmok Son, Young-Seok Park, Yujin Kwon, Yongdae Kim. woot 2016: [doi]

Hardware-Assisted Rootkits: Abusing Performance Counters on the ARM and x86 ArchitecturesMatt Spisak. woot 2016: [doi]

SoK: XML Parser VulnerabilitiesChristopher Späth, Christian Mainka, Vladislav Mladenov, Jörg Schwenk. woot 2016: [doi]

Abusing Public Third-Party Services for EDoS AttacksHuangxin Wang, Zhonghua Xi, Fei Li, Songqing Chen. woot 2016: [doi]

DDoSCoin: Cryptocurrency with a Malicious Proof-of-WorkEric Wustrow, Benjamin VanderSloot. woot 2016: [doi]

Links

Filter by Year
OR AND NOT 1

Filter by Tag

Filter by Author

[+]
OR AND NOT 1

Filter by Top terms

[+]
OR AND NOT 1

WOOT (woot)

Viewing Publication 1 - 100 from 191

2020

2019

2018

2017

2016

2015

Links

Filter by YearOR AND NOT 1

Filter by Tag

Filter by Author [+]OR AND NOT 1

Filter by Top terms [+]OR AND NOT 1

WOOT (woot)

Viewing Publication 1 - 100 from 191

2020

2019

2018

2017

2016

2015

Filter by Year
OR AND NOT 1

Filter by Author

[+]
OR AND NOT 1

Filter by Top terms

[+]
OR AND NOT 1