USENIX WOOT Conference on Offensive Technologies
276 posts

USENIX WOOT Conference on Offensive Technologies
@wootsecurity
WOOT aims to present a broad picture of offense and its contributions, bringing together researchers and practitioners in all areas of computer security
Colocated with Usenix Security Katılım Ekim 2020
53 Takip Edilen1.7K Takipçiler

By reverse engineering AirDrop and building the AIRFUZZ fuzzer, @microsvuln @notippenhauer uncover six vulnerabilities across macOS, iOS, Android, & Windows, incl. zero-click DoS bugs, authentication and encryption bypasses, and use-after-free with remote-code-execution impact.


English

Huber & Schink of @FraunhoferAISEC evaluate BBI-based online and offline manipulations of on-microcontroller flash memory, providing stealthy data manipulation and the ability to re-enable new µC interfaces & features.



English

Project Repo: github.com/Trust-AI-ua/Ne…
#TAI Lab.
English

Models like BLIP can leak training data, unless you rethink the architecture. @Davidamebley @sayantonv introduce NEURO(++) topological regularization. The twist: resilience is highly model- & dataset-dep., i.e., attackers can’t assume one-size-fits-all behavior. #TrustworthyAI


English

GRAPE is cross-context code-pattern scanner that scans the entire Chromium code base in 12 minutes and earned the Authors of "Squeezing Juicy Variant Bugs Out of Modern Browsers" $17k5 for 24 newly-found vulnerabilities.
Pre-print: kdsjzh.github.io/assets/pdf/26W…

English

Submit a poster to any offensive security topics you'd like to discuss with or show to the WOOT audience! usenix.org/conference/woo…

English

Put a Tesla into a Faraday tent and test its LTE security. It did not end well.
See “Security Analysis of LTE Connectivity in Connected Cars: A Case Study of Tesla” at USENIX WOOT’26. @tuxmaniac github.com/Signal-Intelli…


English

Microsoft's 6-year-old Zerologon patches use AES-CFB8 incorrectly. The novel Onelogon attack provides two ways to take over an vlunerable AD account in apx 30 minutes. #AESCFB8fail #WONTFIX softsec.link/woot26.onelogon @al3x_n3ff


English

Preprint: sickcell6000.github.io/HotWire/2026_W…
English

With about $180 of off-the-shelf hardware, HotWire sickcell6000.github.io/HotWire/ steals charging billed to victims, and drains an EV's batteries until they won't start — demonstrated on production cars and live public charging networks.
Paper and presentation at @wootsecurity 2026.


English

SynthIR tricks deepfake image detectors using a simple optical filter and cardboard. To defend from their attack Ishizue, Rampazzi, & Sugawara propose a detection method based on dual-pixel sensors. tetsuishizue.github.io/BreakingInfrar…
see the full WOOT'26 lineup: usenix.org/conference/woo…


English

Constant time programming is the primary defense against timing attacks, but the meaning of the term actually varies. On a key loading case study, Brumley finds BoringSSL's leak orders of magnitude stronger than OpenSSL's, despite, surprisingly, a stricter threat model.@riteslgci

English

If you have a better poster, we like to hear from you! Submit your poster by June 25th at usenix.org/conference/woo…

English

USENIX WOOT Conference 2026: two submission deadlines this year!
- Cycle 1: December 12, 2025 *only one month away* !
- Cycle 2: March 3, 2026
WOOT still has a SoK track and an "Up-and-coming track" (~Industry), CFP for details : usenix.org/conference/woo…

English

WOOT 2025 closing Keynote
"Escaping Cantor's Find-Fix Cycle"
by @FalconDarkstar from @dartmouth and @aiven_io

English





