Submit a poster to any offensive security topics you'd like to discuss with or show to the WOOT audience! www.usenix.org/conference/w...

Put a Tesla into a Faraday tent and test its LTE security. It did not end well. See “Security Analysis of LTE Connectivity in Connected Cars: A Case Study of Tesla” at USENIX WOOT’26. Repo & Pre-Print: github.com/Signal-Intel...

Microsoft's 6-year-old Zerologon patches use AES-CFB8 incorrectly. The novel Onelogon attack provides two ways to take over a vulnerable AD account in apx 30 minutes. #AESCFB8fail #WONTFIX softsec.link/woot26.onelo... @al3x-n3ff.bsky.social @kevin.borgolte.me @ruhr-uni-bochum.de

With about $180 of off-the-shelf hardware, HotWire sickcell6000.github.io/HotWire/ steals charging billed to victims, and drains an EV's batteries until they won't start - demonstrated on production cars and live public charging networks. Paper and presentation at WOOT'26.

SynthIR tricks deepfake image detectors using a simple optical filter and cardboard. To defend from their attack Ishizue, Rampazzi, & Sugawara propose a detection method based on dual-pixel sensors. tetsuishizue.github.io/BreakingInfr... see the full WOOT'26 lineup: www.usenix.org/conference/w...

Constant time programming is the primary defense against timing attacks, but the meaning of the term actually varies. On a key loading case study, Brumley finds BoringSSL's leak orders of magnitude stronger than OpenSSL's, despite, surprisingly, a stricter threat model.

If you have a better poster (or demo), we like to hear from you! Submit by June 25th at www.usenix.org/conference/w...

The Cycle 2 deadline for the USENIX WOOT Conference is in just one week (March 3, 2026). Full details are available in the Call for Papers: www.usenix.org/conference/w...

The Cycle 2 deadline for the USENIX WOOT Conference is in ~ 3 weeks (March 3, 2026)! WOOT continues to include both a Systematization of Knowledge (SoK) track and an Up-and-Coming track (industry-focused). Details are available in the Call for Papers: www.usenix.org/conference/w...

Only 4 days to the WOOT 2026 Cycle 1 submission deadline! Check the CFP for details: www.usenix.org/conference/w...

USENIX WOOT Conference 2026: two submission deadlines this year! - Cycle 1: December 12, 2025 *only one month away* ! - Cycle 2: March 3, 2026 WOOT still has a SoK track and an "Up-and-coming track" (~Industry), CFP for details: www.usenix.org/conference/w...

WOOT 2025 closing Keynote "Escaping Cantor's Find-Fix Cycle" by Falcon Darkstar Momot from Dartmouth College and Aiven.io

Last papers session "Exploit All the Things" (Chair: Cristine Hoepers) - Soufian El Yadmani: SecurePoC—detecting malicious GitHub exploits - Andrea Mambretti: SoK on kernel vuln discovery & auto exploit generation - Junho Lee: BOOTKITTY—stealth bootkit-rootkit for modern OSes

WOOT 2025 late morning session: Application Security (Chair: Yves Younan) - Gabriel Karl Gegenhuber: Prekey Pogo—WhatsApp handshake weaknesses - Manuel Karl: Formula injection in real-world spreadsheets - Jannik Hartung: PHP foot-gun case study (Best paper award !)

WOOT 2025 day 2 starts with another Physical Attacks session (Chair: A. Zonenberg): - Valentin Huber: Deep dive into FRAM fault injection effects - Boyapally Harishma: Side-channel reality check on ARM Cortex-A72 - Wooyeon Jo: PLC memory exploitation in industrial systems

WOOT 2025 last session today Network Security : - Mehrdad Hajizadeh: DeepRed: AI-driven red teaming vs ML-NIDS - Shujie Zhao: Stealth BGP hijacks under uRPF - Anqi Chen: FUZZVPN: Hunting OpenVPN vulns

WOOT 2025 1st session of the afternoon, "Hacking at a Distance" with: - Tommaso Sacchetti on large scale Bluetooth Security Testing - Chengsong Diao: Vulnerabilities in Master Lock Smart Locks - Seyyed Ali Ayati Acoustic Side-Channel on keyboards

WOOT 2025 schedule, all papers are now online open access: usenix.org/conference/w... Talks are recorded, and should be online in a few weeks.

First session, on hardware security: Two talks on attacking the @raspberrypi.com RP2350 by @nsinusr.bsky.social and Andrew D. Zonenberg. One talk on exploiting software using hardware fault injections by Zhenyuan Liu

WOOT 2025 Conference starting in Seattle. The program prepared by @noopwafel.bsky.social and @naehrdine.bsky.social includes sessions on hardware security, wireless attacks, network security. And tomorrow physical attacks, application security. And Keynote by Falcon Darkstar Momot

Discounted early bird registration for WOOT '25 is still open until Monday - www.usenix.org/conference/w... - join us in Seattle on Aug 11/12 (right before USENIX Security) for talks and discussions on great cutting-edge offensive security research. Full program at www.usenix.org/conference/w...

Planning to attend WOOT this year? (Seattle on Aug 11/12!) Bring demos or posters of your latest or upcoming offensive security work, or give a lightning talk! Submissions are open and very lightweight (just a couple of sentences will do) - details at www.usenix.org/conference/w...

Two winners of the RP2350 Hacking Challenge will present their results at WOOT! Muench et al. break its secure boot guarantees through voltage, electromagnetic, and laser fault injection 💥 techniques: www.usenix.org/conference/w...

The WOOT 2025 conference lineup is live! 👀 www.usenix.org/conference/w...

Want to go to WOOT and learn about the latest hardware & software attacks? Registrations are now open! If you can't afford traveling ✈️ to Seattle on your own and need financial support for a ticket, apply for a grant until July 7: www.usenix.org/conference/w...

Reviewer 2 just rejected your latest offensive security paper? Or didn't submit it anywhere yet? There's still more than a day left to (re)submit to USENIX WOOT '25 and get reviews from a community who will appreciate all those clever hacks, weird bugs 👾 and fun exploits! woot25.usenix.hotcrp.com

Reviewer 2 just rejected your latest offensive security paper? Or didn't submit it anywhere yet? There's still more than a day left to (re)submit to USENIX WOOT '25 and get reviews from a community who will appreciate all those clever hacks, weird bugs 👾 and fun exploits! woot25.usenix.hotcrp.com

Have some hackademic research you'd love to see published as a paper? Submit it to WOOT 📝 Looking forward to your submissions!

Deadline approaching soon, get your submissions ready!

Only a week and a half left for USENIX WOOT '25 conference submissions - deadline March 11 AoE. We’re looking forward to seeing even more of your amazing offensive security papers this year! And still a few days for up-and-coming track (March 4). CfP at www.usenix.org/conference/w...

USENIX WOOT '25 submissions are due March 11. One month to go - still plenty of time to write a paper about your latest fun offensive security research! Or if you want more guidance to get a paper into shape, up-and-coming track deadline is March 4. CfP at www.usenix.org/conference/w...