11. WOOT @ USENIX Security Symposium 2017: Vancouver, BC, Canada
- William Enck, Collin Mulliner:
11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, August 14-15, 2017. USENIX Association 2017
Below the Hardware
- Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Jacob Gatlin, Yuval Elovici:
dr0wned - Cyber-Physical Attack with Additive Manufacturing. - Ang Cui, Rick Housley:
BADFET: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection. - Anil Kurmus, Nikolas Ioannou, Nikolaos Papandreou, Thomas P. Parnell:
From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks.
Web of Failures
- Tommi Unruh, Bhargava Shastry, Malte Skoruppa, Federico Maggi, Konrad Rieck, Jean-Pierre Seifert, Fabian Yamaguchi:
Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery. - Tom van Goethem, Wouter Joosen:
One Side-Channel to Bring Them All and in the Darkness Bind Them: Associating Isolated Browsing Sessions. - Kevin Bock, Daven Patel, George Hughey, Dave Levin:
unCaptcha: A Low-Resource Defeat of reCaptcha's Audio Challenge.
Vulnerabilities Be Here
- James Patrick-Evans, Lorenzo Cavallaro, Johannes Kinder:
POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection. - Zhenquan Xu, Gongshen Liu, Tielei Wang, Hao Xu:
Exploitations of Uninitialized Uses on macOS Sierra. - Bhargava Shastry, Federico Maggi, Fabian Yamaguchi, Konrad Rieck, Jean-Pierre Seifert:
Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing.
Above the Cloud
- Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, Ahmad-Reza Sadeghi:
Software Grand Exposure: SGX Cache Attacks Are Practical. - Ahmed Atya, Azeem Aqil, Karim Khalil, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas F. La Porta:
Stalling Live Migrations on the Cloud.
Cat and Mouse
- Mordechai Guri, Yosef A. Solewicz, Andrey Daidakulov, Yuval Elovici:
SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit. - Warren He, James Wei, Xinyun Chen, Nicholas Carlini, Dawn Song:
Adversarial Example Defense: Ensembles of Weak Defenses are not Strong. - Patrick Hulin, Andy Davis, Rahul Sridhar, Andrew Fasano, Cody Gallagher, Aaron Sedlacek, Tim Leek, Brendan Dolan-Gavitt:
AutoCTF: Creating Diverse Pwnables via Automated Bug Injection.
Embedded (In)security
- Johannes Obermaier, Stefan Tatschner:
Shedding too much Light on a Microcontroller's Firmware Protection. - Luca Reverberi, David Oswald:
Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System. - Ryad Benadjila, Mathieu Renard, José Lopes-Esteves, Chaouki Kasmi:
One Car, Two Frames: Attacks on Hitag-2 Remote Keyless Entry Systems Revisited.
Bad Phones Bad Phones ...
- Omer Shwartz, Amir Cohen, Asaf Shabtai, Yossi Oren:
Shattered Trust: When Replacement Smartphone Components Attack. - Shinjo Park, Altaf Shaik, Ravishankar Borgaonkar, Andrew Martin, Jean-Pierre Seifert:
White-Stingray: Evaluating IMSI Catchers Detection Applications.