WOOT '18 Call for Papers

The 12th Workshop on Offensive Technologies (WOOT '18) will take place August 13–14, 2018, and will be co-located with the 27th USENIX Security Symposium in Baltimore, MD, USA.

Sponsored by USENIX, the Advanced Computing Systems Association

Important Dates

All dates are at 23:59 AoE (Anywhere on Earth) time.

  • Paper submissions due: Wednesday, May 30, 2018
  • Notification to authors: Tuesday, June 26, 2018
  • Final papers files due: Tuesday, July 24, 2018

Workshop Organizers

Program Co-Chairs

Christian Rossow, CISPA
Yves Younan, Cisco Talos

Program Committee

David Adrian, University of Michigan
Dennis Andriesse, VU Amsterdam
Neil Archibald, Azimuth Security
Elias Athanasopoulos, University of Cyprus
Lorenzo Cavallaro, Royal Holloway, University of London
Sophia D'Antoine, Trail of Bits
Manuel Egele, Boston University
William Enck, North Carolina State University
Donato Ferrante, NCC Group
Aurélien Francillon, EURECOM
Yanick Fratantonio, EURECOM
Daniel Gruss, TU Graz
Mario Heiderich, Cure53
Rich Johnson, Cisco Talos
Alexandros Kapravelos, North Carolina State University
Vasileios Kemerlis, Brown University
Tim Kornau, Google
Per Larsen, UC Irvine and Immunant
Christopher Liebchen, TU Darmstadt
Martina Lindorfer, UC Santa Barbara
Clémentine Maurice, CNRS, IRISA
Matt Miller, Microsoft
HD Moore, Atredis Partners
Collin Mulliner, 3BLabs
Dmitry Nedospasov, Toothless Consulting, Inc.
Mathias Payer, Purdue University
Giancarlo Pellegrino, Stanford University, CISPA
Natalie Silvanovich, Google
Matthew Van Gundy, Cisco ASIG
Ilja Van Sprundel, IOActive
Julien Vanegue, Bloomberg LP and Cornell University
Mathy Vanhoef, KU Leuven
Ralf-Philipp Weinmann, Comsecuris
Georg Wicherski, CrowdStrike
Glenn Wurster, BlackBerry
Sarah Zennou, Airbus

Steering Committee

Dan Boneh, Stanford University
Aurélien Francillon, EURECOM
Casey Henderson, USENIX Association
Collin Mulliner, 3BLabs
Niels Provos, Google


The USENIX Workshop on Offensive Technologies (WOOT) aims to present a broad picture of offense and its contributions, bringing together researchers and practitioners in all areas of computer security. Offensive security has changed from a hobby to an industry. No longer an exercise for isolated enthusiasts, offensive security is today a large-scale operation managed by organized, capitalized actors. Meanwhile, the landscape has shifted: software used by millions is built by startups less than a year old, delivered on mobile phones and surveilled by national signals intelligence agencies. In the field's infancy, offensive security research was conducted separately by industry, independent hackers, or in academia. Collaboration between these groups could be difficult. Since 2007, the USENIX Workshop on Offensive Technologies (WOOT) has aimed to bring those communities together.

Symposium Topics

Computer security exposes the differences between the actual mechanisms of everyday trusted technologies and their models used by developers, architects, academic researchers, owners, operators, and end users. While being inherently focused on practice, security also poses questions such as "what kind of computations are and aren't trusted systems capable of?" which harken back to fundamentals of computability. State-of-the-art offense explores these questions pragmatically, gathering material for generalizations that lead to better models and more trustworthy systems.

WOOT provides a forum for high-quality, peer-reviewed work discussing tools and techniques for attack. Submissions should reflect the state of the art in offensive computer security technology, exposing poorly understood mechanisms, presenting novel attacks, or surveying the state of offensive operations at scale. WOOT '18 accepts papers in both an academic security context and more applied work that informs the field about the state of security practice in offensive techniques. The goal for these submissions is to produce published works that will guide future work in the field. Submissions will be peer reviewed and shepherded as appropriate.

Submission topics include but are not limited to:

  • Application security and vulnerability research
  • Attacks against privacy
  • Attacks on virtualization and the cloud
  • Browser and general client-side security (runtimes, JITs, sandboxing)
  • Hardware attacks
  • Internet of Things
  • Malware design, implementation and analysis
  • Network and distributed systems attacks
  • Offensive applications of formal methods (solvers, symbolic execution)
  • Offensive aspects of mobile security
  • Offensive technologies using (or against) machine learning
  • Operating systems security
  • Practical attacks on deployed cryptographic systems (cryptanalysis, side channels)

Workshop Format

The presenters will be authors of accepted papers. There will also be a keynote speaker and a selection of invited speakers. WOOT '18 will feature a Best Paper Award and a Best Student Paper Award.

Regular Submission

WOOT 18 welcomes submissions without restrictions of formatting (see below) or origin. Submissions from academia, independent researchers, students, hackers, and industry are welcome. Are you planning to give a cool talk at Black Hat in August? Got something interesting planned for other non-academic venues later this year? This is exactly the type of work we'd like to see at WOOT '18. Please submit—it will also give you a chance to have your work reviewed and to receive suggestions and comments from some of the best researchers in the world. More formal academic offensive security papers are also very welcome.

Systemization of Knowledge

Continuing the tradition of past years, WOOT '18 will be accepting "Systematization of Knowledge" (SoK) papers. The goal of an SoK paper is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will prove highly valuable to our community but would not be accepted as refereed papers because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Be sure to select "Systematization of Knowledge paper" in the submissions system to distinguish it from other paper submissions.


Papers must be received on Wednesday, May 30, 2018, AoE.

What to Submit

Submissions must be in PDF format. Papers should be succinct but thorough in presenting the work. The contribution needs to be well motivated, clearly exposed, and compared to the state of the art. Typical research papers are at least 4 pages, and maximum 10 pages long (not counting bibliography and appendix). Yet, papers whose lengths are incommensurate with their contributions will be rejected.

The submission should be formatted in 2-columns, using 10-point Times Roman type on 12-point leading, in a text block of 6.5” x 9”. Please number the pages. We encourage authors to use the USENIX Templates for Conference Papers.

Submissions are double blind: submissions should be anonymized and avoid obvious self-references. Submit papers using the submission form.

Authors of accepted papers will have to provide a paper for the proceedings following the above guidelines. A shepherd may be assigned to ensure the quality of the proceedings version of the paper. All accepted papers will be available online to registered attendees prior to the workshop and will be available online to everyone beginning on the first day of the workshop. If your paper should not be published prior to the event, please notify production@usenix.org. Submissions accompanied by non-disclosure agreement forms will not be considered. Accepted submissions will be treated as confidential prior to publication on the WOOT '18 website; rejected submissions will be permanently treated as confidential.

Policies and Contact Information

Simultaneous submission of the same work to multiple competing academic venues, submission of previously published work without substantial novel contributions, or plagiarism constitutes dishonesty or fraud. USENIX, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. See the USENIX Conference Submissions Policy at for details.

Note: Work presented at industry conferences, such as Black Hat, is not considered to have been "previously published" for the purposes of WOOT '18. We strongly encourage the submission of such work to WOOT '18, particularly work that is well suited to a more formal and complete treatment in a published, peer-reviewed setting. In your submission, please do note any previous presentations of the work. Authors uncertain whether their submission meets USENIX's guidelines should contact the program co-chairs, woot18chairs@usenix.org, or the USENIX office, submissionspolicy@usenix.org.

Registration for Authors

At least one author per paper has to register and and be on site to present the paper. One author per paper will receive a discount on registration. If the registration fee poses a significant hardship for the presenting author, contact conference@usenix.org.