| Basilisk: Remote Code Execution by Laser Excitation of P–N Junctions Without Insider Assistance | WOOT '24 | Joe Loughry, Kasper Rasmussen |
| Exploiting Android’s Hardened Memory Allocator | WOOT '24 | Philipp Mao, Elias Valentin Boschung, Marcel Busch, Mathias Payer |
| RIPencapsulation: Defeating IP Encapsulation on TI MSP Devices | WOOT '24 | Prakhar Sah, Matthew Hicks |
| Oh No, My RAN! Breaking Into an O-RAN 5G Indoor Base Station | WOOT '24 | Leon Janzen, Lucas Becker, Colin Wiesenäcker, Matthias Hollick |
| The Power of Words: Generating PowerShell Attacks from Natural Language | WOOT '24 | Pietro Liguori, Christian Marescalco, Roberto Natella, Vittorio Orbinato, Luciano Pianese |
| WhatsApp with privacy? Privacy issues with IM E2EE in the Multi-device setting | WOOT '24 | Tal A. Be'ery |
| MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles | WOOT '24 | Maryam Motallebighomi, Earlence Fernandes, Aanjhan Ranganathan |
| SoK: Where’s the “up”?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems | WOOT '24 | Xi Tan, Zheyuan Ma, Sandro Pinto, Le Guan, Ning Zhang, Jun Xu, Zhiqiang Lin, Hongxin Hu, Ziming Zhao |
| Engineering a backdoored bitcoin wallet | WOOT '24 | Adam Scott, Sean Andersen |
| SOK: 3D Printer Firmware Attacks on Fused Filament Fabrication | WOOT '24 | Muhammad Haris Rais, Muhammad Ahsan, Irfan Ahmed |
| SoK: On the Effectiveness of Control-Flow Integrity in Practice | WOOT '24 | Lucas Becker, Matthias Hollick, Jiska Classen |
| Amplifying Threats: The Role of Multi-Sender Coordination in SMS-Timing-Based Location Inference Attacks | WOOT '24 | Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, Aanjhan Ranganathan |
| Achilles Heel in Secure Boot: Breaking RSA Authentication and Bitstream Recovery from Zynq-7000 SoC | WOOT '24 | Prasanna Ravi, Arpan Jati, Shivam Bhasin |
| Lessons Learned from the Embedded Capture-the-Flag (eCTF) competitions | WOOT '24 | |
| AI Cyber Challenge | WOOT '24 | |
| Beyond the Office Walls: Understanding Security and Shadow Security Behaviours in a Remote Work Context | SOUPS 2024 | Sarah Alromaih, Ivan Flechais, George Chalhoub |
| "I would not install an app with this label": Privacy Label Impact on Risk Perception and Willingness to Install iOS Apps | SOUPS 2024 | David G. Balash, Mir Masood Ali, Chris Kanich, Adam J. Aviv |
| Digital Nudges for Access Reviews: Guiding Deciders to Revoke Excessive Authorizations | SOUPS 2024 | Thomas Baumer, Tobias Reittinger, Sascha Kern, Günther Pernul |
| "It was honestly just gambling": Investigating the Experiences of Teenage Cryptocurrency Users on Reddit | SOUPS 2024 | Elijah Bouma-Sims, Hiba Hassan, Alexandra Nisenoff, Lorrie Faith Cranor, Nicolas Christin |
| "Violation of my body:" Perceptions of AI-generated non-consensual (intimate) imagery | SOUPS 2024 | Natalie Grace Brigham, Miranda Wei, Tadayoshi Kohno, Elissa M. Redmiles |
| What Motivates and Discourages Employees in Phishing Interventions: An Exploration of Expectancy-Value Theory | SOUPS 2024 | Xiaowei Chen, Sophie Doublet, Anastasia Sergeeva, Gabriele Lenzini, Vincent Koenig, Verena Distler |
| Write, Read, or Fix? Exploring Alternative Methods for Secure Development Studies | SOUPS 2024 | Kelsey R. Fulton, Joseph Lewis, Nathan Malkin, Michelle L. Mazurek |
| "Say I'm in public...I don't want my nudes to pop up." User Threat Models for Using Vault Applications | SOUPS 2024 | Chris Geeng, Natalie Chen, Kieron Ivy Turk, Jevan Hutson, Damon McCoy |
| Of Mothers and Managers – The Effect of Videos Depicting Gender Stereotypes on Women and Men in the Security and Privacy Field | SOUPS 2024 | Nina Gerber, Alina Stöver, Peter Mayer |
| Privacy Requirements and Realities of Digital Public Goods | SOUPS 2024 | Geetika Gopi, Aadyaa Maddi, Omkhar Arasaratnam, Giulia Fanti |