| Mouse Trap: Exploiting Firmware Updates in USB Peripherals | WOOT '14 | Jacob Maskiewicz, Benjamin Ellis, James Mouradian, Hovav Shacham |
| Zippier ZMap: Internet-Wide Scanning at 10 Gbps | WOOT '14 | David Adrian, Zakir Durumeric, Gulshan Singh, J. Alex Halderman |
| Through the Looking-Glass, and What Eve Found There | WOOT '14 | Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurélien Francillon |
| Automated Reverse Engineering using Lego® | WOOT '14 | Georg Chalupar, Stefan Peherstorfer, Erik Poll, Joeri de Ruiter |
| Printed Circuit Board Deconstruction Techniques | WOOT '14 | Joe Grand |
| Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation | WOOT '14 | Rijnard van Tonder, Herman Engelbrecht |
| IPv6 Security: Attacks and Countermeasures in a Nutshell | WOOT '14 | Johanna Ullrich, Katharina Krombholz, Heidelinde Hobel, Adrian Dabrowski, Edgar Weippl |
| Clickjacking Revisited: A Perceptual View of UI Security | WOOT '14 | Devdatta Akhawe, Warren He, Zhiwei Li, Reza Moazzezi, Dawn Song |
| The End is Nigh: Generic Solving of Text-based CAPTCHAs | WOOT '14 | Elie Bursztein, Jonathan Aigrain, Angelika Moscicki, John C. Mitchell |
| Tick Tock: Building Browser Red Pills from Timing Side Channels | WOOT '14 | Grant Ho, Dan Boneh, Lucas Ballard, Niels Provos |
| Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks | WOOT '14 | Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz |
 | Static Detection of Second-Order Vulnerabilities in Web Applications | USENIX Security '14 | Johannes Dahse, Thorsten Holz |
| Brahmastra: Driving Apps to Test the Security of Third-Party Components | USENIX Security '14 | Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, David Wetherall |
| Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks | USENIX Security '14 | Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao |
| Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens | USENIX Security '14 | Daniel Demmler, Thomas Schneider, Michael Zohner |
| ZØ: An Optimizing Distributing Zero-Knowledge Compiler | USENIX Security '14 | Matthew Fredrikson, Benjamin Livshits |
| ASM: A Programmable Interface for Extending Android Security | USENIX Security '14 | Stephan Heuser, Adwait Nadkarni, William Enck, Ahmad-Reza Sadeghi |
| JIGSAW: Protecting Resource Access by Inferring Programmer Expectations | USENIX Security '14 | Hayawardh Vijayakumar, Xinyang Ge, Mathias Payer, Trent Jaeger |
| Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM | USENIX Security '14 | Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike |
| SDDR: Light-Weight, Secure Mobile Encounters | USENIX Security '14 | Matthew Lentz, Viktor Erdélyi, Paarijaat Aditya, Elaine Shi, Peter Druschel, Bobby Bhattacharjee |
| ret2dir: Rethinking Kernel Isolation | USENIX Security '14 | Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis |
| BYTEWEIGHT: Learning to Recognize Functions in Binary Code | USENIX Security '14 | Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, David Brumley |
| Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture | USENIX Security '14 | Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza |
| Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns | USENIX Security '14 | Jonathan Dautrich, Emil Stefanov, Elaine Shi |
| FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack | USENIX Security '14 | Yuval Yarom, Katrina Falkner |
