| WOOT '17 | unCaptcha: A Low-Resource Defeat of reCaptcha's Audio Challenge | Kevin Bock, Daven Patel, George Hughey, Dave Levin |
| WOOT '17 | Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System | Luca Reverberi, David Oswald |
| WOOT '17 | Exploitations of Uninitialized Uses on macOS Sierra | Zhenquan Xu, Gongshen Liu, Tielei Wang, Hao Xu |
| WOOT '17 | dr0wned – Cyber-Physical Attack with Additive Manufacturing | Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Jacob Gatlin, Yuval Elovici |
| WOOT '17 | Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing | |
| WOOT '17 | One Car, Two Frames: Attacks on Hitag-2 Remote Keyless Entry Systems Revisited | Ryad Benadjila, Mathieu Renard, José Lopes-Esteves, Chaouki Kasmi |
| WOOT '17 | POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection | James Patrick-Evans, Lorenzo Cavallaro, Johannes Kinder |
| WOOT '17 | Breaking and Fixing Gridcoin | Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk |
| WOOT '17 | Shattered Trust: When Replacement Smartphone Components Attack | Omer Shwartz, Amir Cohen, Asaf Shabtai, Yossi Oren |
| WOOT '17 | White-Stingray: Evaluating IMSI Catchers Detection Applications | Shinjo Park, Altaf Shaik, Ravishankar Borgaonkar, Andrew Martin, Jean-Pierre Seifert |
| WOOT '17 | Software Grand Exposure: SGX Cache Attacks Are Practical | Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, Ahmad-Reza Sadeghi |
| WOOT '17 | Stalling Live Migrations on the Cloud | Ahmed Atya, Azeem Aqil, Karim Khalil, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas F. La Porta |
| WOOT '17 | SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit | Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici |
| WOOT '17 | From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks | Anil Kurmus, Nikolas Ioannou, Matthias Neugschwandtner, Nikolaos Papandreou, Thomas Parnell |
| WOOT '17 | One Side-Channel to Bring Them All and in the Darkness Bind Them: Associating Isolated Browsing Sessions | Tom Van Goethem, Wouter Joosen |
| WOOT '17 | Adversarial Example Defense: Ensembles of Weak Defenses are not Strong | Warren He, James Wei, Xinyun Chen, Nicholas Carlini, Dawn Song |
| WOOT '17 | BADFET: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection | Ang Cui, Rick Housley |
| WOOT '16 | Acceleration Attacks on PBKDF2: Or, What Is inside the Black-Box of oclHashcat? | Andrew Ruddick, Jeff Yan |
| WOOT '16 | Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS | Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic |
| WOOT '16 | Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness | David Rupprecht, Kai Jansen, Christina Pöpper |
| WOOT '16 | Eavesdropping One-Time Tokens Over Magnetic Secure Transmission in Samsung Pay | Daeseon Choi, Younho Lee |
| WOOT '16 | How to Phone Home with Someone Else’s Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors | Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz, Yossi Oren |
| WOOT '16 | Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic | Brendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan Xu, John Qian |
| WOOT '16 | Hardware-Assisted Rootkits: Abusing Performance Counters on the ARM and x86 Architectures | Matt Spisak |
| WOOT '16 | AVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing | Jeremy Blackthorne, Alexei Bulazel, Andrew Fasano, Patrick Biernat, Bülent Yener |
