Computer security exposes the differences between the actual mechanisms of everyday trusted technologies and their models used by developers, architects, academic researchers, owners, operators, and end users. While being inherently focused on practice, security also poses questions such as "what kind of computations trusted systems are and aren't capable of?," which harken back to fundamentals of computability. State-of-the-art offense explores these questions pragmatically, gathering material for generalizations that lead to better models and more trustworthy systems.

WOOT provides a forum for high-quality, peer-reviewed work discussing tools and techniques for attack. Submissions should reflect the state of the art in offensive computer security technology, exposing poorly understood mechanisms, presenting novel attacks, or surveying the state of offensive operations at scale.

WOOT '16 accepts papers in both an academic security context and more applied work that informs the field about the state of security practice in offensive techniques. The goal for these submissions is to produce published works that will guide future work in the field. Submissions will be peer reviewed and shepherded as appropriate.

Submission topics include but are not limited to:

Vulnerability research
Offensive applications of formal methods (solvers, symbolic execution)
Practical attacks on deployed cryptographic systems and kleptography
Offensive aspects of mobile security (including location, payments, and RF)
Attacks on content protection and DRM
Hardware attacks and attacks on the "Internet of Things"
Internet-scale network reconnaissance
Application security (web frameworks, distributed databases, multi-factor authentication)
Malware design, implementation and analysis
Vulnerabilities in browser and client-side security (runtimes, JITs, sandboxing)
Mass surveillance and attacks against privacy