Business Wire

ShiftLeft to Present at No Hat Conference 2021

17.11.2021 11:00:00 EET | Business Wire | Press release

Share

ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.

Event Details:

Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy

For more information, visit: https://www.nohat.it/program

Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code

Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.

Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.

In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.

About Fabian Yamaguchi

Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.

About Claudiu-Vlad Ursache

Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.

About ShiftLeft

ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Kioxia and Sandisk Begin Production of 10th-Generation 3D Flash Memory Products at Kitakami Plant Fab23.7.2026 13:19:00 EEST | Press release

Kioxia Corporation, a subsidiary of Kioxia Holdings Corporation (TOKYO: 285A) and Sandisk Corporation (Nasdaq: SNDK) today announced the start of production for their 10th-generation 3D Flash memory technology at Fab2 (K2) at the Kitakami Plant in Iwate Prefecture in Japan. The milestone comes as the companies continue to drive meaningful, multi-year bit growth to address the strong demand for their innovative flash memory technology. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260702296115/en/ Unveiling ceremony for the K2 facility In conjunction with the start of production, the companies held an unveiling ceremony for the K2 facility. Opening in September 2025, the facility has produced the companies’ 8th-generation 3D flash memory products and will begin to scale production with the introduction of their 10th-generation products. Both generations of 3D flash memory adopt innovative CBA (CMOS directly Bonded to Array)

VeriSilicon Introduces CPP2000 Camera Post-Processing IP for Embodied Robotics and Mobile Vision Applications3.7.2026 13:02:00 EEST | Press release

VeriSilicon (688521.SH) today announced its high-performance CPP2000 Camera Post-Processing (CPP) IP, expanding the company’s Image Signal Processing (ISP) solutions with advanced post-processing capabilities. By improving image quality and visual perception in mobile imaging scenarios, CPP2000 enables more reliable vision performance in robotics, drones, and other mobile vision applications. CPP2000 integrates multiple image processing technologies and can further optimize YUV images output from image signal processors. The IP supports image and video processing at up to 8K resolution and offers multiple hardware configuration options to meet diverse requirements in Power, Performance, Area (PPA), and latency across different applications. CPP2000 leverages the combined operation of multiple image processing technologies, including motion-compensated temporal filtering, advanced spatial noise reduction, chroma adjustment and dynamic contrast improvement, and edge enhancement. Together

Messer Acquires Singapore-Based Industrial Gas Platform; Japan Corporate Advisory Institute Advises Sellers3.7.2026 12:11:00 EEST | Press release

Messer, the world’s largest privately held specialist for industrial, medical, electronic and specialty gases, has acquired WKS Group, a Singapore-based industrial gas platform with operations across Singapore and southern Malaysia. Transaction terms were not disclosed. Messer reported consolidated sales of approximately EUR 4.5 billion for its 2025 financial year. Founded in Singapore in 1977, WKS Group comprises six companies and employs approximately 195 people across Singapore and southern Malaysia. The acquisition expands Messer’s operating footprint in Southeast Asia and strengthens its access to key industrial clusters across the region. “We are pleased to have completed this transaction with Messer, whose strategic vision makes them an excellent partner for WKS Group,” said Mr. Wong Koh Hoi, shareholder of WKS Group. “We appreciate JCAI’s professionalism and dedication throughout the process, and their expertise was instrumental in achieving a successful outcome.” Japan Corpora

Access Advance Welcomes Meta Platforms, Inc. and Alibaba Group to the Video Distribution Patent Pool3.7.2026 02:00:00 EEST | Press release

Access Advance LLC today announced that Meta Platforms, Inc., one of the world's largest distributors of video content across its Facebook, Instagram, Threads, and WhatsApp services, has joined the Video Distribution Patent Pool (VDP Pool) as a Licensee. Meta also joined both the HEVC Advance and VVC Advance pools as a Licensee. Alibaba Group, whose video infrastructure spans a wide range of video-based services across e-commerce, entertainment, and digital media platforms, was also announced as a VDP Pool Licensee this week. Meta and Alibaba joining the VDP Pool further reinforces the program’s market leading position in resolving the licensing issues around the use of modern video codecs, including VP9, AV1, HEVC and VVC, across all the diverse business models of internet video streaming. "A significant U.S.-based company like Meta joining as a Licensee is a milestone moment for the content distribution business and the VDP Pool," said Peter Moller, CEO of Access Advance. "Meta reach

Kioxia Commences Sample Shipments of 10th-Generation BiCS FLASH™ Devices Delivering High Performance, High Capacity and Low Power Consumption3.7.2026 02:00:00 EEST | Press release

Kioxia Corporation, a world leader in memory solutions, today announced that it has commenced sample shipments of 1Tb (terabit) Triple-Level-Cell (TLC) memory devices utilizing its 10th-generation BiCS FLASH™ 3D flash memory technology.1 These will be primarily integrated into the company’s enterprise and data center SSDs, strengthening Kioxia’s lineup to meet the growing demand for AI storage, which requires higher performance, higher capacity, and lower power consumption. These new products will be manufactured using state-of-the-art equipment at Kioxia’s Kitakami Plant Fab2 facility in Iwate Prefecture, Japan. By leveraging innovative CMOS directly Bonded to Array (CBA) technology2 and On-Pitch Select Gate Drain (OPS) technology,3 both adopted since the 8th-generation BiCS FLASH™, the 10th-generation technology achieves a NAND interface speed of 4.8 Gb/s,4 a 33% improvement over the 8th generation. Bit density has increased by 59% by stacking 332 layers and improving lateral density

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye