Business Wire

ShiftLeft to Present at No Hat Conference 2021

17.11.2021 11:00:00 EET | Business Wire | Press release

Share

ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.

Event Details:

Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy

For more information, visit: https://www.nohat.it/program

Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code

Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.

Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.

In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.

About Fabian Yamaguchi

Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.

About Claudiu-Vlad Ursache

Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.

About ShiftLeft

ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

HY10 Selected Among the First Participants for Visa’s Infinite Private Program14.7.2026 22:46:00 EEST | Press release

HY10, the first financial and lifestyle platform built for globally mobile ultra and high-net-worth individuals, today announced it is among the first businesses selected to participate in Visa's Infinite Private program. Unveiled at the Visa Payments Forum (VPF) in Paris, the launch brings together unlimited-spend payment cards, concierge and lifestyle services into a single integrated platform, powered by Visa's trusted global payments network. The announcement comes as more than 2,000 leaders from banks, fintechs and payment providers gather at Visa Payments Forum to explore the future of commerce and premium financial services. HY10's participation underscores its position at the forefront of premium financial experiences for globally mobile entrepreneurs, investors and families. "Private banking hasn't fundamentally evolved for decades," said Erekle Tokhosashvili, Co-Founder of HY10. "The world's wealthiest individuals are still forced to piece together multiple providers for bank

L&T Technology Services Partners with Anthropic to Deliver AI-Powered Engineering Intelligence for Products and Manufacturing14.7.2026 18:28:00 EEST | Press release

L&T Technology Services Limited (BSE: 540115, NSE: LTTS), a global leader in Engineering Intelligence Solutions & ER&D Consulting Services, today announced a partnership with Anthropic to accelerate Engineering Intelligence by integrating Claude models across engineering processes and LTTS’ AI-powered platforms. The collaboration will help LTTS’ enterprise clients redesign how products and software are developed, enabling faster innovation and improved outcomes at scale. Leveraging Claude across the engineering lifecycle and uniting deep engineering expertise, advanced AI and domain knowledge, LTTS’ Engineering Intelligence discipline will enable clients to create greater value. Rather than automating individual tasks, it enables teams to make faster decisions, streamline workflows and continuously improve how products, manufacturing plants and industrial systems are designed, built and maintained. By integrating Claude models into its platforms including AgenticIQ, PlxAI, Ainfonix™, A

Presidio Investors Announces Sale of ElevATE Semiconductor to Diodes Incorporated14.7.2026 17:56:00 EEST | Press release

Presidio Investors (“Presidio”), a lower middle market private equity firm, today announced that it has entered into a definitive agreement to sell ElevATE Semiconductor, Inc. (“ElevATE”) to Diodes Incorporated (Nasdaq: DIOD) in an all-cash transaction valued at $250 million. ElevATE, headquartered in San Diego, California, is a leading fabless designer of low-power, high-density integrated circuits for the automated test equipment (ATE) industry. The sale marks the successful realization of Presidio’s first continuation fund, which was formed in 2023 to extend the firm’s partnership with ElevATE and support the company’s next phase of growth. The acquisition of ElevATE by a leading global semiconductor company validates the strategy behind the continuation vehicle and delivers a strong outcome for the company, its employees, and Presidio’s investors. Presidio first invested in ElevATE in 2018, when the company was a small, founder-led team of analog chip designers serving the ATE mark

Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition to make EAA AirVenture show debut14.7.2026 17:30:00 EEST | Press release

Textron Aviation Inc., a Textron Inc. (NYSE:TXT) company, today announced the Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition are heading to the 2026 Experimental Aircraft Association (EAA) AirVenture in Oshkosh, Wisconsin. Both aircraft will be on display for the first time at the show alongside a broad lineup of Cessna and Beechcraft aircraft. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260714774354/en/ Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition to make EAA AirVenture show debut “EAA AirVenture is one of the most important opportunities each year for us to connect with customers and the broader aviation community,” said Lannie O’Bannion, senior vice president, Sales & Marketing. “Being on the ground in Oshkosh allows us to showcase the breadth of our portfolio. Events like AirVenture also give us valuable face-to-face time to better understand how our customers operate and

Clearlake Capital Announces Partnership with Databricks to Advance AI-Enabled Investing and Portfolio Value Creation14.7.2026 17:00:00 EEST | Press release

Clearlake Capital Group, L.P. ("Clearlake"), a global investment firm managing integrated platforms spanning private equity, liquid and private credit, and other related strategies, today announced a partnership with Databricks, the Data and AI company, and West Monroe, a global business and technology consulting firm, to accelerate Clearlake’s portfolio companies’ adoption of data, analytics, and AI capabilities. Through the collaboration, Clearlake aims to connect investment, operational, financial, and portfolio data in a secure and scalable environment that accelerates enterprise-wide adoption of AI, drives productivity, and delivers measurable outcomes across the investment lifecycle from deal origination and due diligence to portfolio monitoring and value creation. By pairing cutting-edge technology with deep operational support, the partnership endeavors to help Clearlake’s portfolio companies stay ahead of industry disruption and build durable competitive advantage. “Data and A

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye