ShiftLeft to Present at No Hat Conference 2021
17.11.2021 11:00:00 EET | Business Wire | Press release
ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit: https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Contact information
PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
EVE Energy Showcases All-Scenario Energy Storage Solutions at The Smarter E Europe 20261.7.2026 04:45:00 EEST | Press release
EVE Energy unveiled its Mr. Big Family series, a 6.9+ MWh energy storage system, and all-scenario energy storage solutions at Intersolar Europe in Munich. Drawing on traceable large-cell technology, proven large-scale energy storage project delivery experience, and global delivery capabilities, the company is addressing Europe's diverse energy storage requirements across utility-scale, commercial & industrial (C&I ), and data center segments. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260630889717/en/ EVE Energy showcases its Mr. Giant 3.0 6.9+ MWh energy storage system at The Smarter E Europe 2026 in Munich, Germany Advancing Large-Cell Technology with Global Project Validation As one of the first companies to focus on large-capacity energy storage cells, EVE Energy has iteratively upgraded its cell platform from 560 Ah and 628 Ah to 702 Ah, adhering to a stacking process route throughout. At the exhibition, the Mr. Gia
Bending Spoons S.p.A. announces pricing of initial public offering1.7.2026 02:56:00 EEST | Press release
Bending Spoons S.p.A. (“Bending Spoons”), a leading technology company, today announces the pricing of its initial public offering (“IPO”) at $29.00 per share. A total of 57,971,015 ordinary shares are being offered, of which 34,398,640 shares are being offered by Bending Spoons and 23,572,375 shares are being offered by certain selling shareholders (the “Selling Shareholders”). Bending Spoons will not receive any proceeds from any sale of shares by the Selling Shareholders. The shares are expected to begin trading on the Nasdaq Global Select Market under the ticker symbol “BSP” on July 1, 2026. The offering is expected to close on July 2, 2026, subject to customary closing conditions. In addition, Bending Spoons and the Selling Shareholders granted the underwriters an option to purchase up to an additional 5,244,026 ordinary shares from Bending Spoons and up to an additional 3,451,626 ordinary shares from the Selling Shareholders at the initial public offering price, less underwriting
FDA Issues Modified Risk Tobacco Product Orders for 20 ZYN Nicotine Pouch Products30.6.2026 19:19:00 EEST | Press release
Philip Morris International Inc. (PMI) (NYSE: PM) today announced that the U.S. Food and Drug Administration (FDA) issued Modified Risk Tobacco Product (MRTP) orders for 20 variants of ZYN nicotine pouch products. These are the first MRTP orders granted for nicotine pouches, allowing PMI U.S. to market the following claim for the authorized ZYN products: “Using ZYN instead of cigarettes puts you at a lower risk of mouth cancer, heart disease, lung cancer, stroke, emphysema, and chronic bronchitis.” “FDA’s decision is an important moment for the more than 45 million legal-age nicotine consumers in America,” saidStacey Kennedy, PMI U.S. CEO. “Today’s news ensures these adultshave access to accurate, science-based information, including FDA-authorized evidence that switching from cigarettes to ZYN reduces the risk of smoking-related diseases like heart disease and lung cancer,” she added. “More broadly, it reinforces the agency’s science-based approach to evaluating products across the co
Caidya Announces Strategic Combination with Simbec-Orion Bridging Early Scientific Insight and Global Clinical Execution30.6.2026 18:00:00 EEST | Press release
Caidya today announced a strategic combination with Simbec-Orion designed to close the divide between early scientific insight and global clinical execution. The combination of Caidya and Simbec-Orion creates a differentiated specialty clinical CRO platform that enables programs to scale, maintaining focus, speed, and accountability. The strategic combination brings together complementary strengths to create a more complete development partner for innovative biopharma companies. With established operations across Europe, the Americas, APAC, and China, the combined organization provides meaningful expertise and execution capabilities in the regions that matter most. Simbec-Orion brings early-phase clinical pharmacology capabilities alongside deep therapeutic expertise for later stage complex oncology and rare disease trials, helping sponsors shape critical decisions early in the development lifecycle. Together, the organizations strengthen their ability to support complex, cross-border
Archer® Proves Purpose-Built AI Beats General-Purpose LLMs on Regulatory Change Management: 95% Verified Accuracy, 80x Faster, 92% Lower Cost30.6.2026 17:13:00 EEST | Press release
For enterprises deploying AI in compliance, a wrong date is a missed deadline. The more dangerous failure is a wrong answer the model returns with high confidence, one that flows silently into a compliance calendar and is only discovered after the window has passed. Archer® today released results showing purpose-built AI beats a general-purpose large language model (LLM) on regulatory work, and it’s not close. This head-to-head test compared Archer’s purpose-built, vertical-specific AI and proprietary data sets against a leading general-purpose LLM, on a core compliance task: determining the publication, effective and comment-close dates of regulatory documents across six jurisdictions. General-purpose models are a genuine breakthrough, and this is no referendum on their quality. The question Archer set out to answer is narrower and more practical: what it takes to make a specific, high-stakes determination reliable, fast and affordable at scale. A vertical, domain-focused process, gro
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
