ShiftLeft to Present at No Hat Conference 2021
17.11.2021 11:00:00 EET | Business Wire | Press release
ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit: https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Contact information
PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Takeda’s Zasocitinib Demonstrates Consistent, High Rates of Skin Clearance Across the Body, Including Hard-to-Treat and High-Impact Sites, in Phase 3 Psoriasis Studies17.7.2026 01:00:00 EEST | Press release
Takeda (TSE:4502/NYSE:TAK) announced new data from the two pivotal Phase 3 studies of zasocitinib (TAK-279), a next-generation, highly selective and potent oral tyrosine kinase 2 (TYK2) inhibitor, in adults with moderate-to-severe plaque psoriasis (PsO).1 Presented at the 2026 American Academy of Dermatology (AAD) Innovation Academy, these secondary endpoint data show that zasocitinib demonstrated consistent and high rates of skin clearance across hard-to-treat, high-impact sites, including the scalp, nails, palms and soles, compared with placebo.1-5 These data build on the topline results from the Phase 3 randomized, multicenter, double-blind, placebo- and active comparator-controlled LATITUDE PsO 3001 and 3002 studies.2,6 In those studies, about 70% of patients treated with zasocitinib achieved static Physician Global Assessment (sPGA) 0/1 (clear or almost clear skin) at week 16, with a significantly greater Psoriasis Area and Severity Index (PASI) 75 response rate seen as early as w
Merz Completes Inaugural €450 Million Schuldschein Loan Issuance17.7.2026 00:36:00 EEST | Press release
The Merz Group has successfully completed its first-ever Schuldschein loan issuance, placing a total volume of €450 million in the debt capital market – a multiple of three relating to the launch volume. The debut transaction was significantly oversubscribed and attracted strong interest from all investor groups. The proceeds were settled and paid out today. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260716926041/en/ Dr. Almuth Steinkühler, Chief Financial Officer Merz Group The transaction comprises both fixed- and floating-rate tranches with maturities of three, five, seven, and ten years. Around 50 German and international investors participated, representing a broad range of institutions, including private banks, German federal state-owned banks, public savings banks, cooperative banks, pension funds and occupational pension institutions. With the successful placement, Merz has further diversified its funding base by
The Estée Lauder Companies Appoints Madeleine Boyd as Senior Vice President, Global Brand Communications16.7.2026 23:22:00 EEST | Press release
The Estée Lauder Companies Inc. (NYSE: EL) today announced the appointment of Madeleine Boyd as Senior Vice President, Global Brand Communications, effective July 20, 2026. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260716738393/en/ Photo by Esteban La Tessa As part of the company’s continued efforts to strengthen how its brands better connect with consumers, Ms. Boyd will establish and lead a newly integrated Global Brand Communications team. In this role, she will ensure the company’s diverse portfolio is anchored by a cohesive enterprise communications strategy, while accelerating bold, consumer-first storytelling that drives earned media, cultural relevance, and brand desirability. She will also strengthen creator engagement, helping the company’s brands gain attention where culture is being shaped. Ms. Boyd brings extensive experience spanning brand strategy, communications, consumer engagement, and cultural insight
Grid Dynamics Enters Strategic Partnership with Doosan Robotics to Accelerate Physical AI Adoption Across Manufacturing and Logistics16.7.2026 23:05:00 EEST | Press release
Grid Dynamics Holdings, Inc. (Nasdaq: GDYN) (Grid Dynamics), a premier AI transformation partner for the Fortune 1000, announced today it has entered into a strategic partnership with Doosan Robotics, a global leader in collaborative robot solutions, delivering cutting-edge AI robotics to 45 countries worldwide. Grid Dynamics offers Doosan cobot users a GAIN Platform for Physical AI, which enables rapid creation of advanced robotic manipulation workflows, deployment of the latest physical AI models, and optimization and monitoring of robotic lines using digital twins. The GAIN Platform for Physical AI and corresponding integration services enable industrial users to solve advanced robotic automation use cases such as processing and inspection of complex-geometry objects, assembly with variability, and packaging of unseens and deformable items, which are not tractable for traditional robotics software. The partnership aims to accelerate the joint go-to-market strategy for the integrated
NetApp Acquires DataPelago, Making Data AI-Ready at the Infrastructure Layer16.7.2026 19:30:00 EEST | Press release
NetApp® (NASDAQ: NTAP), the Intelligent Data Infrastructure company, today announced it has acquired DataPelago, a California-based AI data infrastructure company recognized for its innovative approach to eliminating data processing bottlenecks for AI and analytics workloads. The acquisition marks a foundational expansion of NetApp's portfolio, enabling GPU-accelerated data processing aligned directly with the storage layer. With this acquisition, NetApp establishes itself as the company that makes zero-copy activation of enterprise data for AI real. AI is the defining platform shift of our era, but enterprises are discovering that their greatest bottleneck is preparing, governing, and activating their data fast enough to put AI into production. The key to accomplishing this objective is to enable accelerated computing where the data is created and stored. DataPelago solves this challenge by fundamentally reimagining where accelerated compute happens: at the data layer, not above it. "
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
