ShiftLeft to Present at No Hat Conference 2021
17.11.2021 11:00:00 EET | Business Wire | Press release
ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit: https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Contact information
PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Fastly Joins DIMPACT to Collaborate on Digital Sustainability8.7.2026 15:00:00 EEST | Press release
Fastly, Inc. (NASDAQ: FSLY), a leading global edge cloud platform, today announced it has become a participant of DIMPACT, the coalition of leading organizations working to align industry changemakers and policymakers around meaningful, science-based solutions that reduce the environmental impacts of serving digital media products. As the first edge cloud platform provider to join the coalition, Fastly brings critical, real-world edge network data and infrastructure expertise and a transparent approach to emissions calculation and reporting to help major media, streaming, and publishing companies understand and optimize their digital carbon footprints. “We’re thrilled to welcome Fastly to the DIMPACT initiative. Their participation strengthens DIMPACT's ability to advance a more accurate, data-driven approach to measuring and reducing digital emissions,” said Jason Bell, Director at SLR Consulting and Executive Sponsor of DIMPACT. “Accurately calculating digital emissions requires a de
PubNub Introduces Blocks.ai: The Control Plane and Network Layer For AI Agents8.7.2026 15:00:00 EEST | Press release
PubNub introduces Blocks.ai today, a global network to connect and control agents across all agent frameworks, providers, and APIs. Blocks.ai lets developers reach their existing AI agents regardless of where they are hosted. Blocks Network supports all AI agent use cases without opening inbound ports, setting up tunnels, changing DNS, or modifying firewall rules. For more than a decade, PubNub has been the infrastructure and platform for real-time connectivity supporting billions of devices, now, PubNub delivers Blocks Network connecting the Internet of Agents. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260708521206/en/ AI agents have become increasingly critical to businesses who want control over their models, code, and data. But once those agents are running locally or behind a firewall, making them reachable from custom frontends can require brittle infrastructure work. This is a key reason why McKinsey estimates th
STEMCELL Technologies and CCRM Partner to Expand Access to Matched GMP and RUO iPSC Lines for Cell Therapy Development8.7.2026 15:00:00 EEST | Press release
STEMCELL Technologies and the Centre for Commercialization of Regenerative Medicine (CCRM) today announced a partnership to expand access to high-quality human induced pluripotent stem cell (iPSC) starting materials, giving cell therapy developers worldwide a faster, lower-risk path from research to the clinic. Under the agreement, STEMCELL will manufacture and distribute research-use-only (RUO) iPSC lines derived directly from LineaBio's Good Manufacturing Practices (GMP) iPSC lines, and will offer the matched GMP lines to developers worldwide. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260708212795/en/ Partnership pairs GMP-manufactured iPSC lines with matched RUO equivalents, giving developers well-characterized, donor-eligible starting materials from early research through clinical development. Supporting comparability data for the RUO and GMP lines to be presented at the 2026 ISSCR Annual Meeting in Montréal, Canada
LUMI AI Factory Selects IQM to Deploy Advanced Quantum Computer, Accelerating Hybrid HPC and AI Development8.7.2026 15:00:00 EEST | Press release
The LUMI AI Factory, led by CSC – IT Center for Science, has selected IQM Quantum Computers (Nasdaq: IQMX) to deliver IQM Halocene H4, an advanced quantum computer aimed at accelerating hybrid high-performance computing, artificial intelligence, and quantum computing capabilities. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260708006791/en/ LUMI AI Factory selects IQM to deploy advanced quantum computer, accelerating hybrid HPC and AI development IQM Halocene H4 is the first and most advanced on-premises superconducting quantum computer of its kind, combining quantum error correction with NISQ qubits. The system will be delivered in 2027, followed by a series of upgrades delivered in multiple phases with an increasing number of logical qubits. The IQM Halocene H4 and the upgraded systems will enable LUMI consortium users, for the first time, to develop and implement Quantum Error Correction (QEC) concepts on a world-leadi
Merck Announces FDA Breakthrough Therapy Designation for Enpatoran in Lupus Patients With Active Skin Manifestations8.7.2026 15:00:00 EEST | Press release
Merck, a leading science and technology company, today announced that the US Food and Drug Administration (FDA) has granted Breakthrough Therapy designation to enpatoran for the treatment of lupus with active cutaneous manifestations. Enpatoran is an oral selective toll-like receptor (TLR) 7/8 inhibitor, designed to modulate pathways central to lupus-related inflammation. “For the 85% of lupus patients whose disease includes skin manifestations, often associated with substantial physical and psychosocial burden, the lack of targeted treatment makes the disease hard to control,” said David Weinreich, MD, MBA, Global Head of R&D and Chief Medical Officer for the Healthcare business of Merck. “This Breakthrough Therapy designation demonstrates that enpatoran has the potential to redefine how we approach lupus, by addressing the visible burden of rash, while potentially driving benefit beyond the skin. We look forward to working with the FDA to potentially bring this much-needed option to
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
