ShiftLeft to Present at No Hat Conference 2021
ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit: https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Contact information
PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Fitch Learning Completes Acquisition of Moody’s Analytics Learning Solutions and the Canadian Securities Institute5.12.2025 17:48:00 EET | Press release
Fitch Learning, the global leader in financial learning and professional certifications, today announced the completion of its acquisition of Moody’s Analytics Learning Solutions (MALS) and the Canadian Securities Institute (CSI). MALS is a global provider of credit and digital learning, and CSI is a leading provider of certifications for the Canadian financial services industry. Fitch Learning, recognized globally as the premier financial education provider, delivers specialized training for the financial services industry through accredited qualifications, flexible corporate solutions programs, managed services and digital learning solutions trusted by leading institutions worldwide. The combined business will serve over 92,000 finance professionals across 148 countries, at every stage of their careers. “This acquisition is about creating more opportunities for growth – for organizations and for individuals,” said Andreas Karaiskos, CEO of Fitch Learning. “By combining both organizat
Arthur D. Little and Vega IT Unveil Joint Venture for Digital Innovation5.12.2025 17:00:00 EET | Press release
Arthur D. Little (ADL) and Vega IT today announced the formation of Axceler8 Solutions, a 50/50 joint venture created to design, develop, and operate a portfolio of digital and AI solutions aimed at improving efficiency and automating complex business processes. The launch of this new company is the direct outcome of a year of successful collaboration between the two firms and marks a new phase in their shared ambition to bring scalable, high-performance digital solutions to market, aiming to further augment their clients’ capacity to compress time to impact in a variety of domains. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251205465303/en/ Arthur D. Little and Vega IT have announced the formation of Axceler8 Solutions, a 50/50 joint venture created to design, develop, and operate a portfolio of digital and AI solutions. Axceler8 Solutions’ first product, Axceler8 Rx, is now live as a newly developed platform, and is a
Lone Star Announces Sale of SPX FLOW to ITT Inc.5.12.2025 14:30:00 EET | Press release
Lone Star Funds (“Lone Star”) today announced the signing by an affiliate of Lone Star Fund XI, LP of a definitive agreement to sell SPX FLOW, Inc. (“SPX FLOW”), a leading provider of highly engineered equipment and process technologies for attractive end markets including industrial, health and nutrition, to ITT Inc. (NYSE: ITT) for $4.775 billion in cash and shares of common stock. Based in Charlotte, N.C., SPX FLOW focuses on process technologies delivering mixing, blending, fluid handling, separation, thermal heat transfer and other solutions integral to industrial, health and nutrition markets. The company has operations in more than 25 countries and sales in more than 140 countries. In partnership with Lone Star, SPX FLOW has focused on improving its sales execution and operating platform, while ensuring high quality and innovative product development. The management team has improved the company’s commercial organization and executed growth initiatives to build its presence in e
AmTrust Financial Services and Blackstone Credit & Insurance Close Strategic Transaction and Launch Newly Formed Multinational MGA Company Named ANV Group Holdings Ltd.5.12.2025 14:00:00 EET | Press release
AmTrust Financial Services, Inc. (“AmTrust” or the “Company”), a global specialty property casualty insurer, and Blackstone Credit & Insurance (“BXCI”), today announced the closing of a strategic transaction under which AmTrust and funds managed by BXCI have partnered to spin-off certain of AmTrust’s Managing General Agencies (“MGAs”) and fee-based businesses in the U.S., United Kingdom, and Continental Europe, into ANV Group Holdings Ltd. (“ANV”), a newly formed independent company, following receipt of regulatory approvals. AmTrust and ANV have entered into a ten-year capacity agreement through which AmTrust will remain the underwriter for the existing books of business offered through the MGAs. As previously announced on September 15, 2025, the agreement includes seven AmTrust subsidiaries: ANV Specialty, Risico, Collegiate, ANV Nordic, Arc Legal, Qualis, and Abacus. These businesses provide diverse risk and insurance coverages including cyber excess and surplus (E&S), directors and
Galderma Opens up New Chapter for Sculptra ® with MDR Certification and New Expanded Indication for Body5.12.2025 08:00:00 EET | Press release
Galderma (SIX: GALD), the pure-play dermatology category leader, today announced the certification of Sculptra for body indications in the European Union (EU) following its certification under the EU Medical Device Regulation (MDR). This expands Sculptra’s current clinical use on the face, to include four new areas: gluteal area, posterior thighs, décolletage, and upper arms. Sculptra can be used across these areas to address varied treatment goals – from improving skin quality (including the improvement in cellulite appearance), to enhancing firmness, as well as lift, projection, and contouring.1-5 Sculptra’s versatility allows practitioners to meet each patient’s unique needs, delivering natural-looking, long-lasting improvements across face and body. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251204988559/en/ Meeting the moment: evolving patient needs As aesthetic expectations shift, patients are seeking more holistic
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom