Business Wire

ShiftLeft to Present at No Hat Conference 2021

Share

ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.

Event Details:

Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy

For more information, visit: https://www.nohat.it/program

Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code

Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.

Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.

In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.

About Fabian Yamaguchi

Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.

About Claudiu-Vlad Ursache

Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.

About ShiftLeft

ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Vifor Pharma comments on market speculations2.12.2021 20:40:00 EET | Press release

Regulatory News: AD HOC ANNOUNCEMENT PURSUANT TO ART. 53 LR Due to current market speculations, Vifor Pharma Group states the following: Vifor Pharma Group systematically reviews options that can strengthen its market position and/or accelerate the growth of the company both organically and through partnerships and acquisitions. Vifor Pharma is therefore regularly in discussions with other market participants and does not comment on them. About Vifor Pharma Group Vifor Pharma Group is a global pharmaceuticals company. It aims to become the global leader in iron deficiency, nephrology and cardio-renal therapies. The company is a partner of choice for pharmaceuticals and innovative patient-focused solutions. Vifor Pharma Group strives to help patients around the world with severe and chronic diseases lead better, healthier lives. The company develops, manufactures and markets pharmaceutical products for precision patient care. Vifor Pharma Group holds a leading position in all its core b

Covid - 19: Laboratoire Cerba Detects First Case of Omicron Variant in Mainland France2.12.2021 18:44:00 EET | Press release

Laboratoire Cerba, a global leader in specialized clinical pathology and member of the Cerba HealthCare Group, has detected a case of the Omicron variant from the sample of a patient arriving from Nigeria who was tested at Roissy Charles De Gaulle airport. The authorities - Santé Publique France [Public Health France], Agence Régionale de Santé Ile de France [Paris Regional Health Agency] and Direction Générale de Santé [General Directorate for Health]- were immediately informed. Laboratoire Cerba, chosen last October by the French Health Authorities to participate in the Emergen consortium, carries out between 1,000 and 1,500 sequencings per week with results returned in less than 5 days. Sylvie Cado, CEO of Laboratoire Cerba explains: "From the beginning of the epidemic, we have been working closely with the Authorities and the National Reference Centres to share the information and the strains of interest in order to support our Authorities in steering public policy: the systematic

i2c Partners with BEYON Money and Visa to Launch First Open Banking Super App in Bahrain2.12.2021 18:23:00 EET | Press release

i2c Inc., a leading provider of digital payment and banking technology, today announced its partnership with BEYON Money, the mobile super app launched by Batelco Financial Services, which is the fintech arm of Bahrain’s leading digital solutions and telecommunications provider. Backed by a recently-secured, first-of-its-kind open banking license from the Central Bank of Bahrain, the BEYON Money super app will host a digital wallet that enables retail, bill, and peer-to-peer payments for its users, connects to bank accounts through open banking, delivers financial insights and provides digital remittances. BEYON Money will develop card issuing and processing functionalities through i2c’s agile banking and payments platform which will also integrate additional partners and services. Through i2c’s Fintech Fast Track certification, BEYON Money will tap into Visa’s network infrastructure to launch a digital-first debit program to the market with a physical card option available upon reques

ENTERPRISE AND MEDIA ORGANIZATIONS DRIVE REVENUE, ENGAGEMENT, AND DEMAND WITH BRIGHTCOVE SOLUTIONS, INDEPENDENT STUDY REVEALS2.12.2021 17:00:00 EET | Press release

Brightcove Inc. (Nasdaq: BCOV), the global leader in video for business, released findings that enterprises and media organizations can generate 225% and 226% ROI respectively with Brightcove and see a full return on the initial investment in less than six months. The commissioned Total Economic Impact™ (TEI) studies conducted by Forrester Consulting examined cost savings and business benefits with Brightcove solutions for enterprise and media organizations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211202005560/en/ Forrester Consulting interviewed decision-makers at multiple enterprise and media organizations with experience using Brightcove. Respondents came from organizations headquartered in the US and EMEA, all with multi-billion dollars of annual revenues. The enterprise interviewees represented industries including automotive manufacturing, technology manufacturing, and media services that primarily use video to

ElectReon Brings Wireless Inductive Electric Vehicle Charging Technology to Italy’s “Arena of the Future”2.12.2021 16:00:00 EET | Press release

ElectReon (TASE: ELWS.TA), the leading provider of inductive in-road charging technology for commercial and passenger electric vehicles, announced the launch of the “Arena of the Future'' project in Brescia, Italy where the company has integrated its wireless technology to charge an IVECO bus and Stellantis’s Fiat Nuova 500 passenger vehicle while driving. This project is demonstrating contactless charging for a range of EVs as they drive on highways and toll roads as a potential pathway to decarbonizing long-haul transportation systems along motorway transport corridors. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211202005493/en/ ElectReon announces the launch of "Arena of the Future" in Italy (Photo: Business Wire) The construction and technical implementation of the 1,050-metre-long circuit equipped with ElectReon’s properarity in-road charging coils and supported by 1MW of electrical power has been successfully compl

NuScale Power Unveils Name of Flagship SMR Plants as the Company Approaches Commercialization2.12.2021 16:00:00 EET | Press release

NuScale Power today unveiled the official name of its small modular reactor (SMR) power plants – VOYGR™. NuScale is on the frontier of innovation in energy and the name VOYGR demonstrates that NuScale is changing the world by creating an energy source that is smarter, cleaner, safer, and cost competitive. NuScale’s flagship VOYGR-12 scalable power plant design can accommodate up to 12 NuScale Power Modules™ (NPM), resulting in a total gross output of 924 megawatts electric (MWe). NuScale also offers smaller scalable power plant solutions, the four-module VOYGR-4 (308 MWe) and six-module VOYGR-6 (462 MWe), that are underpinned by the rigorous safety case of the company’s NuScale Power Module™ SMR technology. The first VOYGR plant will be operational by the end of the decade. 12-Module (924 MWe) 6-Module (462 MWe) 4-Module (308 MWe) VOYGR™-12 VOYGR™-6 VOYGR™-4 As the first and only SMR to receive design approval from the U.S. Nuclear Regulatory Commission, the VOYGR plants are a scalable

Orbital Insight Integrates with Esri's ArcGIS Platform to Streamline Satellite and Sensor Imagery Analysis2.12.2021 16:00:00 EET | Press release

Orbital Insight's fusion of multisensor geospatial data and state-of-the-art algorithms has been helping customers address critical concerns for years—from determining the flow of container ship traffic amid unprecedented supply chain delays to visualizing dynamic intelligence and defense-related threats and anomalies across the globe. With the adoption of Esri's ArcGIS Platform, Orbital Insight is making it easier for its users to integrate with ArcGIS and analyze their data. Customers of Esri, the world leader in location intelligence, who also use Orbital Insight GO can now seamlessly work between both systems, making it easier to meet spatial challenges with Esri basemap visualizations directly within the Orbital Insight GO platform and export their analysis to ArcGIS. The integration with Esri's ArcGIS Platform provides an integral reference point for analysts as well as a more cohesive and natural user experience. More collaboration is planned, including eventually incorporating

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom