ShiftLeft to Present at No Hat Conference 2021
17.11.2021 11:00:00 EET | Business Wire | Press release
ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit: https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Contact information
PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Garvan Institute of Medical Research Joins Parse Biosciences’ Certified Service Provider Network15.7.2026 23:00:00 EEST | Press release
Parse Biosciences, a QIAGEN company, and the leader in scalable and accessible single cell sequencing, today announced that the Genomics Platform Core Facility within the Garvan Institute of Medical Research has joined its Certified Service Provider (CSP) Program. The partnership broadens access to high-quality, scalable single cell sequencing across Australia, the wider Asia-Pacific region, and beyond. Garvan is one of Australia's preeminent medical research institutions, with the Genomics Platform having deep experience in cell sorting, capture, and sequencing. As a Certified Service Provider, Garvan will offer Parse's Evercode WT kits to researchers across the region. "We see a growing number of requests for Parse projects and find the technology easy to implement and run, generating great data," said Chris O'Keeffe, Cellular Genomics Lead at the Garvan Institute. "Garvan is one of the most respected biomedical research institutions in the world, and we're honored to welcome them to
Grafana Labs Named a Leader in 2026 Gartner® Magic Quadrant™ for Observability Platforms and Positioned Furthest in Completeness of Vision15.7.2026 21:21:00 EEST | Press release
Grafana Labs, the company behind the open observability cloud, today announced it has been named a Leader in the Gartner® Magic Quadrant™ for Observability Platforms for the third consecutive year, and positioned furthest on the Completeness of Vision axis for the second year running. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260715814984/en/ 2026 Gartner® Magic Quadrant™ for Observability Platforms We believe this placement reflects where the market is headed: toward open, composable observability that helps teams in the AI era understand systems that are increasingly complex and agentic, and rapidly scaling thanks to AI-assisted engineering. A Platform Built for the AI Era According to Grafana Labs’ 2026 Observability Survey, operational complexity and overhead are now the top observability challenge, even as adoption of managed observability continues to climb, with half of organizations now using managed observabili
Spectro Cloud Raises $100 Million Series D to Help Customers Move AI Infrastructure Into Production Across Enterprise, Public Sector, Neocloud and Sovereign Cloud Environments15.7.2026 19:20:00 EEST | Press release
Spectro Cloud, a leading provider of AI infrastructure management software, today announced it has raised more than $100 million in an oversubscribed Series D funding round led by Growth Equity at Goldman Sachs Alternatives, with strategic participation from AMD Ventures, Ericsson, LG Technology Ventures, and Maximus. The new funding brings Spectro Cloud’s total capital raised to $260 million and will accelerate the company’s mission to help enterprises, public sector organizations, neoclouds and sovereign clouds build and operate production AI infrastructure with greater control over cost, security and governance. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260715551858/en/ Spectro Cloud raises $100 million Series D funding round to accelerate global adoption of production AI infrastructure. Learn more at spectrocloud.com. Organizations are spending billions on AI silicon and compute capacity. But silicon alone does not
K-Beauty Goes Global: Sales Surge 53% as Korean Innovation Reshapes Beauty Growth15.7.2026 17:00:00 EEST | Press release
NIQ (NYSE: NIQ), a global leader in consumer intelligence, today released new findings showing K-Beauty has become a rapidly growing global beauty segment, with value sales up 53% year-over-year and 131% over the past two years. The data points to a broader shift in beauty growth, as regional innovation, social commerce and digitally driven consumer demand increasingly shape what scales globally. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260715867578/en/ K-Beauty accelerates across global markets In its latest report, K-Beauty Goes Global, NIQ shows how Korean beauty is reshaping consumer expectations, accelerating innovation cycles and redefining competitive dynamics across the global beauty market. What began as a culturally driven trend now offers a broader signal about the future of beauty: regional trends are increasingly driving global opportunity, and brands need timely intelligence to know which signals will sca
Stonebranch Recognized as a Representative Vendor in the 2026 Gartner ® Market Guide for Infrastructure Automation and Orchestration Tools15.7.2026 16:00:00 EEST | Press release
Stonebranch, a leading provider of service orchestration and automation solutions, today announced it has been recognized as a Representative Vendor in the 2026 Gartner Market Guide for Infrastructure Automation and Orchestration (IA&O) Tools.* “Stonebranch is honored to be recognized in Gartner’s 2026 Market Guide for IA&O Tools,” said Giuseppe Damiani, Stonebranch CEO. “AI, platform engineering, and hybrid infrastructure are changing how organizations operate, and we’re excited to help our customers navigate that shift with a unified platform for intelligent orchestration.” The 2026 Market Guide reflects an evolution in the IA&O market, emphasizing infrastructure orchestration as a foundational capability for platform engineering, AI infrastructure, and modern hybrid IT operations. Gartner also notes that organizations are increasingly adopting platforms that provide low-code interfaces, AI capabilities, and AI agents to accelerate automation adoption and improve operational efficien
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
