CA-SHIFTLEFT
ShiftLeft, Inc ., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who:
Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What:
Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When:
Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where:
Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit : https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/ .
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Link:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Uptime Institute Announces Five Data Center Predictions Report for 202613.1.2026 12:04:00 CET | Press release
As corporate AI moves beyond pilots and experimentation, infrastructure designers and operators face a series of big challenges spanning power, resiliency, sustainability and automation Uptime Institute today announced the release of its Five Data Center Predictions for 2026 looking beyond the more obvious trends of 2026 and examining some of the latest developments and challenges shaping the digital infrastructure industry. The 2026 predictions focus on the continued growth of the industry and related challenges, while also recognizing AI as a powerful, transformative accelerant to growth. While AI is the key driver for a wave of investment that will underpin digital infrastructure for decades to come, the speed and ultimate size of the build-outs are unclear at this time. “Critical digital infrastructure continues to expand strongly,” said Andy Lawrence, Executive Director of Research, Uptime Institute. “At the same time, our research shows uncertainty about how AI will reshape deman
BeOne Medicines Highlights Global Oncology Leadership at 44th Annual J.P. Morgan Healthcare Conference13.1.2026 12:00:00 CET | Press release
Company outlines foundational hematology leadership, multiple 2026 data catalysts, a unique global clinical development superhighway, and continued financial excellence BeOne Medicines Ltd. (NASDAQ: ONC; HKEX: 06160; SSE: 688235), a global oncology company, will outline the pillars of its growing global oncology leadership during its presentation today at the 44th Annual J.P. Morgan Healthcare Conference in San Francisco. John V. Oyler, Co-Founder, Chairman, and CEO at BeOne, will highlight the Company’s transformative leadership in treating B-cell malignancies. The presentation will feature BRUKINSA®, the global leader among Bruton’s tyrosine kinase (BTK) inhibitors, as well as foundational hematology assets: sonrotoclax, a next-generation and potentially best-in-class B-cell lymphoma 2 (BCL2) inhibitor that received its first global regulatory approvals on December 30, and BGB-16673, a potentially first-in-class and best-in-class BTK chimeric degradation activation compound (CDAC). I
BlueMatrix and Perplexity Partner to Bring AI-Powered Discovery to Institutional Research13.1.2026 12:00:00 CET | Press release
Partnership enables AI-assisted research while preserving BlueMatrix’s governance-first approach to integrating AI into regulated research environments. BlueMatrix, the global leader in capital markets content publishing technology, backed by Thoma Bravo, today announced a partnership with Perplexity to bring AI-enabled research and discovery to institutional investors using BlueMatrix’s governed, entitlement-aware framework. The partnership brings entitled broker research to Perplexity Enterprise users, enabling buy-side professionals to query their subscribed research content, alongside Perplexity’s broader capabilities, including real-time financial data, earnings transcripts, and deep research tools. Investment professionals and researchers can use natural language to surface relevant insights without changing existing data ownership, entitlements, or compliance structures. As buy-side teams increasingly turn to AI tools for research synthesis, a formal integration through BlueMatr
Vaudoise Becomes First Swiss Insurer to Go-Live with Guidewire Cloud Platform13.1.2026 11:21:00 CET | Press release
Vaudoise and Guidewire (NYSE: GWRE) have announced that Vaudoise has become the first Swiss insurer to go-live on Guidewire Cloud Platform. The company has successfully implemented Guidewire ClaimCenter and is currently integrating Guidewire PolicyCenter. By adopting Guidewire Cloud Platform, Vaudoise joins a global community of insurers focusing on insurance excellence with core modernization from a scalable, secure and rapidly updatable cloud delivery model. Arno Suess, Head of P&C Claims at Vaudoise, said: “We are very proud of this milestone, which sets a new benchmark for our industry. With Guidewire Cloud Platform, we can now process motor insurance claims faster, with greater automation and fully digital processes. The result: faster decisions, more transparency, and a seamless experience for customers during critical moments in their lives.” Mathias Grobet, EMEA VP at Guidewire, said: “Vaudoise is well-known for its customer focus, operational excellence and agility – qualities
Ant International Powered Over 2 Billion Transactions in its Core Emerging Markets in 2025, Expanding AI Payments and Digital Commerce Tools for Inclusive Growth13.1.2026 11:15:00 CET | Press release
150 million merchants across the world from Kuala Lumpur to London leverage Ant International’s solutions to reach local and global customers.In its main emerging markets, clients in Southeast Asia, South Asia, the Middle East and Latin America, including the SME sectors, recorded strong uplift through digital payments, cross-border commerce and banking solutions in 2025. Ant International supported over 2 billion digital cross-border transactions in 2025 for merchants in its core emerging markets including Southeast Asia (SEA), South Asia, the Middle East and Latin America (LATAM), as the company builds out a broader range of AI-powered digital financial and commerce solutions tailored to these regions’ diverse needs. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260113850175/en/ Alipay+ now connects more than 1.8 billion user accounts across 40 international payment partners to merchants across more than 100 markets Ant I
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom