CA-SHIFTLEFT
17.11.2021 09:02:09 CET | Business Wire | Press release
ShiftLeft, Inc ., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who:
Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What:
Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When:
Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where:
Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit : https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/ .
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Link:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Vultr Expands European Footprint with 33rd Cloud Data Center Region in Milan, Italy19.5.2026 17:28:00 CEST | Press release
New region strengthens Vultr's commitment to affordable, high-performance cloud infrastructure and Europe's thriving open source and AI ecosystem Vultr, the world’s largest privately-held cloud infrastructure company, today announces the launch of its 33rd global cloud data center region in Milan, coinciding with AI Week 2026 at Fiera Milano Rho, where over 700 international speakers will gather for Europe's largest AI event. Vultr is a platinum sponsor and is also co-hosting the AI Agent Olympics Hackathon with over 1,000 participants. Milan becomes Vultr's ninth European cloud data center region, joining Amsterdam, Frankfurt, London, Madrid, Manchester, Paris, Stockholm, and Warsaw. This launch represents the company's latest expansion of a global network reaching 90% of the world's population within 2–40 milliseconds. Vultr’s cloud data center location will be delivering Vultr’s full-stack AI infrastructure, including Vultr’s flagship cloud compute offering, VX1, in addition to Vult
Global Millennial Capital Closes USD 100 Million IPO Opportunities Fund Focused on AI, Decentralized Financial Infrastructure, and Climate Technologies19.5.2026 17:16:00 CEST | Press release
Global Millennial Capital Ltd. (“GMCL”) today announced the final closing of its inaugural IPO Opportunities Fund at USD 100 million. Raised through a private placement with institutional and professional investors, the fund targets late-stage and special opportunities investments across mid-cap technology companies operating in high-growth sectors, including artificial intelligence, decentralized finance infrastructure, cybersecurity, digital infrastructure, enterprise software, and climate technologies. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260519513523/en/ Global Millennial Capital announces the successful final close of its USD 100 million IPO Opportunities Fund, reinforcing its commitment to investing in high-growth technology companies across artificial intelligence, digital infrastructure, cybersecurity, and next-generation financial systems. The fund is designed to capitalize on the increasing number of tech
Miro Takes Aim at the Gap Between AI Potential and Organizational Reality19.5.2026 16:00:00 CEST | Press release
At Canvas 26, Miro establishes its AI platform as the connective layer of the modern AI ecosystem — bringing together teams, agents, and the tools they already work in to turn individual AI productivity into organization-wide transformation Miro®, the AI Innovation Workspace for teams, has announced new innovations across its AI platform, reinforcing its position as the collaboration layer where people, context, and agents from every function converge to solve hard problems, make better decisions, and build the right thing faster. Major upgrades to Miro’s agentic AI tools — including Sidekicks and Flows — alongside new Connectors, help customers close the gap between individual AI productivity and organization-wide transformation. AI is reshaping the pace of work, but often teams are not realising the benefits. In many organizations, a gap has emerged between what individuals can now do and what companies can harness. The reason? Collaboration has fractured. Teams have moved from one m
Wolters Kluwer Medi-Span Selected to Provide Personalized Medication Decision Support at The Christie NHS Foundation Trust19.5.2026 15:30:00 CEST | Press release
Roll-out at largest EU cancer center marks first Medi-Span NHS implementation Wolters Kluwer Health has implemented its industry-leading medication decision support (MDS) solution, Medi-Span®, at the world-renowned specialist oncology center, The Christie NHS Foundation Trust. “The Christie is recognized globally for its excellence and commitment to delivering exceptional patient care,” says Israel Armstrong, Vice President for Medi-Span International at Wolters Kluwer Health. “We’re proud that our first Medi-Span implementation in the NHS should be with such a prestigious institution. We look forward to more collaborations that help streamline processes further and help clinical teams make the most highly informed decisions.” The Christie is a leading expert in cancer care, research and education and is the largest single-site cancer center in Europe. The Christie treats more than 60,000 patients a year and is the first facility in the UK to be accredited as a comprehensive cancer cen
Torq Acquires Jit to Unleash the First Enterprise AI SOC Context Graph—and Rewrite the Future of SecOps19.5.2026 15:00:00 CEST | Press release
With Jit Acquisition, Torq Catapults Enterprise SOCs Into a New Realm of Detailed Contextual Investigations That Drive Precision Decision-Making Torq, the established agentic security operations leader, today announced the acquisition of Jit, the Boston-based AI Context Graph cybersecurity pioneer. This move marks a dramatic leap forward for the Torq AI SOC Platform by ensuring agentic investigations are precisely informed via organization-specific contextual data. This shift redefines agentic reasoning, moving beyond static facts such as users, devices and their relationships, to prioritize live, dynamic contextual data overlaid on top, including business drivers, and the real-time state of the enterprise. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260519044833/en/ Instead of acting on fragmented data or having investigations triggered by a single alert, Torq AI operates with a unified, continuously-updated, contextual
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom