CA-SHIFTLEFT
17.11.2021 09:02:09 CET | Business Wire | Press release
ShiftLeft, Inc ., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who:
Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What:
Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When:
Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where:
Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit : https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/ .
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Link:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Andersen Consulting styrker sine kompetencer inden for organisatorisk transformation med Afiniti8.5.2026 20:45:00 CEST | Pressemeddelelse
Andersen Consulting annoncerer en samarbejdsaftale med Afiniti, et globalt konsulentfirma inden for forretningstransformation med hovedkontor i Storbritannien, der hjælper organisationer med at levere og opretholde komplekse forandringsprojekter. Afiniti blev stiftet i 2003 og er et globalt konsulenthus inden for forretningsforandring med base i Storbritannien og USA. De støtter klienter gennem komplekse transformationer på tværs af mennesker, processer, systemer og data, og de skaber mærkbare forandringer gennem kreative konsulentydelser. Virksomheden betjener primært stærkt regulerede, sikkerhedsdrevne og aktivtunge organisationer med store, geografisk spredte arbejdsstyrker inden for sektorer som energi, forsyning, biovidenskab, transport og byggeri. Afiniti samarbejder med velkendte brands om at levere ekspertise fra start til slut på tværs af organisatoriske, digitale og ai-baserede transformationer samt ændringer i kultur og driftsmodeller. Dette gælder især komplekse scenarier s
Verdantis Launches MRO360 “The World's First AI-Native Spare Parts Intelligence Platform”8.5.2026 15:40:00 CEST | Press release
MRO360 is the first milestone in Verdantis's journey to deliver the industry's first fully AI-native Enterprise Asset Management solution. Verdantis today announced the global launch of MRO360, a purpose-built AI platform that transforms how asset-intensive organizations manage their MRO spare parts inventory. Designed for manufacturers, oil and gas operators, mining companies, utilities, and other industrial enterprises, MRO360 deploys nine interconnected AI agents that continuously forecast demand, score parts criticality, manage obsolescence risk, calculate dynamic reorder points, helps intercompany plant transfer thereby realizing the exact dollar value of every optimization opportunity across a spare parts catalog in real time. Unlike traditional EAM and CMMS platforms built on static rules, MRO360's agents adapt continuously as demand patterns, supplier performance, and equipment health evolve. For the first time, a maintenance planner can see which work orders are at supply risk
Cyble Positioned as a Challenger in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies8.5.2026 15:22:00 CEST | Press release
Cyble today announced it has been recognized as a Challenger in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. The company believes this recognition underscores Cyble’s mission to make threat intelligence truly operational—delivering AI-native capabilities that enable enterprises, government agencies, and MSSPs to shift from reactive security to proactive, intelligence-driven defense. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260508164528/en/ Cyble Named a Challenger in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies "Security teams are under constant pressure to respond faster with greater accuracy," said Beenu Arora, Co-Founder and CEO, Cyble. "We believe this recognition highlights our focus on delivering intelligence that drives real outcomes—cutting through noise, accelerating response, and enabling confident decision-making at scale." Intelligence That Acts
WHOOP Expands Health Platform with On-Demand Clinician Access and New AI Features8.5.2026 15:00:00 CEST | Press release
New updates introduce a more personalized, data-driven member experience—bridging the gap between continuous biometrics, real-world context, and clinical insight WHOOP, the human performance company, today announced a new suite of health and AI-driven enhancements and feature updates across the WHOOP memberships, marking a major step forward in its evolution into an intelligent health platform. These updates deepen the company’s commitment to delivering highly personalized, accurate, and actionable insights. They signal the company’s expansion beyond performance optimization into clinical-grade health support. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260508464188/en/ WHOOP Expands Health Platform with On-Demand Clinician Access and New AI Features “WHOOP is a membership, and we take that seriously,” said Ed Baker, Chief Product Officer of WHOOP. “We’re always asking how we can deliver more value to our members, and the
Reply Presents the Jury of the Second Edition of the AI Music Contest: This Year Again, Finalists Will Perform on the NOVA Stage of Kappa FuturFestival in Turin8.5.2026 13:24:00 CEST | Press release
Agoria, Max Cooper, Fleur Shore, Tini Gessler, Ali Demirel, Albi Scotti, Oliver Bohl and Sarah Grimaldi join the jury of the second edition of the competition dedicated to the dialogue between artificial intelligence and live performance. Reply, [EXM, STAR: REY], an international group specialised in the development of new AI-enabled business models and always distinguished by a strong drive for innovation, renews its commitment to creative experimentation with the second edition of the ReplyAI Music Contest. The initiative, organised in collaboration with Kappa FuturFestival—one of Europe’s leading festivals dedicated to electronic music—takes the form of an international competition aimed at creatives and innovators who use AI technologies to explore new ways of integrating sound and image, enhancing the role of artificial intelligence in live performances. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260508361016/en/ Th
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom