CA-SHIFTLEFT
17.11.2021 09:02:09 CET | Business Wire | Press release
ShiftLeft, Inc ., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.
Event Details:
Who:
Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What:
Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When:
Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where:
Centro Congressi Giovanni XXIII - Bergamo, Italy
For more information, visit : https://www.nohat.it/program
Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code
Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.
Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.
In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.
About Fabian Yamaguchi
Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.
About Claudiu-Vlad Ursache
Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/ .
View source version on businesswire.com: https://www.businesswire.com/news/home/20211117005403/en/
Link:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Svante and Integrated Packaging Company Advance U.S. Biogenic CDR Project to Feasibility10.3.2026 14:57:00 CET | Press release
The bioenergy with carbon capture (BECCS) project aims to remove more than 500,000 tonnes per year of biogenic CO2 emissions from a U.S. paper mill’s recovery boiler Svante Development Inc. is co-investing to advance the project The project will generate high-quality carbon dioxide removal (CDR) credits to market to Voluntary Carbon Market (VCM) buyers. Svante Technologies Inc. (“Svante”) announced today that its bioenergy with carbon capture and storage (BECCS) project at a paper mill in the Southeast U.S. has progressed to the feasibility study phase. The project is being developed in partnership with an integrated sustainable packaging company, following an extensive screening and pre-feasibility study conducted across several of the partner’s mills. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260310319382/en/ During the feasibility study phase, the companies will complete further engineering and design activities, cos
Forbes 40th Annual World’s Billionaires List10.3.2026 14:43:00 CET | Press release
Elon Musk Is World’s Richest Person Ever Recorded Forbes releases its 40th-annual World’s Billionaireslist, the definitive ranking of the planet’s richest people. Wealth surged to unprecedented levels over the past year, with fortunes climbing at a record pace. This year’s list features 3,428 billionaires, the most since the list’s inception in 1987. The world’s wealthiest people are worth a record $20.1 trillion combined, up from $16.1 trillion in 2025. Elon Musktops the Billionaires list for the second year in a row and is the richest person ever recorded, worth an estimated $839 billion. His net worth skyrocketed by half of a trillion dollars from last year, thanks to a rise in the value of Tesla, and SpaceX which is aiming to go public in 2026. Musk is the first person ever recorded to reach the $800 billion mark, as he moves toward becoming the world’s first trillionaire. “It’s the year of the billionaire,” said Chase Peterson-Withorn, Forbes Senior Editor, Wealth. “The planet add
Adtran sets intra-data center benchmark with all-new ultra-low-power LiteWave800™ LPO module10.3.2026 14:00:00 CET | Press release
News summary: AI clusters and GPU fabrics demand massive capacity, yet traditional 800G optics increase energy consumption, heat and cost burdens Adtran’s LiteWave800™ introduces a new class of ultra-low-power, low-latency DR8 LPO modules built on a fully re-engineered design Breakthrough energy efficiency of 1pJ/bit enables greener, scalable intra-data center links for next-generation AI and cloud workloads Adtran today launched LiteWave800™, an ultra‑low‑power 800Gbit/s DR8 linear pluggable optics (LPO) module engineered to help data centers address the power, latency, thermal and bandwidth demands of modern AI and machine-learning (ML) workloads. As GPU clusters grow and short-reach links scale across dense server racks, operators need 800Gbit/s optics that deliver higher capacity within strict power and cooling limits. LiteWave800™ answers this challenge with a fully re-engineered architecture that significantly reduces energy consumption. Operating at just 1pJ/bit and consuming on
Hyperice Introduces Hypervolt 3 Line: More Powerful, Quieter, and Longer-Lasting Percussion Massage Devices10.3.2026 14:00:00 CET | Press release
Upgraded Line Includes Redesigned Head Attachments and New Carry Case for an Enhanced Warm-Up and Recovery Experience Hyperice, a high-performance wellness brand, today announced the global launch of the Hypervolt 3 line, its most advanced percussion massage technology to date. The three-device line features the Hypervolt Go 3 ($149), the Hypervolt 3 ($249), and the Hypervolt 3 Pro ($349) — achieving significant performance upgrades across the board at more accessible price points than industry competitors. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260310934508/en/ The Hypervolt 3 line enables users to massage away stress and tension, loosen muscle knots, maintain flexibility and range of motion, accelerate warm-up before workouts, and recover quickly after activity. Hyperice has built its reputation over the last 15 years on one guiding principle: elite-level recovery technology designed to help everyone perform and mo
Verifone and Thales Unlock Seamless Global Connectivity for Payment Terminals10.3.2026 14:00:00 CET | Press release
Thales today announced a partnership with Verifone, a global leader in payment terminal solutions, to connect Verifone’s next-generation point-of-sale (POS) terminals using Thales eSIM technology. The collaboration aims to simplify device deployment and enable secure, flexible connectivity for payment terminals worldwide; as connectivity can be provisioned, managed and updated remotely throughout the device lifecycle. By using Thales eSIM management platform, Verifone removes the need for removable SIM cards and country-specific hardware versions, significantly reducing operational complexity for manufacturers and service providers alike. At the core of this partnership is Thales’s leadership in eSIM management for large-scale connected devices, enabling remote connectivity provisioning and management, in line with the latest GSMA SGP.32 IoT specifications. These standards support secure and interoperable management of connectivity profiles, making it possible to deploy devices globall
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom