Business Wire

ShiftLeft to Present at No Hat Conference 2021

Share

ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat Conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and hobbyists operating in the field of computer security and privacy.

Event Details:

Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft
What: Virtual Session: Presentation on Ghidra2cpg: From graph queries to vulnerabilities in binary code
When: Saturday, November 20, 2021, 11:15am – 12:00pm CET
Where: Centro Congressi Giovanni XXIII - Bergamo, Italy

For more information, visit: https://www.nohat.it/program

Session Abstract - Ghidra2cpg: From graph queries to vulnerabilities in binary code

Uncovering bugs in source code is hard enough as it is, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers such as IDA Pro, Ghidra, BinaryNinja or Radare2 provide a strong foundation for an investigation but are designed primarily to assist in what remains a manual investigation. This leaves room for partial automations that make the discovery process less painful.

Fabian and Claudiu were looking to design a search tool for binary code that allows them to uncover instances of programming patterns linked to vulnerabilities - at scale and for multiple major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open-source code mining platform Joern that enables it to process binary code. Together, Joern and ghidra2cpg enable you to quickly uncover the attack surface, search for variants of known vulnerabilities, and gather information interactively using a query language.

In this session they will show how to write queries for the system that describe bugs in source code and introduce corresponding queries for binary code, highlighting what's harder and what is easier to describe when looking at the machine code directly. They will also be looking at modern consumer-grade router firmware and may drop a zero-day or two in the process.

About Fabian Yamaguchi

Fabian is Chief Scientist at ShiftLeft Inc and an Associate Professor Extraordinary at Stellenbosch University. He has over 15 years of experience in the security domain, where he has worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work, he has identified previously unknown vulnerabilities in popular system components and applications such as the Microsoft Windows kernel, the Linux kernel, the Squid proxy server, and the VLC media player. He has presented his findings and techniques at both major industry conferences such as BlackHat USA, DefCon, First, and CCC, and renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from Technical University Berlin, as well as a PhD in computer science from the University of Goettingen.

About Claudiu-Vlad Ursache

Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his day-to-day job he builds static analysis tools and his current research focuses on IoT firmware.

About ShiftLeft

ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

PR:
Corinna Krueger
ShiftLeft
ckrueger@shiftleft.io

About Business Wire

Business Wire
Business Wire



Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Kolmar Korea Wins Case Against Italian Cosmetics Maker Intercos for Suncare Technology Theft28.3.2024 14:00:00 CET | Press release

Kolmar Korea (KRX:161890), a Korean cosmetics ODM (Original Development Manufacturing) company, has announced its victory in a lawsuit against Intercos Korea, the Korean subsidiary of the Italian cosmetics maker, Intercos. Intercos was revealed to have misappropriated and profited from the key technology for suncare (sunscreen) products, originally developed by Kolmar Korea. Kolmar Korea had invested hundreds of billions of KRW in this technology. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240328015022/en/ Kolmar Korea wins the case against Italian cosmetics maker Intercos for stealing suncare technology (Kolmar Korea R&D Complex) (Photo: Kolmar Korea Holdings) Kolmar Korea took legal action for 'trade secret infringement' against its former employees who have leaked the technology and Intercos Korea, resulting in favorable rulings in both civil and criminal cases. The Korean courts ordered Intercos Korea to pay KRW 200

Tigo Energy Headquarters Receives 90kW of Optimized Solar from Long-Time Installer Partner28.3.2024 14:00:00 CET | Press release

Tigo Energy, Inc. (NASDAQ: TYGO), a leading provider of intelligent solar and energy software solutions, today announced the installation and commissioning of a rooftop solar system at its headquarters in California. The system was designed and deployed by Tigo installer partner, Laibach Solar, and has averaged 5% Reclaimed Energy since it was commissioned. Laibach Solar is an employee-owned solar installer in Northern California dedicated to combining high-quality components with unbeatable pricing. It has been a valued installation partner for Tigo since 2018. The installation now contributes to the growth of U.S. corporate solar adoption, which was 14% of the U.S. Solar Market as of 2022, according to the Solar Energy Industries Association. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240328503393/en/ The system was designed and deployed by Tigo installer partner Laibach Solar and has averaged 5% Reclaimed Energy since

Seoul Semiconductor Supplies WICOP to Front Headlamps of 2024 Genesis GV80, Leading Trend of Headlamps28.3.2024 14:00:00 CET | Press release

Seoul Semiconductor Co., Ltd. (KOSDAQ:046890), the world best-in-class technology in opto-semiconductors, is supplying and mass-producing “WICOP,” the world’s first high-power LEDs without wire, for the headlamps of Genesis GV80, a luxury SUV model by Hyundai Motor Group, which is one of the world’s top three automobile companies. The technology applies to all functions of the high-light, sophisticated headlamps introduced by GV80. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240328561793/en/ Headlamps of GV80, a luxury SUV of Genesis, with Seoul Semiconductor’s WICOP technology applied (Photo: Seoul Semiconductor Co., Ltd.) Seoul Semiconductor applied its new technology of Ultra-High Luminance “WICOP UHL” to the high and low beams of GV80, the two lines that symbolize Genesis vehicles. With its improved luminance by 200% compared to existing mass-produced WICOP products, WICOP UHL is attracting the attention of the automo

Crown Bioscience Announces New Preclinical and Translational Oncology Data Across Ten Poster Presentations at AACR 202428.3.2024 13:30:00 CET | Press release

Crown Bioscience, a global contract research organization (CRO) and a JSR Life Sciences company, will showcase significant contributions in preclinical and translational oncology research at the American Association for Cancer Research (AACR) 2024 meeting. Highlighting its latest research, the company will present ten posters covering a broad spectrum of data from the company's R&D program. The data presented will cover a range of innovative techniques in oncology and immuno-oncology drug discovery and development. Posters featured at AACR include: The in-depth Characterization of Acute Myeloid Leukemia Patient-Derived Xenograft (PDX) Models with Hotspot Gene Mutations for Therapeutic Evaluation. The development of an Integrated Pipeline for Immuno-Oncology Drug Testing, using patient-derived tumor organoids with a reconstituted tumor microenvironment and fresh ex vivo patient tissue cultures, aiming to enhance therapeutic evaluation and drug development efficiency with translational p

Philip Morris International Demonstrates Clear Progress Toward Its Purpose as It Releases 2023 Integrated Report28.3.2024 12:38:00 CET | Press release

Philip Morris International Inc. (PMI) (NYSE: PM) today releases its fifth annual Integrated Report, which outlines the company’s ongoing work to advance toward its 2025 Roadmap goals, with the primary focus on addressing the health impacts of the company’s products. The 2023 Integrated Report highlights PMI’s continued expansion of smoke-free alternatives in markets worldwide, as well as social and environmental programs deployed with and in parallel to these products—including the deployment of responsible marketing and sales practices and efforts to reduce post-consumer waste. Further, PMI reports its progress toward fostering an empowered and inclusive workplace, improving the quality of life of people in its supply chain, decarbonizing its operations and value chain, and preserving nature and biodiversity. “2023 was a year marked by unity, determination, and a continued commitment to our vision of a smoke-free future,” said Jacek Olczak, Chief Executive Officer of PMI. “As we enco

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
HiddenA line styled icon from Orion Icon Library.Eye