Date & Time: Saturday, November 14, 2020 at 11:30am EST, Red Track
Location: Virtual
Speaker: Jon Williams
Date & Time: Saturday, November 14, 2020 at 11:30am EST, Red Track
Location: Virtual
Speaker: Jon Williams
Bishop Fox Operator Jon Williams will be virtually presenting "What You Can't See CAN Hurt You: SonarQube Privilege Escalation via Hidden API Calls" at the 7th annual BSides Connecticut conference. BSides is a community-driven framework used to build events for and by information security community members, events where individuals have opportunities to both present and participate in an intimate atmosphere that encourages collaboration.
SonarQube is a source code static analyzer that is commonly used by developers and frequently left exposed. After gaining access to the application through a vulnerability or default credentials, you may not see any options for pivoting into the host environment. A thorough review of the API, however, reveals hidden commands that can be abused for arbitrary code execution and backdoor access. Learn how to exploit this attack chain and add another trick to your arsenal!
Please get in touch with our Speaker Bureau program manager, Virginie Jenck. Please email her at contact@bishopfox.com
8240 S. Kyrene Rd.
Suite A113
Tempe, AZ
85284
United States