Jon Williams to Present What You Can't See CAN Hurt You at BSides Connecticut

Date & Time: Saturday, November 14, 2020 at 11:30am EST, Red Track
Location: Virtual
Speaker: Jon Williams

Bishop Fox Operator Jon Williams will be virtually presenting "What You Can't See CAN Hurt You: SonarQube Privilege Escalation via Hidden API Calls" at the 7th annual BSides Connecticut conference. BSides is a community-driven framework used to build events for and by information security community members, events where individuals have opportunities to both present and participate in an intimate atmosphere that encourages collaboration. 

View the presentation here



SonarQube is a source code static analyzer that is commonly used by developers and frequently left exposed. After gaining access to the application through a vulnerability or default credentials, you may not see any options for pivoting into the host environment. A thorough review of the API, however, reveals hidden commands that can be abused for arbitrary code execution and backdoor access. Learn how to exploit this attack chain and add another trick to your arsenal!

Topics:Speaking EngagementsAuthor - Jon Williams


Need a Cybersecurity Expert to Speak at Your Event?

Please get in touch with our Speaker Bureau program manager, Virginie Jenck. Please email her at


Subscribe to Updates