Understand how Red Teaming can be your ultimate strategic "Sanity Check" Register now ›

Jon Williams to Present What You Can't See CAN Hurt You at BSides Connecticut

Past Event
Illustration of cassette tape representing B for b sides connecticut

Bishop Fox Operator Jon Williams will be virtually presenting "What You Can't See CAN Hurt You: SonarQube Privilege Escalation via Hidden API Calls" at the 7th annual BSides Connecticut conference. BSides is a community-driven framework used to build events for and by information security community members, events where individuals have opportunities to both present and participate in an intimate atmosphere that encourages collaboration.

View the presentation here


SonarQube is a source code static analyzer that is commonly used by developers and frequently left exposed. After gaining access to the application through a vulnerability or default credentials, you may not see any options for pivoting into the host environment. A thorough review of the API, however, reveals hidden commands that can be abused for arbitrary code execution and backdoor access. Learn how to exploit this attack chain and add another trick to your arsenal!

Jon williams headshot

About the speaker, Jon Williams


Jon is an Operator at Bishop Fox, where he contributes to Cosmos (formerly known as CAST) managed security service. He holds CISSP and PenTest+ certifications and has been an organizer for the BSides CT security conference for the last several years. Jon has presented talks and written articles about his security research on various subjects, including enterprise wireless network attacks, bypassing network access controls, and malware reverse engineering.

More by Jon

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.