Proxy managed by enterprise? No problem! Abusing PAC and the registry to get burpin’

As penetration testers, we sometimes have to perform web application security assessments from our customer's computers instead of our beloved machines. When this happens, we can face different challenges in order to have a working test setup. We will most probably have very limited permissions, which can block us from installing applications or modifying proxy … Continue reading Proxy managed by enterprise? No problem! Abusing PAC and the registry to get burpin’