aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript

Minimalist · Dec 18, 2017

Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be explained with “it seemed like a good idea at the time”. In the personal view of some of the authors of this post, WPAD (“Web Proxy Auto Discovery Protocol” - and more specifically “Proxy Auto-Config”), is one of these oddities.
Click to expand...

https://googleprojectzero.blogspot.co.at/2017/12/apacolypse-now-exploiting-windows-10-in_18.html

emmjay · Dec 18, 2017

@Minimalist. Tnx for posting this. A very in-depth technical article.

I decided to do the registry hack.

... completely disable the WinHttpAutoProxySvc service ... via the corresponding registry entry.

Under “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc” change the value of “Start” from 3 (manual) to 4 (disabled).

Minimalist · Dec 18, 2017

You're welcome. Yes, Project Zero usually posts interesting articles on their blog.

itman · Dec 18, 2017

Log in or Sign up

aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript

Minimalist Registered Member

emmjay Registered Member

Minimalist Registered Member

itman Registered Member

Log in or Sign up

aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript

Minimalist Registered Member

emmjay Registered Member

Minimalist Registered Member

itman Registered Member

Useful Searches