Explore the vulnerabilities of HTTPS connections through malicious Proxy AutoConfiguration (PAC) resources in this Black Hat conference talk. Delve into how seemingly secure HTTPS traffic can be compromised, even when browsing HSTS sites or using "Force TLS/SSL" browser extensions. Learn about the concept of "PAC Malware" and its capabilities, including two-way communication channels, contextual phishing, denial-of-service options, and sensitive data extraction from URIs. Examine a comprehensive browser PAC feature matrix and understand the cross-platform and cross-browser implications of this threat. Discover potential remediation strategies and secure PAC implementations to protect against these vulnerabilities.