Author here. Starkiller got my attention this week — Abnormal AI's disclosure of a PhaaS platform that proxies real login pages instead of cloning them. I wrote a technical breakdown of the AitM flow, why traditional defences (including MFA) fail, and concrete detection strategies including TLS fingerprinting. I also released ja3-probe, a zero-dependency Rust PoC that parses TLS ClientHello messages and classifies clients against known headless browser / proxy fingerprints.