When Home Isn't Safe: Detecting Malicious Networks Hidden Behind Residential Proxies
Duong Dinh
BSides Seattle 2026 · Day 1 · Track 1
A software engineer who runs a small SaaS company delivered a practitioner-focused talk on the challenge of detecting malicious traffic originating from residential proxy networks. The talk was motivated by firsthand experience: the speaker discovered a threat actor performing credit card shuffling against his subscription service, using the same email across dozens of stolen credit cards but routing traffic through residential IPs to avoid detection.
AI review
A refreshingly honest talk from a practitioner wrestling with a genuinely hard detection problem. The JA4+ TCP fingerprinting and MSS analysis for residential proxy detection is technically sound, and the eBPF-based inspection approach shows promise. The speaker's willingness to admit limitations (60% detection rate, bricked routing table, incomplete eBPF understanding) lends more credibility than overclaiming would. This is early-stage applied research with a clear path forward.