I didn't announce this here before, so:
I used HTTP headers to cause Tor onion sites to resolve attacker supplied hostnames to get them to leak DNS, with the potential for deanonymization and uncovered (or rediscovered) a ring of dodgy sites offering fake services in the process.
Example code to do this yourself is supplied in the write-up.
Featherduster is a cool cryptanalysis tool and library that I didn’t know existed and would have saved me a good bit of work if I had.
My mind is still blown that my birdsite account was one of the “few dozen” targeted by Saudi’s birdsite insider https://www.nytimes.com/2018/10/20/us/politics/saudi-image-campaign-twitter.html
Flight-sim devs say hidden password-dump tool was used to fight pirates
Installer ran a "Chrome Password Dump" tool on copies suspected of piracy.
security, privacy, anonymity.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!