diff --git a/README.md b/README.md
index 8be4649..5b8e90b 100644
--- a/README.md
+++ b/README.md
@@ -100,3 +100,11 @@ service should be publicly visible under the domain
 through the TOR network about every 10 seconds. If you
 used the `http.server` example, a directory listing should
 be visible on that domain.
+
+## Some Related Work
+
+[We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9581198)
+
+[Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor](https://www.usenix.org/system/files/sec19-jansen.pdf)
+
+[TagIt: Tagging Network Flows using Blind Fingerprints](https://petsymposium.org/popets/2017/popets-2017-0050.pdf)
\ No newline at end of file
diff --git a/experiment-infra/guard/Dockerfile b/experiment-infra/guard/Dockerfile
new file mode 100644
index 0000000..8c63871
--- /dev/null
+++ b/experiment-infra/guard/Dockerfile
@@ -0,0 +1,4 @@
+FROM debian:bookworm
+RUN apt update && apt -y install tor
+COPY ./torrc /etc/tor/torrc
+CMD [ "tor" ]
\ No newline at end of file
diff --git a/experiment-infra/guard/docker-compose.yml b/experiment-infra/guard/docker-compose.yml
new file mode 100644
index 0000000..adc875c
--- /dev/null
+++ b/experiment-infra/guard/docker-compose.yml
@@ -0,0 +1,17 @@
+services:
+  wireguard:
+    build: ../wireguard
+    cap_add:
+      - NET_ADMIN
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    secrets:
+      - wg-config
+  
+  guard:
+    build: ./
+    network_mode: "service:wireguard"
+
+secrets:
+  wg-config:
+    file: ./wireguard.conf
diff --git a/experiment-infra/guard/torrc b/experiment-infra/guard/torrc
new file mode 100644
index 0000000..e7cbb42
--- /dev/null
+++ b/experiment-infra/guard/torrc
@@ -0,0 +1,8 @@
+AssumeReachable 1
+PublishServerDescriptor 0
+ORPort 10.2.0.3:443
+Nickname localtestrelay
+RelayBandwidthRate 1 MB
+RelayBandwidthBurst 2 MB
+# ORPort 10.2.0.3:443 NoAdvertise
+# Address 10.2.0.3
diff --git a/experiment-infra/guard/wireguard.conf b/experiment-infra/guard/wireguard.conf
new file mode 100644
index 0000000..61d7b82
--- /dev/null
+++ b/experiment-infra/guard/wireguard.conf
@@ -0,0 +1,10 @@
+[Interface]
+Address = 10.2.0.3/24
+PrivateKey = <censored>
+MTU = 1000
+
+[Peer]
+PublicKey = <censored>
+AllowedIps = 10.2.0.0/24
+Endpoint = vanrissenbeck.com:41415
+PersistentKeepalive = 10
\ No newline at end of file
diff --git a/experiment-infra/proxy/Dockerfile b/experiment-infra/proxy/Dockerfile
new file mode 100644
index 0000000..613a513
--- /dev/null
+++ b/experiment-infra/proxy/Dockerfile
@@ -0,0 +1,7 @@
+FROM alpine:latest
+RUN apk add openssh
+RUN ssh-keygen -A && \
+    sed -i 's/GatewayPorts no/GatewayPorts yes/' /etc/ssh/sshd_config && \
+    sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/' /etc/ssh/sshd_config && \
+    printf "<censored>\n<censored>\n" | adduser anon
+CMD [ "/usr/sbin/sshd", "-D" ]
\ No newline at end of file
diff --git a/experiment-infra/proxy/docker-compose.yml b/experiment-infra/proxy/docker-compose.yml
new file mode 100644
index 0000000..10d0584
--- /dev/null
+++ b/experiment-infra/proxy/docker-compose.yml
@@ -0,0 +1,19 @@
+services:
+  wireguard:
+    build: ../wireguard
+    cap_add:
+      - NET_ADMIN
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    secrets:
+      - wg-config
+    ports:
+      - 2222:22
+  
+  proxy:
+    build: ./
+    network_mode: "service:wireguard"
+
+secrets:
+  wg-config:
+    file: ./wireguard.conf
\ No newline at end of file
diff --git a/experiment-infra/proxy/wireguard.conf b/experiment-infra/proxy/wireguard.conf
new file mode 100644
index 0000000..38521d3
--- /dev/null
+++ b/experiment-infra/proxy/wireguard.conf
@@ -0,0 +1,10 @@
+[Interface]
+Address = 10.2.0.4/24
+PrivateKey = <censored>
+MTU = 1000
+
+[Peer]
+PublicKey = <censored>
+AllowedIps = 10.2.0.0/24
+Endpoint = vanrissenbeck.com:41415
+PersistentKeepalive = 10
\ No newline at end of file
diff --git a/experiment-infra/victim/Dockerfile b/experiment-infra/victim/Dockerfile
new file mode 100644
index 0000000..861c92b
--- /dev/null
+++ b/experiment-infra/victim/Dockerfile
@@ -0,0 +1,8 @@
+FROM debian:bookworm
+RUN apt update && apt -y install tor curl wireguard-tools
+COPY ./torrc /etc/tor/torrc
+COPY --chmod=700 ./entrypoint.sh /entrypoint.sh
+COPY --chmod=700 ./script.sh /script.sh
+ENV TARGET="https://rsca.vanrissenbeck.com"
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD [ "/script.sh" ]
\ No newline at end of file
diff --git a/experiment-infra/victim/docker-compose.yml b/experiment-infra/victim/docker-compose.yml
new file mode 100644
index 0000000..93afc18
--- /dev/null
+++ b/experiment-infra/victim/docker-compose.yml
@@ -0,0 +1,17 @@
+services:
+  wireguard:
+    build: ../wireguard
+    cap_add:
+      - NET_ADMIN
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    secrets:
+      - wg-config
+
+  victim:
+    build: ./
+    network_mode: "service:wireguard"
+
+secrets:
+  wg-config:
+    file: ./wireguard.conf
\ No newline at end of file
diff --git a/experiment-infra/victim/entrypoint.sh b/experiment-infra/victim/entrypoint.sh
new file mode 100644
index 0000000..8866389
--- /dev/null
+++ b/experiment-infra/victim/entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+tor &
+exec "$@"
\ No newline at end of file
diff --git a/experiment-infra/victim/script.sh b/experiment-infra/victim/script.sh
new file mode 100644
index 0000000..f4f154e
--- /dev/null
+++ b/experiment-infra/victim/script.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+while [ true ];
+do
+    printf "Fetching from $TARGET."
+    curl --silent --socks5 127.0.0.1:9050 $TARGET > /dev/null;
+    echo " Ok."
+    sleep 10;
+done;
\ No newline at end of file
diff --git a/experiment-infra/victim/torrc b/experiment-infra/victim/torrc
new file mode 100644
index 0000000..6af96e0
--- /dev/null
+++ b/experiment-infra/victim/torrc
@@ -0,0 +1,3 @@
+Bridge 10.2.0.3:443
+UseBridges 1
+StrictNodes 1
\ No newline at end of file
diff --git a/experiment-infra/victim/wireguard.conf b/experiment-infra/victim/wireguard.conf
new file mode 100644
index 0000000..c37bae8
--- /dev/null
+++ b/experiment-infra/victim/wireguard.conf
@@ -0,0 +1,10 @@
+[Interface]
+Address = 10.2.0.2/24
+PrivateKey = <censored>
+MTU = 1000
+
+[Peer]
+PublicKey = <censored>
+AllowedIps = 10.2.0.0/24
+Endpoint = vanrissenbeck.com:41415
+PersistentKeepalive = 10
diff --git a/experiment-infra/wireguard/Dockerfile b/experiment-infra/wireguard/Dockerfile
new file mode 100644
index 0000000..770d5c0
--- /dev/null
+++ b/experiment-infra/wireguard/Dockerfile
@@ -0,0 +1,5 @@
+FROM alpine:latest
+RUN apk add wireguard-tools iptables
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+CMD [ "/entrypoint.sh" ]
diff --git a/experiment-infra/wireguard/entrypoint.sh b/experiment-infra/wireguard/entrypoint.sh
new file mode 100644
index 0000000..7e4a2b4
--- /dev/null
+++ b/experiment-infra/wireguard/entrypoint.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+## Hack to prevent wg-quick from failing when attempting
+## to change the net.ipv4.conf.all.src_valid_mark sysctl.
+## This sysctl is set by docker compose instead, making
+## the call unneccessary anyways.
+
+rm /sbin/sysctl
+printf "#!/bin/sh\ntrue \$@\n" > /sbin/sysctl
+chmod +x /sbin/sysctl
+
+cp /run/secrets/wg-config /etc/wireguard/wg0.conf
+wg-quick up wg0
+exec sleep infinite
\ No newline at end of file