{"@attributes":{"version":"2.0"},"channel":{"title":"Ruebezahl's Dwellings on R9295's blog","link":"https:\/\/R9295.github.io\/","description":"Recent content in Ruebezahl's Dwellings on R9295's blog","generator":"Hugo -- gohugo.io","language":"en","lastBuildDate":"Tue, 11 Jan 2022 00:00:00 +0000","item":[{"title":"Differential Fuzzing Across The Language Divide","link":"https:\/\/R9295.github.io\/posts\/differential-fuzzing-accross-languages\/","pubDate":"Wed, 17 Dec 2025 12:55:13 +0100","guid":"https:\/\/R9295.github.io\/posts\/differential-fuzzing-accross-languages\/","description":"TLDR: This article is an exploration of integrating three different languages to perform coverage guided, in-process differential fuzzing using LibAFL. Three approaches are attemped: Invoking as a command, embedding the interpreter and shared memory.\nDifferential fuzzing is one of the most exciting forms of fuzzing. The essence is to test competing implementations of a library or an application with the same test input, with the hope of finding a difference in the execution outcome."},{"title":"About","link":"https:\/\/R9295.github.io\/about\/","pubDate":"Wed, 17 Dec 2025 00:00:00 +0000","guid":"https:\/\/R9295.github.io\/about\/","description":"Hello all, I am Aarnav, a security engineer. I primarily work on fuzzing. This includes building fuzzers, associated tooling and fuzzing harnesses for targets.\nFuzzers Here are the fuzzers I've built Autarkie link Autarkie is a native grammar fuzzer built in Rust. Using procedural macros, it automatically creates a grammar fuzzer based on any Rust data structure. Autarkie is heavily inspired by nautilus.\nlibafl-fuzz link libafl-fuzz is an work-in-progress re-write of AFL++'s afl-fuzz with LibAFL."},{"title":"Mitigating Install Time Supply Chain Attacks in Python.","link":"https:\/\/R9295.github.io\/posts\/python_install_time\/","pubDate":"Thu, 15 Jun 2023 00:00:00 +0000","guid":"https:\/\/R9295.github.io\/posts\/python_install_time\/","description":"Several supply chain attacks, notably in the Python and Javascript ecosystem, exploit install time hooks to perform malicious activity 1 2. Install time hooks allow running arbitray code before or after package installation. Since attacks utilizing install time hooks do not involve developers actually using the package, it makes them an attractive method for attackers. The most common behaviour observed in known supply chain attacks is data exflitration 1 2.. Common targets include ssh keys, passwords, dotfiles, environment variables etc."},{"title":"Build a Generative MIDI sequencer in Go","link":"https:\/\/R9295.github.io\/posts\/midi_sequencer_go\/","pubDate":"Sat, 18 Jun 2022 00:00:00 +0000","guid":"https:\/\/R9295.github.io\/posts\/midi_sequencer_go\/","description":"Introduction Generative music is always fun and engaging, so I decided to build a simple MIDI sequencer to mess around. In this project, the sequencer sends a random note within a given octave every quarter bar (4\/4) Because it’s so simple, the code provided will be very easy to extend as you please. See Bonus\nSetup project $ mkdir gen_seq $ cd gen_seq $ go mod init Sequencer $ touch main."}]}}