kathmandu · —
cv ↓ mail ↗ sign the wall ↓

krish shrestha.

systems · networks · kathmandu, nepal

nowreading zabbix triggers / moodmildly caffeinated / wxktm · cool, foggy, 14°

hi, i'm krish. i work on the quiet side of the internet — systems, networks, the small wires behind the ceiling tiles — and i like it best when nothing is on fire and nobody notices.

what i want is simple: a career in systems and networking, built the slow way — by doing real work, breaking real things, and getting a little better at both every week. linux that stays up, networks that route themselves out of trouble, and the quiet discipline of keeping it all running for people who'll never know you did.

krish@kathmandu:~$ whoami krish shrestha, 22, kathmandu. # role.......: systems & network intern, datahub # studying...: bsc (hons) computer networking & it security # building...: luminet — multi-vendor network automation # pets.......: 1 cat, senior sysadmin (see source) # opinions...: strong, about dhcp

what i actually do (roughly in order of how often)

day to day: linux boxes (ubuntu, rocky, the occasional fedora), docker behind apache reverse proxies, zabbix watching everything, fortigate rules and nat, lamp stacks with mysqldump on a cron, nfs and lvm across a small herd of servers.

on the network side: tcp/ip, dns, dhcp, vlans, subnetting, vpn, nat, layer 1 and 2 triage — the kind where you're in a dropped ceiling with a flashlight, reading a label that says "do not remove."

for automation: python, ansible as the glue, django when a web ui earns its keep, git for everything, docker where it helps. the aws side is certified (foundations, architecting, operations, security) and actually getting used on luminet.

security: nmap, wireshark, burp, metasploit, bettercap, volatility 3, mitre att&ck, vapt, dvwa. i think blue-team first but you only get good at it by spending time on the other side of the glass.

monitoring tool of choice: zabbix. also: the tab i keep open "just in case." everyone has one.

things i've built (three worth talking about)03

luminet 2025 — ongoing the main event

a web-based network automation toolkit built with django and ansible, made to simplify and automate network device configuration. a role-based interface (admin / operator / viewer) for vlan creation, access port config, device backup, and config rollback across cisco ios, arista eos, and mikrotik routeros — all simulated in gns3 while it grows up.

ansible playbooks trigger straight from the django backend. every job is logged, config backups are encrypted with fernet (aes-128) and pushed to a github repo, and gmail smtp handles email notifications. approval workflow, task scheduling, real-time notifications, immutable audit log — a small, secure automation platform for educational and small-scale networks.

$ ansible-playbook -i inventory/ vlan-push.yml --limit core-*
PLAY [core-*] **************************************************
TASK [gather vendor facts] .......................... ok
TASK [cisco_ios : create vlan 42] ................... changed
TASK [arista_eos : create vlan 42] .................. changed
TASK [mikrotik_routeros : create vlan 42] ........... changed
TASK [audit : write job record] ..................... ok
PLAY RECAP *****************************************************
core-sw-01   : ok=4  changed=1  rescued=0  failed=0
core-sw-02   : ok=4  changed=1  rescued=0  failed=0
mkt-edge-01  : ok=4  changed=1  rescued=0  failed=0
# 3 switches. 1 vlan. 0 ssh sessions. friday, saved.
memory forensics of fileless malware 2025 · final year volatility 3 doing real work

injected a meterpreter payload into spoolsv.exe in a controlled win10 lab (process hollowing), escalated to NT AUTHORITY\SYSTEM, then pulled the memory image apart with volatility 3 looking for suspicious regions, weird parent-child chains, and a c2 channel quietly chatting over tcp/443.

i also catalogued what the attacker tried to hide: ntfs timestomping, registry hive exfil, cleared event logs, deleted-file recovery via autopsy. ram remembers what disk forgets.

$ vol -f mem.raw windows.malfind
Process     PID   Protection   Tag   Hexdump
spoolsv.exe 1428  PAGE_EXECUTE_READWRITE  Vad   4d 5a 90 00 ..  MZ.....
spoolsv.exe 1428  PAGE_EXECUTE_READWRITE  Vad   50 45 00 00 ..  PE..
# spooler subsystem is not supposed to host a PE. huh.
$ vol -f mem.raw windows.netscan | grep 443
TCPv4  10.0.2.15:49871 → 185.xx.xx.xx:443  ESTABLISHED  spoolsv.exe(1428)
# the spooler does not print things to the internet, friend.
arp spoofing lab 2024 classic, still mean

classic MITM on a flat network: poison the arp table, sit in the middle, collect the plaintext credentials people still send in 2024. then put dynamic arp inspection and a snort IDS in front of it and watch the same attack bounce off.

// turns out "trust" is not a protocol.

where i've been

jan 2026 — now
systems & network trainee · datahub pvt. ltd. docker + apache reverse proxy, zabbix across multiple hosts, fortigate rules and nat, lamp stacks with scheduled mysqldump backups, nfs/lvm across a small fleet.
jul — oct 2025
offensive security intern · inred labs full vapt cycle — recon, scanning, exploitation, reporting. smb / rdp / suid escalation in a lab. osint, cve triage, cvss scoring.
aug — nov 2024
networking & IT support intern · dusit princess nepal vlans and segmentation on a live hotel network. l1/l2 triage at odd hours. packet tracer dry-runs before touching production.
2023 — now
BSc (Hons) computer networking & IT security · islington college / london met kamalpokhari, kathmandu.

how to find me (traceroute-style, fastest first)

1 ▸ email — anything real Krishshrestha768@gmail.com~4 h 2 ▸ github — actual work github.com/krishshrestha~1 d 3 ▸ linkedin — if you must /in/krishshrestha768~2 d 4 ▸ personal site shresthakrish.com.np 5 ▸ in person gokarna, kathmandu · UTC+5:45

sign the wall (one line, anonymous, lives in your browser)

  • a cati walked on this keyboard in 2025. sorry.
  • a strangeri came for the network automation, stayed for the cat.
  • future-youremember to back up the vlan config before tuesday
>