https://nirajkharel.com.np/Vulnerability Assessment, Penetration Testing, HackTheBox, HTB. 2026-01-24T13:11:12+05:45 Niraj Kharel https://nirajkharel.com.np/ Jekyll © 2026 Niraj Kharel /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-01-17T11:55:00+05:45 2026-01-17T11:55:00+05:45 https://nirajkharel.com.np/posts/threat-hunting-basics/ nirajkharel

Threat Hunting Basics Threat hunting is the proactive practice of searching for hidden threats or malicious activity within an organization’s environment, before or sometimes after alerts are triggered. Its main goal is to uncover attacks early, reducing the dwell time, which is the period an adversary remains undetected in the network. Dwell time refers to the period an attacker remains undet...

2025-06-21T11:55:00+05:45 2025-06-21T11:55:00+05:45 https://nirajkharel.com.np/posts/queueuserpac-early-bird-apc-injection/ nirajkharel

I have already discussed about Early Bird APC Injection using QueueUserAPC method on this blog. On a high level, with respect to the old method, we start by creating a suspended process example Notepad.exe, which pauses its execution. This lets us get a handle to the process and its threads. We then allocate memory using VirtualAlloc and inject our shellcode with WriteProcessMemory. Instead of ...

2025-06-01T11:55:00+05:45 2025-06-01T11:55:00+05:45 https://nirajkharel.com.np/posts/payload-encryption-staging/ nirajkharel

In the previous blog, we discussed how to get around Windows Defender by using payload obfuscation. This time, we’ll go over how to get the beacon into our sliver C2 undetected by using shellcode staging together with shellcode encryption. As background, we will listen for a connection on the C2 server, use msfvenom to build a shellcode, use hellshell to encrypt the shellcode using AES, and t...

2025-05-24T11:55:00+05:45 2025-05-24T11:55:00+05:45 https://nirajkharel.com.np/posts/payload-encryption-and-obfuscation/ nirajkharel

Shellcode We have already discussed about process injection using shellcode which pretty much explains about why and how to use it. Giving the background again, shellcode is just a collection of instructions within the Windows system which executes the command in order to take control or generate a reverse shell connection to an attacker’s machine. Below is a simple example of generating a Win...

2025-01-05T11:55:00+05:45 2025-01-05T11:55:00+05:45 https://nirajkharel.com.np/posts/android-bug-bounty/ nirajkharel

Last month, I discovered a couple of issues related to Exported Activities and Intent Injections. These vulnerabilities were either unreported or reported in a manner that underestimated their impact, often categorising them as low severity or informational. In this blog, I aim to share insights into one of the methods for identifying such issues and strategies to escalate their impact to High...