Seralys

Our Research

At Seralys, we actively contribute to the security community through original research. Our work focuses on uncovering overlooked risks, often tied to real-world attack paths we encounter during red team and penetration testing engagements. From domain name collisions to cloud misconfigurations and critical 0days, we share findings that help improve awareness, drive remediation, and strengthen defenses across the industry.

Published Security Research Upcoming Contributions

  • Unauthorized admin access (and more) in KACE SMA

    0 day Red Teaming Vulnerability Research RCE

    Get ready for our deep dive into the critical 0day vulnerabilities we uncovered in Quest KACE SMA during a recent red team engagement. This upcoming article will detail how we achieved unauthorized admin access, leading to remote code execution and full infrastructure compromise, including the technical specifics and exploitation paths for four new CVEs – one with a perfect CVSS 10.0 score!

    July, 2025

  • The Cyber Security Recruiter Podcast

    Podcast Offensive Security Penetration Testing Career Advice

    We will be joining Thomas Richards on The Cyber Security Recruiter Podcast to talk about what it really takes to become a (good) penetration tester. From skills and mindset to lessons learned in the field. A candid discussion about careers in offensive security.

    July, 2025

  • How a small DNS typo became a global traffic sinkhole

    Network Security Traffic Interception Cache Poisoning DNS Misconfiguration

    Discover how a seemingly minor DNS typo escalated into a global traffic sinkhole, inadvertently directing significant traffic to our controlled domain. This upcoming research highlights the widespread potential for cache poisoning, traffic interception, and sensitive information exposure, affecting multiple large enterprises and underscoring the critical need for meticulous DNS hygiene.

    August, 2025