Our research
At Seralys, we investigate emerging threats, uncover overlooked vulnerabilities, and contribute practical knowledge to the security community. Our team actively engages in original security research—from DNS misconfigurations to cloud and web vulnerabilities—with the goal of sharing actionable insights and improving digital defenses.
-
Unauthorized admin access (and more) in KACE SMA
0 day Red Teaming KACE SMA CVEDuring a recent red team engagement, we uncovered multiple 0day vulnerabilities in Quest KACE SMA, including unauthorized admin access that ultimately led to remote code execution and full infrastructure compromise. This article provides a deep dive into the discovery process, technical details, and exploitation paths behind four CVEs (one of which carries a CVSS score of 10.0 !)
July 2025 -
The Cyber Security Recruiter Podcast
0 day Red Teaming KACE SMA CVEWe will be joining Thomas Richards on The Cyber Security Recruiter Podcast to talk about what it really takes to become a (good) penetration tester. From skills and mindset to lessons learned in the field. A candid discussion about careers in offensive security.
July 2025 -
How a small DNS typo became a global traffic sinkhole after someone forgot the 't' in net
DNS Domain Misconfiguration Cache Poisoning CriticalA small typo in a DNS configuration resulted in significant global traffic to be directed to our controlled domain. This exposed potential for widespread cache poisoning, traffic interception, and sensitive information exposure. Multiple large enterprises were affected, emphasizing the importance of meticulous DNS management
August 2025