Our research
At Seralys, we investigate emerging threats, uncover overlooked vulnerabilities, and contribute practical knowledge to the security community. Our team actively engages in original security research—from DNS misconfigurations to cloud and web vulnerabilities—with the goal of sharing actionable insights and improving digital defenses.
-
Internal Domain Name Collision at IBM Cloud exposes NTLM hashes and more
DNS Domain Collision WPAD CriticalThis research highlights internal domain name collisions at IBM Cloud caused by using unregistered .cloud TLDs for internal FQDNs, resulting in unintended data leaks and potential exploitation. We identified multiple internal hostnames, purchased the affected domains, and observed significant traffic leaks, proxy configurations, and internal network disclosures.
20 May 2025