Our research

This research highlights internal domain name collisions caused by SoftLayer’s use of unregistered .cloud TLDs, resulting in data leaks and NTLM hash exposures..

We presented real-world findings from our research on internal domain name collisions, including leaked traffic, and shared the challenges we faced during the disclosure process.

This talk covered the technical and operational risks of internal domain name collisions, including several real-world examples uncovered during our year-long research. It also highlighted the challenges encountered while disclosing our findings to affected vendors and organizations.

Seralys discovered a leaked API key from an xAI developer that granted access to xAI, SpaceX, and Tesla internal LLMs.

While researching DNS misconfigurations, we identified a critical issue in Mastercard’s infrastructure. The misconfigured domain went unnoticed and remained exploitable for years, raising concerns about systemic DNS hygiene.

Presented in Luxembourg, this talk shared our preliminary findings on internal domain name collisions, focusing on how unregistered domains under newly delegated TLDs can lead to data leaks, authentication attempts, and traffic exposure.

Seralys discovered a leaked API key from an xAI developer that granted access to xAI, SpaceX, and Tesla internal LLMs.