Find tomorrow’s vulnerabilities today!

Background Image

NEWS

May 21, 2024
Using power side channel for fuzzing coverage
X41 explores using power side channels for fuzzing coverage guidance.
April 09, 2024
Chilkat PRNG Vulnerability Impact on E2EE Messenger ginlo
A proof of concept for how the vulnerability in Chilkat's PRNG impacted an app using it.
April 03, 2024
Advisory X41-2024-001: Weak Chilkat PRNG
The Chilkat library generated secret key material using a pseudorandom number generator not designed for cryptographic purposes. Attackers observing a sufficient number of outputs can recover past and future outputs of it. This includes, for example, key material generated with it, allowing attackers to decrypt or alter data protected by the key material.
Background Image

SERVICES

We help you handle vulnerabilities in products you use or develop. Beyond identifying individual vulnerabilities, X41 shows you how to improve your products and infrastructure in design and make it resilient even against future threats.

We take care of vendor contacts and work out the technical details with security researchers and developers to do vulnerability reporting.

Our process for finding vulnerabilities and getting them fixed is based on years of experience in uncovering vulnerabilities.

Background Image

PARTNERS

CUSTOMERS

Public Audits

Some of our customers love transparency and publish the results of security audits together with X41. This helps them to show that they actually care about security and aim to improve the robustness of their software and lets the user base of these applications verify that security is not just an empty claim.

2024

Source Code Audit of BIND9 for ISC

2023

Source Code Audit of libjpeg-turbo for the Open Source Technology Improvement Fund (OSTIF)
Source Code Audit of Go TUF for the Open Source Technology Improvement Fund (OSTIF)
Source Code Audit of in-toto for the Open Source Technology Improvement Fund (OSTIF)
Source Code Audit of c-ares for the Open Source Technology Improvement Fund (OSTIF)
Source Code Audit of libcap for the Open Source Technology Improvement Fund (OSTIF)
Source Code Audit of simplejson for the Open Source Technology Improvement Fund (OSTIF)

2022

Source Code Audit of Git for the Open Source Technology Improvement Fund (OSTIF)
Source Code Audit of The Update Framework for the Open Source Technology Improvement Fund (OSTIF)
Penetration Test on Backstage for the Backstage team

2021

Source Code Review of Selected Options Vault Contracts for Thetanuts.Finance

2019

Unbound DNS Server
Monero RandomX

2018

Mozilla Balrog
theQRL
Wire Secure Messenger (Android)
Wire Secure Messenger (Web - Calling)
Wire Secure Messenger (iOS)

2017

Wire Secure Messenger (Proteus)

Whitepaper

Custom security research and analysis of attack surface and technical mitigations enables our customers to go beyond the constant cycle of finding security issues in their software or infrastructure.
One such example is the Browser Whitepaper that X41 created for Google. X41 covers the differences in security design, implementation and user interface of the Google Chrome, Microsoft Edge and Internet Explorer browsers.