Find tomorrow’s vulnerabilities today!

Background Image


Telenot Complex: Insecure AES Key Generation
CVE-2021-34600: How predictable random numbers (literally) open the door for attackers: Our discovery of a flaw in the generation of AES keys, used for both physical and remote access, in a popular alarm system's parameterization software. Includes a proof-of-concept for cloning NFC tags!
Telenot complex: Insecure AES Key Generation
The compasX parameterization software for complex alarm systems generated the AES keys used for both physical access control (via NFC tags) and remote management in an insecure fashion.
RustyHermit Missing Memory Protections
The research unikernel RustyHermit lacks of several memory protection mechanisms which significantly ease attacks on vulnerable applications
Background Image


We help you handle vulnerabilities in products you use or develop. Beyond identifying individual vulnerabilities, X41 shows you how to improve your products and infrastructure in design and make it resilient even against future threats.

We take care of vendor contacts and work out the technical details with security researchers and developers to do vulnerability reporting.

Our process for finding vulnerabilities and getting them fixed is based on years of experience in uncovering vulnerabilities.

Background Image


Public Audits

Some of our customers love transparency and publish the results of security audits together with X41. This helps them to show that they actually care about security and aim to improve the robustness of their software and lets the user base of these applications verify that security is not just an empty claim.


Unbound DNS Server
Monero RandomX


Mozilla Balrog
Wire Secure Messenger (Android)
Wire Secure Messenger (Web - Calling)
Wire Secure Messenger (iOS)


Wire Secure Messenger (Proteus)


Custom security research and analysis of attack surface and technical mitigations enables our customers to go beyond the constant cycle of finding security issues in their software or infrastructure.
One such example is the Browser Whitepaper that X41 created for Google. X41 covers the differences in security design, implementation and user interface of the Google Chrome, Microsoft Edge and Internet Explorer browsers.