Page 2 of 6 for Research Blog - Page 2 | X41 D-Sec - Penetration Tests and Source Code Audits

April 03, 2024

Advisory X41-2024-001: Weak Chilkat PRNG

The Chilkat library generated secret key material using a pseudorandom number generator not designed for cryptographic purposes. Attackers observing a sufficient number of outputs can recover past and future outputs of it. This includes, for example, key material generated with it, allowing attackers to decrypt or alter data protected by the key material.

April 01, 2024

X41 announces first product

X41 announces the companys first product - A CVSS calculator that scales!

February 13, 2024

X41 Source Code Audit of ISC BIND 9

X41 releases the code audit report of BIND 9

November 09, 2023

X41 Audited Rust-VMM

X41 reviewed Rust-VMM

September 21, 2023

Advisory X41-2023-001: Two Vulnerabilities in OPNsense

Yasar Klawohn and JM of X41 discovered multiple vulnerabilities in OPNsense

September 18, 2023

X41 Reviewed OpenSearch

X41 releases the code review report of OpenSearch

August 16, 2023

X41 Reviewed and Improved Envoy Fuzzers

X41 reviewed the fuzzers employed to exercise the code base of Envoy

July 12, 2023

X41 Audited libjpeg-turbo

X41 releases the audit report of libjpeg-turbo

June 07, 2023

X41 Audited Go TUF

X41 releases the audit report of Go TUF

May 26, 2023

X41 Audited in-toto

X41 releases the audit report of in-toto

May 25, 2023

X41 Audited c-ares

X41 releases the audit report of c-ares

May 15, 2023

X41 Audited libcap

X41 releases the audit report of libcap

April 26, 2023

X41 Audited simplejson

X41 releases the audit report of simplejson

January 17, 2023

X41 Audited Git

X41 releases the audit report of Git

October 26, 2022

X41 Audited The Update Framework (TUF)

X41 releases the audit report of The Update Framework.

August 30, 2022

X41 Audited Backstage

X41 finished auditing the Backstage platform and releases the resulting report.

June 28, 2022

AnyZone - Delegated zones for every IP

AnyZone lets you easily get a delegated zone for testing purposes without touching zone files

June 14, 2022

Wrapping up Unikernel Security Research

As part of his master thesis Leonard Rapp analyzed the security of various popular unikernels. This blogpost is the last one in the unikernel series. It discusses some of the findings and draws a conclusion.

May 18, 2022

Missing or Weak Mitigations in Various Unikernels

Several security weaknesses and missing mitigations were discovered in various unikernel systems

March 31, 2022

Critical Vulnerabilities in Spring and Spring Cloud Function That Will Probably Make This Weekend Less Fun - Analysis and Overview

The popular Java Spring framework may be affected by multiple remote code execution (RCE) vulnerabilities.

NEWS > Research Blog