Happy Holidays

The end of the year is approaching and we at X41 wish you happy holidays!

We started the year and wrapped up 2018 by releasing an advisory for UA-Parser.

X41 Beanstack

This was quickly followed by the public release of X41 BeanStack, which allows you to extract additional information from Java stacktraces. X41 enriches the version information with CVE data, so you can quickly spot vulnerabilities. Since repetitive, manual work is boring, a Burp plugin is available as well.

Mozilla Thunderbird

In June we released three advisories for Mozilla Thunderbird. These covered several heap- and stack-based buffer overflows that could be triggered via malicious calendar invites as well as a type confusion.

Conferences

We slowed down a bit with respect to public conferences this year, but we had a blast presenting at BSides Stuttgart about X41 BeanStack and Kernel Fuzzing in Userspace. As always we enjoyed hack.lu and were a sponsor for the BSides Luxembourg that followed. Our giveaway made a lasting impression.

Medical Targets

We teamed up with the Medical Tribune to have a look at a typical medical examiner’s office and are now scared to go to the doctor. We have more results in the pipeline regarding medical software, so stay tuned.

Unbound DNS

An interesting public project we did this year was the audit of the Unbound DNS server. This was kindly sponsored by great folks at OSTIF. The results are online and patched.

About X41 D-Sec GmbH

X41 D-Sec GmbH is an expert provider of application security services. With extensive experience and expertise in the information security industry and a strong core security team of world-class experts, X41 can provide premium security services. Their fields of expertise in the area of application security are security-centric code reviews, binary reverse engineering, and vulnerability discovery. Custom research and IT security consulting and support services are the core competencies of X41.

Author: Eric Sesterhenn
Date: December 16, 2019