X41 D-Sec GmbH

We are a renowned expert provider for dedicated high quality security research, application security services, penetration tests, and full red teaming. Having extensive industry experience and expertise in the field of IT security, a highly effective security team of world class security experts enables X41 to perform premium security services.

Fields of expertise in the area of application security are code reviews, binary reverse engineering, and vulnerability discovery. Custom research and high quality IT security services are core competencies of X41

About Us     News     Browser White Paper

About X41

Our Philosophy

  • Lock

    Making you safer

    Finding Vulnerabilities Before Others do.

    We are experts in security testing. We enable you to make your products and infrastructure safe and sound.

  • Pencil


    Be Secure by Design.

    Secure design is the base of quality products and systems. Rely on our expertise in security design.

  • Rocket


    Show investors you live up to their trust.

    Believing in start-up-culture we care for them! We help you gaining an advantage.

  • Our


What we do.




We have the expertise in code reviewing, red teaming and penetration testing, and security design reviews of a wide variety of products. Finding defects will improve the quality of your products.

Vulnerability Management


We help you handle vulnerabilities in products you use or develop. We take care of vendor contacts and work out the technical details with security researchers and developers to do vulnerability reporting in a professional way. Years of experience in uncovering vulnerabilities created an expert process in getting vulnerabilities fixed.


  • Application Security (APPSEC)
  • Mobile Security
  • Embedded Security
  • Network Security
  • Cloud Security


Selected Customers and Partners


Advisory X41-2021-001: Multiple Vulnerabilities in YARA

Luis Merino of X41 discovered multiple vulnerabilities in YARA Read more

Microsoft Exchange Remote Code Execution - CVE-2020-16875

The patch for CVE-2020-16875 in Microsoft Exchange can bypassed to gain remote code execution again. Read more

Pro-bono Pentests for COVID-19-related Apps & Software

COVID-19 pro-bono program finished Read more

X41 - Security Research Lab

Serious research requires serious expertise.

Advisory X41-2021-001: Multiple Vulnerabilities in YARA Microsoft Exchange Remote Code Execution - CVE-2020-16875 Decompressing Xamarin DLLs bspatch strikes back Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch Advisory X41-2020-002: Multiple Vulnerabilities in Psyprax Vulnerabilities and Coordinated Disclosure Advisory X41-2019-008: Vulnerable Components used by Cerner medico Advisory X41-2019-007: Cleartext Credentials in GeDoWin Geburt Advisory X41-2020-004: Multiple Vulnerabilities in Medical Office Advisory X41-2020-003: Multiple Vulnerabilities in Epikur Advisory X41-2020-005: Insufficient Password Protection in Smarty Advisory X41-2020-001: DLL Sideloading Vulnerability in Hasomed Elefant 20.01.01 Installer X41 finished Unbound DNS Server Audit X41 finds Shell Injection in Unbound ipsecmod X41 Teams up With Medical Tribune to Check the Security of Medical Practices in Germany Advisory X41-2019-004: Type confusion in Thunderbird Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird X41 BeanStack - Java Fingerprinting Database Advisory X41-2018-009: DoS Vulnerability in UA-Parser Happy Holidays Firefox Updates Researching The FAX Machine Attack Surface Advisory X41-2018-008: Multiple Vulnerabilities in hylafax Advisory X41-2018-007: Multiple Vulnerabilities in mgetty In Soviet Russia Smartcard Hacks You Advisory X41-2018-005: Multiple Vulnerabilities in smartcardservices Advisory X41-2018-004: Off-by-one zero write in libykneomgr Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11 Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC Advisory X41-2018-001: Multiple Vulnerabilities in Yubico-Piv Advisory X41-2017-009: Remote command execution in Shadowsocks auto-ss Advisory X41-2017-007: Remote command execution in Shadowsocks ConnecTion Advisory X41-2017-011: Multiple Vulnerabilities in Antragsgrün Kernel Fuzzing in Userspace Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP server Advisory X41-2017-010: Command Execution in shadowsocks-libev Advisory X41-2017-008: Multiple Vulnerabilities in shadowsocks X41 D-Sec GmbH releases Browser Security White Paper, assessing Google Chrome, Microsoft Edge, and Internet Explorer Advisory X41-2017-005: Multiple Vulnerabilities in Peplink Balance Routers Peplink Vulnerability Hunting Benchmarking memcmp() for timing attacks HITBSECCONF17 - Markus Vervier Presents Research On Signal TROOPERS17 - Signal Presentation And Meet-Up Advisory X41-2017-001: Multiple Vulnerabilities in X.org winmail.dat considered harmful Advisory X41-2017-003: Directory Traversal in ktnef Advisory X41-2017-04: Multiple Vulnerabilities in tnef Advisory X41-2017-02: Multiple Vulnerabilities in ytnef Wire Cryptography Audit (with Kudelski Security) Vulnerabilities in Signal Private Messenger Advisory X41-2016-001: Memory Corruption Vulnerability in libotr

Vulnerability Research


There is no defense without understanding offense. Security Research is essential to keep up with emerging threats. From uncovering new vulnerabilities to creating better mitigations we are a strongly research driven company.

Mitigation and Hardening


No application is bug-free. A good security concept will include measures to harden and mitigate yet unknown vulnerabilities making it harder for an adversary to exploit them. We develop new techniques to mitigate exploitation and contain threats.

If you are interested in custom research contact us.


Is security your passion? Do you like being creative? Do you want to face new challenges to expand your skills even further? Contact us, we're hiring!

Contact Us

Office Locations:

Aachen Frankfurt