Spoiler — It’s cheaper than buying one

I was looking to buy a write blocker to do data recovery/forensics tasks but I quickly noticed that I was window shopping write blockers due to their cost.
Some starting at £300, others that cost less were no longer being built or sold, maybe…


In this write-up, I want to bypass some checks our binary does. I’ll be using x32dbg…..Well…let’s just dive straight in.

Debugging a bitcoin miner

From the previous analysis, we know we need to concentrate on bypassing the following 2 conditions:

So let’s load the binary into x32dbg and set 2 breaks points, one…

We’ll need to evaluate the performance of the detector built to ensure that we are achieving a higher true positive rate than a false positive rate. Also as we increase the types of features built and used, we’ll need to monitor their performance.

ROC Curve

In order to evaluate the performance of…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store