Tuesday, June 21, 2011

Passed GIAC GREM Exam


Hey guys, I passed GIAC GREM this June 05, 2011. GREM is the Reverse Engineering Malware [ SANS 610 class ]. I find the RE stuff pretty cool. You get to learn how to analyze web, doc, pdf, and flash based malware; plus the fundamentals of exploit dev, vectors and similar sexy dope.



If you have any questions, feel free to comment n ask here.

Cheers!

Edit: A lot of people have been emailing me asking the suggestions on self-study resources for GREM. So, I am updating this post with my response info. 

Hope you will find it useful.
Malware Analyst's cookbook is a great resource for GREM exam preparation. Also check out Lenny Zeltser's website for articles, posts, and other information. Go join in Offensive computing website and get your hands dirty with the malware specimens. Apart from these, I would also encourage to go through my blog posts dissecting a bot specimen using the RE methodology and RE tools. 
From the exam perspective, when you purchase the exam, you will also receive 2 practice tests. These tests will give you a fair idea on the type of questions, & depth expected in the exam. For a list of topics that GREM covers, please refer to GREM exam link.
The links are as follows:
1. Lenny Zeltser's website: zeltser.com
2. Offensive Computing website: http://offensivecomputing.net/
3. GREM Topics: http://www.giac.org/certification/reverse-engineering-malware-grem
4. My blog posts covering bot analysis, patching malware, and manually unpacking a malware for analysis:
http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-begin.html
http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-i.html
http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-ii.html
http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-patching-in-way.html
http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-manually-unpacking.html

23 comments:

  1. hey..

    does the course teach you the basics of Olly and IDA?
    Also did you take the SANS course of was it an independent study?

    -Kid

    ReplyDelete
  2. Hey Kid,

    I did self study only so I don't know in how much depth does GREM teach Olly & IDA.

    But in my experience, disassembling & debugging is an essential component in reverse engineering. So, I assume GREM will most definitely have used Olly & IDA extensively.

    Let me know if you have any other questions.

    Cheers!
    Karn Ganeshen

    ReplyDelete
  3. Actually I was looking for the sans grem study material myself..

    So was checking around and found you site on a google search.

    -Kid

    ReplyDelete
  4. I hope you are aware that SANS has a strict policy on it. You probably won't want to risk your certification. Anyways, that's your call.

    You can refer to Lenny Zelster's website and buy the book 'Malware Analyst's cookbook'. Both of these resources are very good sources of learning to this exam.

    All the Best.

    ReplyDelete
  5. I amd currently referring Lenny's site and some free webcast and writeups.

    Anyways.. thanks for the heads-up on the policy mate!!

    -Kid

    ReplyDelete
  6. np Kid. Let me know if you have any questions during your study. Wish you all the best.

    KG

    ReplyDelete
  7. Hi,

    Are the questions in the actual exams similar to those in the practice questions?

    Thanks!

    ReplyDelete
  8. Hi Anonymous,

    Practice exam questions will give you a feel of the actual exam like the time management, questions from various topics etc. Practice tests are just for, as the name says, practicing for the real exam, i.e. getting familiar with the exam pattern, experience and the questions tested from what you have studied. And nothing close to the real exam questions.

    HTH

    KG

    ReplyDelete
  9. Hi, I'm getting ready to take this exam and was wondering if there was any bias toward specific applications or types of malware on the exam. What would you recommend or feel is suitable for a self study guide?

    Thank you,
    Brandon

    ReplyDelete
  10. Hi Brandon,

    Are you following self-study path?

    KG

    ReplyDelete
  11. Tell me. Do you use knowledge from the GREM certification in your dialy work. How can you describe the value of that certification?
    Thanks, Mirek

    ReplyDelete
  12. Hi Mirek,

    RE is not part of my usual work. But RE study supplements my role. Knowledge of & skills in RE are one asset, imo, to a pentester.

    I don't quite understand what you mean by value of the certification. Do you mean new job opportunities, or pay increment or raising the bar amongst peers? Of course, it has positively affected all three of these. Though, to me, it has been more about getting the knowledge & skills that brings satisfaction.

    However, it would depend upon your current role, skills & career aspirations, that would help you in deciding whether or not doing GREM is going to be useful to you.

    Let me know if you have any other questions.

    KG

    ReplyDelete
  13. hi KG,
    I am also planning to prepare for the exam and reading malware analysts cookbook. I am not quite sure about the exam pattern and the malware challenge. Can you please share couple of sample questions and the process for malware challenge?

    Regards,
    Sh3rkhan

    ReplyDelete
  14. hi KG ,

    The Book Malware analyst cookbook is enough to pass the GREM ?

    give you opinion !!

    ReplyDelete
  15. @Sh3rkhan and @iampole: Malware Analyst's cookbook is a great resource for GREM exam preparation. Also check out Lenny Zeltser's website for articles, posts, and other information. Go join in Offensive computing website and get your hands dirty with the malware specimens. Apart from these, I would also encourage to go through my blog posts dissecting a bot specimen using the RE methodology and RE tools.

    From the exam perspective, when you purchase the exam, you will also receive 2 practice tests. These tests will give you a fair idea on the type of questions, & depth expected in the exam. For a list of topics that GREM covers, please refer to GREM link.

    The links are as follows:

    1. Lenny Zeltser's website: zeltser.com
    2. Offensive Computing website: http://offensivecomputing.net/
    3. GREM Topics: http://www.giac.org/certification/reverse-engineering-malware-grem
    4. My blog posts covering bot analysis, patching malware, and manually unpacking a malware for analysis:

    http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-begin.html
    http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-i.html
    http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-ii.html
    http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-patching-in-way.html
    http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-manually-unpacking.html

    ReplyDelete
  16. hello
    well i am ankush a novice to GREM but i wanna go for it....tell me how to prepare for it...where i can get study material....and how much i have to do in order to get through my exam...plz help

    my email id is er.ankush90@rediffmail.com ohkai

    ReplyDelete
  17. hello
    i am ankush novice to GREM .I wanna get through this exam .tell me from where i can get stuff about it ...how much i have to read .my email id is er.ankush90@rediffmail.com reply me if u get something onto it...i will be highly obliged to you..

    ReplyDelete
  18. Hi Ankush,

    Please refer to my post above. I have given various information links, as well as links to recommended study resources.

    If you have a little or no experience, then in my opinion, you will have to read a LOT and practice a LOT.

    It'll be a lot of fun.!

    All the best for your study.

    KG

    ReplyDelete
  19. Hi., Appreciate you post. I am planning to take GREM; I would like to study and practice myself and appear only for the exam. Do they have such option ? If yes, will they share the study guide, and practice binaries for analysis.

    ReplyDelete
    Replies
    1. Hi SAM,

      You can challenge the GIAC exam. Read about it here: http://www.giac.org/registration/challenge

      The challenge path means you do a self-study with various resources, & practice at your end. SANS does not provide any study materials or practice binaries for analysis. However, it does provide a topic by topic break list of the exam objectives. As regards to practice binaries, you can find malware specimens from google.

      I'd recommend you reading my posts mentioned above. Also look for my comment above to another reader. I posted details on preparation links for reference.

      Cheers!

      Delete
  20. Hi

    By chance anyone in possession of a discount code for GREM certification?

    Thanks!!

    ReplyDelete
  21. Is training mandatory for this course? If not, what will be the cost of this certification?

    ReplyDelete
  22. Does the exam questions multi choice questions? could you provide a question for example

    ReplyDelete

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.