Hey guys, I passed GIAC GREM this June 05, 2011. GREM is the Reverse Engineering Malware [ SANS 610 class ]. I find the RE stuff pretty cool. You get to learn how to analyze web, doc, pdf, and flash based malware; plus the fundamentals of exploit dev, vectors and similar sexy dope.
GIAC GREM
If you have any questions, feel free to comment n ask here.
Cheers!
hey..
ReplyDeletedoes the course teach you the basics of Olly and IDA?
Also did you take the SANS course of was it an independent study?
-Kid
Hey Kid,
ReplyDeleteI did self study only so I don't know in how much depth does GREM teach Olly & IDA.
But in my experience, disassembling & debugging is an essential component in reverse engineering. So, I assume GREM will most definitely have used Olly & IDA extensively.
Let me know if you have any other questions.
Cheers!
Karn Ganeshen
Actually I was looking for the sans grem study material myself..
ReplyDeleteSo was checking around and found you site on a google search.
-Kid
I hope you are aware that SANS has a strict policy on it. You probably won't want to risk your certification. Anyways, that's your call.
ReplyDeleteYou can refer to Lenny Zelster's website and buy the book 'Malware Analyst's cookbook'. Both of these resources are very good sources of learning to this exam.
All the Best.
I amd currently referring Lenny's site and some free webcast and writeups.
ReplyDeleteAnyways.. thanks for the heads-up on the policy mate!!
-Kid
np Kid. Let me know if you have any questions during your study. Wish you all the best.
ReplyDeleteKG
Hi,
ReplyDeleteAre the questions in the actual exams similar to those in the practice questions?
Thanks!
Hi Anonymous,
ReplyDeletePractice exam questions will give you a feel of the actual exam like the time management, questions from various topics etc. Practice tests are just for, as the name says, practicing for the real exam, i.e. getting familiar with the exam pattern, experience and the questions tested from what you have studied. And nothing close to the real exam questions.
HTH
KG
Hi, I'm getting ready to take this exam and was wondering if there was any bias toward specific applications or types of malware on the exam. What would you recommend or feel is suitable for a self study guide?
ReplyDeleteThank you,
Brandon
Hi Brandon,
ReplyDeleteAre you following self-study path?
KG
Tell me. Do you use knowledge from the GREM certification in your dialy work. How can you describe the value of that certification?
ReplyDeleteThanks, Mirek
Hi Mirek,
ReplyDeleteRE is not part of my usual work. But RE study supplements my role. Knowledge of & skills in RE are one asset, imo, to a pentester.
I don't quite understand what you mean by value of the certification. Do you mean new job opportunities, or pay increment or raising the bar amongst peers? Of course, it has positively affected all three of these. Though, to me, it has been more about getting the knowledge & skills that brings satisfaction.
However, it would depend upon your current role, skills & career aspirations, that would help you in deciding whether or not doing GREM is going to be useful to you.
Let me know if you have any other questions.
KG
hi KG,
ReplyDeleteI am also planning to prepare for the exam and reading malware analysts cookbook. I am not quite sure about the exam pattern and the malware challenge. Can you please share couple of sample questions and the process for malware challenge?
Regards,
Sh3rkhan
hi KG ,
ReplyDeleteThe Book Malware analyst cookbook is enough to pass the GREM ?
give you opinion !!
@Sh3rkhan and @iampole: Malware Analyst's cookbook is a great resource for GREM exam preparation. Also check out Lenny Zeltser's website for articles, posts, and other information. Go join in Offensive computing website and get your hands dirty with the malware specimens. Apart from these, I would also encourage to go through my blog posts dissecting a bot specimen using the RE methodology and RE tools.
ReplyDeleteFrom the exam perspective, when you purchase the exam, you will also receive 2 practice tests. These tests will give you a fair idea on the type of questions, & depth expected in the exam. For a list of topics that GREM covers, please refer to GREM link.
The links are as follows:
1. Lenny Zeltser's website: zeltser.com
2. Offensive Computing website: http://offensivecomputing.net/
3. GREM Topics: http://www.giac.org/certification/reverse-engineering-malware-grem
4. My blog posts covering bot analysis, patching malware, and manually unpacking a malware for analysis:
http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-begin.html
http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-i.html
http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-ii.html
http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-patching-in-way.html
http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-manually-unpacking.html