Hey guys, I passed GIAC GREM this June 05, 2011. GREM is the Reverse Engineering Malware [ SANS 610 class ]. I find the RE stuff pretty cool. You get to learn how to analyze web, doc, pdf, and flash based malware; plus the fundamentals of exploit dev, vectors and similar sexy dope.
Edit: A lot of people have been emailing me asking suggestions on self-study resources for GREM. So, I am updating this post with my response info.
Malware Analyst’s cookbook is a great resource for GREM exam preparation. Also check out Lenny Zeltser’s website for articles, posts, and other information. Go join in Offensive computing website and get your hands dirty with the malware specimens. Apart from these, I would also encourage to go through my blog posts dissecting a bot specimen using the RE methodology and RE tools.
From the exam perspective, when you purchase the exam, you will also receive 2 practice tests. These tests will give you a fair idea on the type of questions, & depth expected in the exam. For a list of topics that GREM covers, please refer to GREM exam link above.
I feel the following references are useful for preparation:
- Lenny Zeltser’s website: zeltser.com
- Offensive Computing website: http://offensivecomputing.net/
- GREM Topics: http://www.giac.org/certification/reverse-engineering-malware-grem
- My blog posts covering bot analysis, patching malware, and manually unpacking a malware for analysis: