June 21, 2011 Karn Ganeshen

Passed GIAC GREM Exam

Hey guys, I passed GIAC GREM this June 05, 2011. GREM is the Reverse Engineering Malware [ SANS 610 class ]. I find the RE stuff pretty cool. You get to learn how to analyze web, doc, pdf, and flash based malware; plus the fundamentals of exploit dev, vectors and similar sexy dope.

If you have any questions, feel free to comment n ask here.

Edit: A lot of people have been emailing me asking suggestions on self-study resources for GREM. So, I am updating this post with my response info.

Hope you will find it useful.

Malware Analyst’s cookbook is a great resource for GREM exam preparation. Also check out Lenny Zeltser’s website for articles, posts, and other information. Go join in Offensive computing website and get your hands dirty with the malware specimens. Apart from these, I would also encourage to go through my blog posts dissecting a bot specimen using the RE methodology and RE tools.

From the exam perspective, when you purchase the exam, you will also receive 2 practice tests. These tests will give you a fair idea on the type of questions, & depth expected in the exam. For a list of topics that GREM covers, please refer to GREM exam link above.

I feel the following references are useful for preparation:

  1. Lenny Zeltser’s website: zeltser.com
  2. Offensive Computing website: http://offensivecomputing.net/
  3. GREM Topics: http://www.giac.org/certification/reverse-engineering-malware-grem
  4. My blog posts covering bot analysis, patching malware, and manually unpacking a malware for analysis:
    https://ipositivesecurity.com/2011/07/analyzing-malware-begin.html
    http://ipositivesecurity.com/2011/07/analyzing-malware-slackbot-i.html
    http://ipositivesecurity.com/2011/07/analyzing-malware-slackbot-ii.html
    http://ipositivesecurity.com/2011/08/analyzing-malware-patching-in-way.html
    http://ipositivesecurity.com/2011/08/analyzing-malware-manually-unpacking.html

+++++

Cheers!

Tagged: , , , , , , , ,

Comments (23)

  1. Anonymous

    hey..

    does the course teach you the basics of Olly and IDA?
    Also did you take the SANS course of was it an independent study?

    -Kid

  2. Hey Kid,

    I did self study only so I don't know in how much depth does GREM teach Olly & IDA.

    But in my experience, disassembling & debugging is an essential component in reverse engineering. So, I assume GREM will most definitely have used Olly & IDA extensively.

    Let me know if you have any other questions.

    Cheers!
    Karn Ganeshen

  3. Anonymous

    Actually I was looking for the sans grem study material myself..

    So was checking around and found you site on a google search.

    -Kid

  4. I hope you are aware that SANS has a strict policy on it. You probably won't want to risk your certification. Anyways, that's your call.

    You can refer to Lenny Zelster's website and buy the book 'Malware Analyst's cookbook'. Both of these resources are very good sources of learning to this exam.

    All the Best.

  5. Anonymous

    I amd currently referring Lenny's site and some free webcast and writeups.

    Anyways.. thanks for the heads-up on the policy mate!!

    -Kid

  6. Anonymous

    Hi,

    Are the questions in the actual exams similar to those in the practice questions?

    Thanks!

  7. Hi Anonymous,

    Practice exam questions will give you a feel of the actual exam like the time management, questions from various topics etc. Practice tests are just for, as the name says, practicing for the real exam, i.e. getting familiar with the exam pattern, experience and the questions tested from what you have studied. And nothing close to the real exam questions.

    HTH

    KG

  8. Brandon

    Hi, I'm getting ready to take this exam and was wondering if there was any bias toward specific applications or types of malware on the exam. What would you recommend or feel is suitable for a self study guide?

    Thank you,
    Brandon

  9. Tell me. Do you use knowledge from the GREM certification in your dialy work. How can you describe the value of that certification?
    Thanks, Mirek

  10. Hi Mirek,

    RE is not part of my usual work. But RE study supplements my role. Knowledge of & skills in RE are one asset, imo, to a pentester.

    I don't quite understand what you mean by value of the certification. Do you mean new job opportunities, or pay increment or raising the bar amongst peers? Of course, it has positively affected all three of these. Though, to me, it has been more about getting the knowledge & skills that brings satisfaction.

    However, it would depend upon your current role, skills & career aspirations, that would help you in deciding whether or not doing GREM is going to be useful to you.

    Let me know if you have any other questions.

    KG

  11. Anonymous

    hi KG,
    I am also planning to prepare for the exam and reading malware analysts cookbook. I am not quite sure about the exam pattern and the malware challenge. Can you please share couple of sample questions and the process for malware challenge?

    Regards,
    Sh3rkhan

  12. @Sh3rkhan and @iampole: Malware Analyst's cookbook is a great resource for GREM exam preparation. Also check out Lenny Zeltser's website for articles, posts, and other information. Go join in Offensive computing website and get your hands dirty with the malware specimens. Apart from these, I would also encourage to go through my blog posts dissecting a bot specimen using the RE methodology and RE tools.

    From the exam perspective, when you purchase the exam, you will also receive 2 practice tests. These tests will give you a fair idea on the type of questions, & depth expected in the exam. For a list of topics that GREM covers, please refer to GREM link.

    The links are as follows:

    1. Lenny Zeltser's website: zeltser.com
    2. Offensive Computing website: http://offensivecomputing.net/
    3. GREM Topics: http://www.giac.org/certification/reverse-engineering-malware-grem
    4. My blog posts covering bot analysis, patching malware, and manually unpacking a malware for analysis:

    http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-begin.html
    http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-i.html
    http://ipositivesecurity.blogspot.in/2011/07/analyzing-malware-slackbot-ii.html
    http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-patching-in-way.html
    http://ipositivesecurity.blogspot.in/2011/08/analyzing-malware-manually-unpacking.html

  13. Anonymous

    hello
    well i am ankush a novice to GREM but i wanna go for it….tell me how to prepare for it…where i can get study material….and how much i have to do in order to get through my exam…plz help

    my email id is er.ankush90@rediffmail.com ohkai

  14. Anonymous

    hello
    i am ankush novice to GREM .I wanna get through this exam .tell me from where i can get stuff about it …how much i have to read .my email id is er.ankush90@rediffmail.com reply me if u get something onto it…i will be highly obliged to you..

  15. Hi Ankush,

    Please refer to my post above. I have given various information links, as well as links to recommended study resources.

    If you have a little or no experience, then in my opinion, you will have to read a LOT and practice a LOT.

    It'll be a lot of fun.!

    All the best for your study.

    KG

  16. SAM

    Hi., Appreciate you post. I am planning to take GREM; I would like to study and practice myself and appear only for the exam. Do they have such option ? If yes, will they share the study guide, and practice binaries for analysis.

  17. Hi SAM,

    You can challenge the GIAC exam. Read about it here: http://www.giac.org/registration/challenge

    The challenge path means you do a self-study with various resources, & practice at your end. SANS does not provide any study materials or practice binaries for analysis. However, it does provide a topic by topic break list of the exam objectives. As regards to practice binaries, you can find malware specimens from google.

    I'd recommend you reading my posts mentioned above. Also look for my comment above to another reader. I posted details on preparation links for reference.

    Cheers!

  18. Anonymous

    Is training mandatory for this course? If not, what will be the cost of this certification?

  19. Anonymous

    Does the exam questions multi choice questions? could you provide a question for example

Leave a Reply

Your email address will not be published. Required fields are marked *