reverse engineering certs

Hi, all,
I'm doing an MSc in computer security and this is my last year. I'd like to find a job in the fields of reverse engineering/malware reverse engineering/etc.
I was looking at the CREA and eCRE certifications.
What do you think about them?
Do you have any other advice?

Thanks!

Find more posts tagged with

Comments

cyberguypr

Never heard of any of these. Had to go Google them. I did my informal non-scientific test of plugging them on Indeed. CREA came up with like 20 hits nationwide and eCRE came up with zero. Got like 100 hits for GREM. Are you looking for the cert to help you master the topic or as a job hunt aid?

JoJoCal19

I've only ever heard of the GIAC GREM and eLearnSecurity's ARES.

BlackBeret

Do you want a certification for recognition or the course itself? CREA is almost unknown, GREM is a lot better name recognition. As far as the courses go, CREA is one that I looked at, but I've heard some seriously mixed reviews about InfoSec Institute. I ultimately decided that I will go with SANS For610 (GREM) and will hopefully start in the next 1-2 months. I'm very new to RE but work as a network analyst, GREM seems to be introductory RE and focus more on analyzing the malware itself, which is what I need. As follow up to it I do want take the InfoSec Institute's RE course and learn more about RE with a security focus.

eLearnSecurity ARES is another that I looked at, but it didn't have the name recognition someone in the market would want, and it's not on my companies list of approved vendors. The course material did look to be good and the course I did take with eLearnSecurity was amazing for the online training it provided.

gespenstern

Reversing and assembly programming is more of a hobby for me and I never heard about certs that you mentioned.

Agree with others that GREM and ARES are more recognized. I may do them some day in the future.

pstiva

cyberguypr: eCRE is quite new (2013) so maybe this is the reason

I'm looking for a cert that will help to master the topic (It would be nice also if it could help me getting a job but my first concern is learning

)

JoJoCal19: eCRE is the name of the certification you get after you have completed the course called ARES

@BlackBeret: see the message above for knowing what eCRE is

I'm not really interested in GREM because 1) it's very expensive and 2) it doesn't have a practical exam (AFAIK).

What do you think about eLearnSecurity ARES (eCRE cert)? I'm tempted to do it because it has a lot of pratical exercices and also the exam is both theoretical and practical.
I'm wondering if it can be considered a valid cert even tough 1) it uses WinXP

2) it teaches only the basic of asm and only for x86 (and not x64 and ARM) 3) it doesn't go into detail (rop chaining, heap spraying, etc)

JoJoCal19

pstiva wrote: »

cyberguypr: eCRE is quite new (2013) so maybe this is the reason I'm looking for a cert that will help to master the topic (It would be nice also if it could help me getting a job but my first concern is learning )

JoJoCal19: eCRE is the name of the certification you get after you have completed the course called ARES

@BlackBeret: see the message above for knowing what eCRE is I'm not really interested in GREM because 1) it's very expensive and 2) it doesn't have a practical exam (AFAIK).

What do you think about eLearnSecurity ARES (eCRE cert)? I'm tempted to do it because it has a lot of pratical exercices and also the exam is both theoretical and practical.
I'm wondering if it can be considered a valid cert even tough 1) it uses WinXP 2) it teaches only the basic of asm and only for x86 (and not x64 and ARM) 3) it doesn't go into detail (rop chaining, heap spraying, etc)

Ah thanks for clarifying. I should have recognized eCRE. As far as the ARES course and eCRE cert, I think very highly of eLearnSecurity's material and certs as the material is very in-depth and explains things well (I have PTSv3 and PTPv3 courses). So if you are wanting to learn reverse engineering, I think you would do well to do their course as it's nowhere near as expensive as the FOR610 course from SANS. From a standpoint of getting you a job, the eCRE probably won't help from a name standpoint, but if you can at least land an interview and can talk the talk and walk the walk based on what you learn in the ARES course and eCRE exam, you may have a shot at the job. As for rop chaining and heap spraying, I remember seeing those topics in one of either SANS courses or Offensive Security's courses.

pstiva

Ok, thanks for your opinion! I'll definitively go with ARES then

Yes, those advance args are treated by Offensive Security AWE course. But I live on the other side of the planet so I'll never be able to attend the BHUSA

(and again, it's very expensive the AWE course xD)

I think that (unfortunately for me) OffSec is the only company that cover ASLR, DEP, heap spraying, rop chaining & co. And, TBH, I dunno anything about SANS' material.

gespenstern

pstiva wrote: »

1) it uses WinXP 2) it teaches only the basic of asm and only for x86 (and not x64 and ARM)

OS used to launch a disassembler tool of choice probably doesn't mean much, why care. And regarding x86 asm (which is actually post intel 386 asm), it actually didn't change much since intel 386 processors (Intel tried with IA64 aka Itanium but failed). And, actually, knowing asm for intel 8086 processor it's not that hard to get a grasp on newer intel 386+ asm in days. Protected mode, registers become wider, a bunch of new registers were added, a bunch of new instructions but everything else remains the same.

ARM, of course, is a different story.

JoJoCal19

pstiva wrote: »

Ok, thanks for your opinion! I'll definitively go with ARES then

Yes, those advance args are treated by Offensive Security AWE course. But I live on the other side of the planet so I'll never be able to attend the BHUSA (and again, it's very expensive the AWE course xD)

I think that (unfortunately for me) OffSec is the only company that cover ASLR, DEP, heap spraying, rop chaining & co. And, TBH, I dunno anything about SANS' material.

Ah shame they don't have the same courses available over where you are at. To add, what I've seen in interviews with people in the RE field, and RE and malware analysis jobs, knowing how to program is really needed. Of course knowledge of assembly, but also C, C++ are asked for a lot. The lower level languages. It would go a long way if you learned how to program C or C++.

pstiva

I program a lot in C, I love it

on the other side I never done anything in C++ :P
I use a lot also Python (which is not exactly a low level language but in infosec is extremely useful, isn't it

)

eth0

OSCE is Windows exploit development certificate, you will only use there software like OllyDBG and IDA

pstiva

And ARES is also Windows only too

There isn't an RE cert that cover all the OS...uff

Weasel160

The price aside, GREM is really great while starting with malware analysis. Lenny does a great job explaining everything from memory forensics, behavioural analysis to analysing malicious documents. eCRE's exam is VERY practical ( emphasis on the very

), unfortunately I think it doesn't get the professional recognition it deserves, maybe because not a lot of people have it.

JDMurray

Do any of these courses/certs cover ARM assembly language for reverse engineering mobile Malware? Everything I've seen so far seems to be Intel-only.

pstiva

@Weasel160
I can see that you have the eCRE

May I ask you some questions?

1) how did you find the course? (is it well explained? does it cover interesting things or only basic stuffs?, etc)
2) how did you find the cert exam? Challenging or simple?
3) Would you suggest this cert to someone (me

) who would like to enter the RE world and it kinda a newbie in this field?

Thanks

HappyGoats

GREM is the only one that's really recognized, but most jobs that require reversing most definitely care more about demonstrated skill than a certification in the subject.