eCRE vs. CREA
ProfessorCipher
Registered Users Posts: 2 ■■□□□□□□□□
Hello all!I have recently completed my Security+ certification and would like to expand my certification portfolio into eCRE or CREA. As much as I would like GREM, I don't have the funds to pursue that yet. I would greatly appreciate anyones experience with either certification, what they used to study,how the test went, and any other input. I have read Malware Analyst Cookbook and Practical Reverse Engineering for my coursework, and will be looking for more recommendations on the topic of reverse engineering as well. Thank you for your time
Comments
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□I get zero job hits on either cert on a popular job board. I know nothing about CREA but I do know that eLearnSecurity course quality is very decent based on the eJPT course I took with them.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
BlackBeret Member Posts: 683 ■■■■■□□□□□I just finished CREA in December. I looked at other courses as well, but it came down to my employer would pay for Infosec Institute because the certification is independent from the course (though they still paid for OSCP and OSWP).
I'll start with what the course from Infosec Institute covered.
The course: The course was a lot of basics from different aspects of reversing; ASM/compiled binary reversing basics, malware analysis basics, unpacking, algorithm reversing, keygens, etc. I took the course via "Mentored online", which meant I could email the support team with questions at anytime, and they would forward them to the instructor and reply back, in theory. The course is comprised of a bunch of course videos, lab videos, a course book, a lab book, and the book "Reversing: Secrets of Reverse Engineering" by Eldad Eilam, which the course book seems to borrow heavily from. It also came with a Windows XP VM loaded with a bunch of tools. Nothing in the course was close to updated, it did cover a lot of different topics.
The good: Prior to this course I went through the SGDBE and SLAE64 courses from Pentester Academy. I've toyed with assembly and reversing on and off through the years, but never sat down and went in-depth. This course gave me a good overview with lab examples of a lot of different topics. Basic reversing, disassembly, debugging, understanding execution flow, making minor patches in logic flow, bypassing registration and nag screens, unpacking, etc. There's some lessons on system level (process monitoring, network interactions, spoofing "remote" server) as well as the binary reversing portions. Its basic flow was, "Here's a lesson, here's an example you can complete in the lab, here's a lab walk through".
Some of the more interesting parts for me were compiled arithmetic, binary diffing, auditing for exploits (not near as much as I wanted), and reversing keygen algorithms. The courses are followed by labs, the lab videos are better and show a full walk through, and the lab book is a solid guide with more explanation than the video has with screen shots of everything you need.
The bad: That materials, all of the digital materials were sent on about a dozen CD's. (Yes, CD's, not DVD's). They're serious about their copy protections, so the videos are all embedded in executable files with some crazy DRM that measures multiple points on your system, produces a machine-id number based on those points, then you have to email them the machine ID number, and they reply with an unlock code. This same executable prevents the videos from opening if any type of screen capture software is running in the background, prevents you from launching said software while it's running, and it's buggy enough to the point that it has issues with multiple-monitors plugged in. They also provide a web portal in which you can watch all of the videos and it tracks your course progress, but the videos are all "high-resolution", as in massive size, and their portal is slow.
The course book is just a bunch of slides, printed 2/page. The course videos are just some guy reading the slides. It's set up like a college lecture.
Out of four emails I sent with questions to the support email for online students, the only one that I received a reply on was my last one, which went something like "I don't know why I'm bothering to email this question, since you haven't responded to any of my others, but ...?". That one actually had a quick response.
Overall, I learned more than enough to continue teaching myself, which is what I wanted out of the course. I'd rate it overall on par with a mediocre college course. Boring lectures, followed by a semi-well developed lab that showed the ability to do something interesting. There were definitely parts in the labs where they directed you to a specific function, because it you tried to analyze the file on your own you'd end up down a few rabbit holes to rule things out.
The test: I took it in December 2017, everything on the test was covered in the course, some of it was basic knowledge or a few practical questions. I have both books you mentioned on my to read/work through list right now as a follow-up to this course, so if you've already finished them, I doubt you'd have an issue with the test.
When I took it, there was the multiple choice part that I took online, then a practical in which they sent me a random executable and told me to document it, answering specific questions if applicable. I was able to do almost all of the practical using system level analysis, part of the practical was documenting the code of the functions you were talking about so I did have to open up IDA and dig around. I would have done that anyway to make sure I wasn't missing anything.
An interesting thing happened, you have 60 days after the multiple choice test to submit the practical report. I sent it in about 30 days later after I had a free day to do it. A few weeks after that I emailed them to make sure they had received it since I hadn't heard back yet and I was still within my window. I was told they no longer do the practical, they confirmed my address, and mailed me the cert. The practical is still listed on the website, so ymmv. -
ProfessorCipher Registered Users Posts: 2 ■■□□□□□□□□Blackberet, thank you very much for your reply. Through previous research, I have found a lot of mixed-reviews and your reply follows suit. Based on your review, I believe I am going to hold off on CREA because I feel it's far too similar to my current curriculum. I will definitely be keeping your post in mind as I continue into my career.
Thank you as well yoba222. Employment, while it's not always the main reason, is still a good reason to get certified and it's important to keep a certifications relevance in mind. After BlackBeret's reply and your research on job hits, I will not be pursuing CREA as it offers very little in comparison to my degree. I will also be keeping eCRE on the back burner and will instead be focusing on saving up for GREM.
Thank you for the time you have put into my post,
Professor Cipher