Passed GREM!

Itgc02Itgc02 Registered Users Posts: 2 ■□□□□□□□□□
Passed GREM today! Wanted to share my experience and tips for those that may be interested in the exam in the future since I use this site pretty often to aid in my studies for various certs.

For starters this exam is definitely tough, but the reward for passing is greater than the pain you endure studying. I did not have much of any RE experience before this course, just some self taught behavioral analysis techniques I've picked up along the years. Definitely no assembly experience. I did purchase the practical malware book prior to my course, but only got through maybe a few chapters and didn't use at all during my exam.

What I took with me to the exam:

- Books 1-5
- Made reference sheets for myself on common api calls for certain techniques, volatility and various tools. ( didn't use these much, but they helped me study- so not a complete waste of time)
- Index

Tips/What worked for me:

1 Read Material - probably can't stress this one enough. I read the books 3-4 times depending on how well I grasped the material.
- My first read through I attempted to index as I read..... didn't work for me so I decided to just read and take notes of important things instead.

- Read through 2-4 I created and subsequently added to my index. My final index was maybe 1,200 lines which was definitely overkill but helped me study.

2 Do the labs - I did the labs as I read the first couple of times, while it took me longer to get through the material it really did help with understanding the labs.

3 Listen to lectures - if you're like me, sometimes you can read something 2x and still have trouble grasping the material for some odd reason. I listened to the lectures one time from beginning to end, then listened to modules I struggled with more then once if needed. I was onDemand for this course, and listing to the lectures while doing some of the labs really helped!

My first practice test I scored a 69 and wasn't sure I was going to pass. I read through maybe 3/5 books again and added a ton to my index going from maybe 800 to the final 1,200 lines. Also did labs again to help reinforce some of the material. Second practice test I scored an 80 but still didn't feel entirely confident so I reread some modules and did labs. Ultimately passing exam with an 82.7.

Hope this helps!

sn - I don't know what's next for me, this exam was definitely a lot - mentally. I may take a break for the rest of the year and look into the Cyber Intel course from SANS spring of next year.


  • Options
    TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Congratulations on the pass, it's definitely one of the harder SANS courses and Exams. My final index was 1080 lines and I just barely passed the exam, but a pass is a pass right. :)
    Still searching for the corner in a round room.
  • Options
    SaltyHashesSaltyHashes Member Posts: 33 ■■■□□□□□□□
    This is fantastic news! Congrats on the pass. Later in my career when I'm able to attend SANS training, this was one of the courses + exams offered by GIAC that caught my interest.

    Write ups like these are gold. Thank you for sharing your experience.

    Take the well deserved break!
  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on the pass!!! GREM is definitely one I'd love to do one day.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Options
    LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Grats! What sort of background do you have that either made this course easier or contributed to your success?

    Also, what prompted you tackle GREM? Incident response, or other roles?

    Anything you'd pass on to someone on the fence about this course? Does it require programming knowledge?

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • Options
    COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    Congrats on the pass!!! Hard work paid off, and thanks for the invaluable tips.
  • Options
    gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□

    Contrary to your preparation advice, I haven't read the books, hadn't prepared any index at all, haven't used the books on the exam and didn't do the labs. On the other hand, I had some RE experience before I started.
  • Options
    averageguy72averageguy72 Member Posts: 323 ■■■■□□□□□□
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • Options
    Itgc02Itgc02 Registered Users Posts: 2 ■□□□□□□□□□
    LonerVamp wrote: »
    Grats! What sort of background do you have that either made this course easier or contributed to your success?

    Also, what prompted you tackle GREM? Incident response, or other roles?

    Anything you'd pass on to someone on the fence about this course? Does it require programming knowledge?

    I have a degree in digital forensics, and I have taken Java and VB in college (I do not code on a daily so besides understanding the concept of coding and concepts such as if statements, looping, etc.. typically my only issue is viewing different language syntax) But assembly is another beast on its own.

    My background is primarily in IR, DF, and threat monitoring. I'm sure that helped a little, but the course was still a learning curve.

    My reason for going for this cert was really to help elevate my IR skills, and to help me navigate more towards cyber intelligence in the future.

    My overall advice for someone on the fence is to go into this course with a set of expectations that are attainable. This course definitely doesn't make you an expert in RE because something like that can take years of practice and experience. I came in with almost 0 experience, so as long as you're willing to work for it and have a passion to learn it, go for it!

    Hope that helps!
  • Options
    LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Congratulations. Out of curiousity, how do you think you will fare with the day 6 materials now and how do you think you will do if your given a real malware sample. After the course and exam,I personally felt I would still need some experience to be able to handle a malware debugging completely. What about you?
Sign In or Register to comment.