GREM Preparation

Hi everyone,

I recently took the FOR610-GREM course and was wondering everyone's thoughts on how the practice exams line up with the real one? I took the practice exams almost immediately when they were made available without prior studying or an index and scored high 90s on both. I have since re-read all 5 books twice and am planning on re-doing the labs this week before my actual exam (which is very soon). In those re-reads I have created a roughly 850~ item 'index' with color coded book/page numbers but have also included definitions with each item including command flags, priorities, API parameters, malicious technique descriptions, common API patterns, etc.

Anyone have any advice? I'm getting nervous but at the same time having done so well with no studying on the practice ones I'm feeling ok - just want to make sure this isn't a false sense of confidence hence the extra studying and indexing.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

mjs1104

The test is very similar to the practice tests, they are a very good indicator as to how you are going to do on the real deal. The test is very straight forward.

UnixGuy

joeandstuff said:

I took the practice exams almost immediately when they were made available without prior studying or an index and scored high 90s on both.

This is a strong indication that you'll do well. Keep doing what you're doing. Have a solid index and review the material. Good luck

joeandstuff

Passed with a 92. Way too many ambiguous questions that could have easily gone either way - I did not like that. Felt like I knew the material but was asked too many tangential questions that did not directly relate to the material but to meta stuff about it.

UnixGuy

What an impressive score for a difficult exam, congrats mate and welcome to the forums!

Can you tell us more about your technical background and experience? Do you do a lot of Malware Reverse engineering in your role?

What's next for you after GREM?

joeandstuff

Thanks.

I hold an M.S. in Computing Security from an NSA accredited program. I had previously taken a Reverse Engineering course at this program and it essentially covered what FOR610 does but FOR610 goes more in depth on certain topics and tools and has a bigger breadth of content as relates to malicious document analysis and general malicious techniques (process hollowing, hooking, injection, etc). My M.S. program went indepth into ASM, IDA, OllyDbg and the common behavioral analysis tools as well as PE files so I had a pretty good background for all of those topics.

I currently work in an Incident Response role that covers malware analysis in our day to day but it is typically just behavioral analysis type stuff. We have a lot of leeway in our role so I spend a lot of time working on Python scripts and have written scripts for forensics and anti-forensics purposes as well as basic malware in the past for experimentation and learning.

Next, I would like to take either GPEN or the more advanced penetration testing course or perhaps the exploit development course. Those or the Python coding courses are currently the most appealing to me as I have some experience working with Python and am pretty comfortable in it so getting a cert that proves I have that skill is worthwhile I think.