GREM Passed

iVictor

After 45 days of GCIH, I challenged & cleared GREM yesterday. GREM is Reverse Engineering Malware [ SANS 610 ]. There is a lot of stuff totally new to me like analyzing doc, pdf, flash based malware, details on malware using SEH, packing, etc and appropriate tools for each of these. And I loved every moment I spent studying these.

Exam has been recently changed to a 2-hour, 75 Q, from the original 4 hour, 150 Q structure. Most questions demanded critical thinking, apart from knowledge on the topic. I took full 2 hours and came out with 88 %. A decent score, I feel, for a RE noobie.

I believe the quality and value of this exam can be further improved, if hands-on analysis of specimen(s) is included. It just feels a bit awkward to say RE exam doesn't have any hands-on test. 610 is an advanced level course, and so its testing should reciprocate the same.

Overall, I found it an overwhelming, quality study.

JDMurray

Congratulations on passing the GREM exam!

That's quite an accomplishment if you don't to RE for a living.

rogue2shadow

JDMurray wrote: »

That's quite an accomplishment if you don't to RE for a living.

Def +1. Congrats man!

colemic

Congrats on the pass!

shaqazoolu

I'm jealous. I want to take this so badly. Congrats.

docrice

Wow, I'm envious. That's a course I would love to take, but fear I don't meet the prerequisites to understand the material well enough.

Is the new 2-hour / 75-question format just for the GREM or across the board for all GIAC exams?

the_Grinch

Congrats! What's your background?

iVictor

yea Thanks guys.

iVictor

@docrice: 2 hour / 75 questions format seems to be only for GREM. GCIH and GPEN that I tested earlier had the 4h / 150q.

@the_Grinch: I've worked across windows / *nix systems, n/w admin, databases, enterprise AV, & vuln assessment. In recent years, I've been pentesting n/w & web apps at work and doing exploit dev out of interest. Though I've been playing on with botnets & trojans for a while, this is the first time I charted the RE path thoroughly.

ipchain

Congrats iVictor!

I've been wanting to take this course for a while now, but I don't see it happening this year. My wallet needs some time to heal from paying for (5) SANS courses in a year, so I will probably tackle it in a year or two.

How would you rate this exam in terms of difficulty? I've heard many people often fall behind due to lack of programming skills, would you agree with this? Either way, congrats once again and keep up the good work man!

iVictor

@ipchain: Thanks mate. The exam had its share of challenging questions, well quite a big chunk if I may say. I felt most questions were not quite straight-forward. I didn't expected them to be either so. I recall pressure built up ecstatically when I erred on first few questions in a row.

Instead questions needed to be looked up in the whole swarm of RE study, not just necessarily books or other study material but rather some prior experience / hands-on and common sense. I think rigorous reading of RE topics coupled with some of my prior exp with exploit dev, bots & web-app assessment did help me there.

But RE is not my daily bread & beer so I am sure ones who are experienced in this domain may not have to sweat it out at all. And nah, you do not need programming experience for the subject from exam point of view.