GREM Passed
After 45 days of GCIH, I challenged & cleared GREM yesterday. GREM is Reverse Engineering Malware [ SANS 610 ]. There is a lot of stuff totally new to me like analyzing doc, pdf, flash based malware, details on malware using SEH, packing, etc and appropriate tools for each of these. And I loved every moment I spent studying these.
Exam has been recently changed to a 2-hour, 75 Q, from the original 4 hour, 150 Q structure. Most questions demanded critical thinking, apart from knowledge on the topic. I took full 2 hours and came out with 88 %. A decent score, I feel, for a RE noobie.
I believe the quality and value of this exam can be further improved, if hands-on analysis of specimen(s) is included. It just feels a bit awkward to say RE exam doesn't have any hands-on test. 610 is an advanced level course, and so its testing should reciprocate the same.
Overall, I found it an overwhelming, quality study.
Exam has been recently changed to a 2-hour, 75 Q, from the original 4 hour, 150 Q structure. Most questions demanded critical thinking, apart from knowledge on the topic. I took full 2 hours and came out with 88 %. A decent score, I feel, for a RE noobie.
I believe the quality and value of this exam can be further improved, if hands-on analysis of specimen(s) is included. It just feels a bit awkward to say RE exam doesn't have any hands-on test. 610 is an advanced level course, and so its testing should reciprocate the same.
Overall, I found it an overwhelming, quality study.
This is the Right Time
Comments
That's quite an accomplishment if you don't to RE for a living.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Def +1. Congrats man!
Is the new 2-hour / 75-question format just for the GREM or across the board for all GIAC exams?
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
@the_Grinch: I've worked across windows / *nix systems, n/w admin, databases, enterprise AV, & vuln assessment. In recent years, I've been pentesting n/w & web apps at work and doing exploit dev out of interest. Though I've been playing on with botnets & trojans for a while, this is the first time I charted the RE path thoroughly.
I've been wanting to take this course for a while now, but I don't see it happening this year. My wallet needs some time to heal from paying for (5) SANS courses in a year, so I will probably tackle it in a year or two.
How would you rate this exam in terms of difficulty? I've heard many people often fall behind due to lack of programming skills, would you agree with this? Either way, congrats once again and keep up the good work man!
Instead questions needed to be looked up in the whole swarm of RE study, not just necessarily books or other study material but rather some prior experience / hands-on and common sense. I think rigorous reading of RE topics coupled with some of my prior exp with exploit dev, bots & web-app assessment did help me there.
But RE is not my daily bread & beer so I am sure ones who are experienced in this domain may not have to sweat it out at all. And nah, you do not need programming experience for the subject from exam point of view.