GREM Passed

iVictoriVictor Member Posts: 45 ■■□□□□□□□□
After 45 days of GCIH, I challenged & cleared GREM yesterday. GREM is Reverse Engineering Malware [ SANS 610 ]. There is a lot of stuff totally new to me like analyzing doc, pdf, flash based malware, details on malware using SEH, packing, etc and appropriate tools for each of these. And I loved every moment I spent studying these.

Exam has been recently changed to a 2-hour, 75 Q, from the original 4 hour, 150 Q structure. Most questions demanded critical thinking, apart from knowledge on the topic. I took full 2 hours and came out with 88 %. A decent score, I feel, for a RE noobie.

I believe the quality and value of this exam can be further improved, if hands-on analysis of specimen(s) is included. It just feels a bit awkward to say RE exam doesn't have any hands-on test. 610 is an advanced level course, and so its testing should reciprocate the same.

Overall, I found it an overwhelming, quality study.
This is the Right Time


  • JDMurrayJDMurray Admin Posts: 12,878 Admin
    Congratulations on passing the GREM exam! icon_thumright.gif

    That's quite an accomplishment if you don't to RE for a living.
  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    JDMurray wrote: »
    That's quite an accomplishment if you don't to RE for a living.

    Def +1. Congrats man!
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    Congrats on the pass!
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • shaqazoolushaqazoolu Member Posts: 259 ■■■■□□□□□□
    I'm jealous. I want to take this so badly. Congrats.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Wow, I'm envious. That's a course I would love to take, but fear I don't meet the prerequisites to understand the material well enough.

    Is the new 2-hour / 75-question format just for the GREM or across the board for all GIAC exams?
    Hopefully-useful stuff I've written:
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Congrats! What's your background?
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • iVictoriVictor Member Posts: 45 ■■□□□□□□□□
    yea Thanks guys.
    This is the Right Time
  • iVictoriVictor Member Posts: 45 ■■□□□□□□□□
    @docrice: 2 hour / 75 questions format seems to be only for GREM. GCIH and GPEN that I tested earlier had the 4h / 150q.

    @the_Grinch: I've worked across windows / *nix systems, n/w admin, databases, enterprise AV, & vuln assessment. In recent years, I've been pentesting n/w & web apps at work and doing exploit dev out of interest. Though I've been playing on with botnets & trojans for a while, this is the first time I charted the RE path thoroughly.
    This is the Right Time
  • ipchainipchain Member Posts: 297
    Congrats iVictor!

    I've been wanting to take this course for a while now, but I don't see it happening this year. My wallet needs some time to heal from paying for (5) SANS courses in a year, so I will probably tackle it in a year or two.

    How would you rate this exam in terms of difficulty? I've heard many people often fall behind due to lack of programming skills, would you agree with this? Either way, congrats once again and keep up the good work man!
    Every day hurts, the last one kills.
  • iVictoriVictor Member Posts: 45 ■■□□□□□□□□
    @ipchain: Thanks mate. The exam had its share of challenging questions, well quite a big chunk if I may say. I felt most questions were not quite straight-forward. I didn't expected them to be either so. I recall pressure built up ecstatically when I erred on first few questions in a row.

    Instead questions needed to be looked up in the whole swarm of RE study, not just necessarily books or other study material but rather some prior experience / hands-on and common sense. I think rigorous reading of RE topics coupled with some of my prior exp with exploit dev, bots & web-app assessment did help me there.

    But RE is not my daily bread & beer so I am sure ones who are experienced in this domain may not have to sweat it out at all. And nah, you do not need programming experience for the subject from exam point of view.
    This is the Right Time
Sign In or Register to comment.