Passed GREM

Hello All,

I have rounded out a successful year passing my GCFA and GREM!

FOr the GREM, the Practical Malware Analysis book has A LOT of the material you would need to pass the GREM. I actually used it almost as much as i did the course books during my test.

It was a very interesting course provide a lot of information, not as much reversing as I would think more Debugging but it was practical none the less. Next i will be dipping into "Reversing" and "The IDA Pro Book" books and taking the journey down malware analysis lane.

Find more posts tagged with

Comments

docrice

I'd like to hear more about your experience with this one. It's probably a subject area that's way over my head so I probably won't be looking into it anytime soon, but a very hot topic for sure.

Psyco32

Congrats!! I also took the course but a lot of it was way over my head considering it's not what I do. However it's on my list for next year's goals. I wholeheartedly agree with you on the Practical Malware Analysis and also the Malware Analyst's Cookbook. Both of these break the subject matter down in an easier format to understand. Taking time to go through those will help on the exam I hope. Question for you on the ACE? Were the test questions taken from the image you examine or was it a combination of image analysis questions and the PDF download of relevant study material?

DAVIS NGUYEN

Congrats on the pass

ccnpninja

good job!

idr0p

For the ACE all the questions are a combination of the PDF materials and the image (not alot from what i remember). If you know the PDF you should have no problem passing.

Psyco32 wrote: »

Congrats!! I also took the course but a lot of it was way over my head considering it's not what I do. However it's on my list for next year's goals. I wholeheartedly agree with you on the Practical Malware Analysis and also the Malware Analyst's Cookbook. Both of these break the subject matter down in an easier format to understand. Taking time to go through those will help on the exam I hope. Question for you on the ACE? Were the test questions taken from the image you examine or was it a combination of image analysis questions and the PDF download of relevant study material?

idr0p

Honestly a lot of the concepts in the course are more Analysis vice Reverse Engineering. Yes the assembly can be overwhelming but i think after going through the PMA book and taking the course i knew enough to do some damage. But I'm by no means a pro on that subject. The best part of this was the Behavioral analysis, alot can be done just seeing want the malware does when you run it. Also understanding the various analysis methods for Document/Web malware was a nice touch.

All in all the course goes over alot, its more analysis then reversing.

docrice wrote: »

I'd like to hear more about your experience with this one. It's probably a subject area that's way over my head so I probably won't be looking into it anytime soon, but a very hot topic for sure.

docrice

I'm entertaining the idea of taking another SANS course for next year's training and FOR610 is starting to look more appealing. It's much less network-oriented than the courses and focus I've had for the past few years and this would be a nice breath of fresh air. I'm concerned, however, that I won't be able to digest much of the programming/computer architecture content that seems to require a computer science degree to comprehend.

YFZblu

Congrats OP! That looks like an incredible course. I'm sure it was a lot of fun.

Do you (or anyone) have a recommendation for learning assembly with the goal of eventually performing malware analysis? My experience: I'm fairly comfortable programming in a couple of high-level languages procedurally; Python and JavaScript - I'm currently working quite hard at wrapping my mind around object-oriented programming design/technique, it's coming along. Any advice would be great.

idr0p

Someone i know went through it and helped them

Assembly Language and Shellcoding on Linux « SecurityTube Trainings

I like Free IDA Pro Reverse Code Engineering and Binary Auditing Training Material for University Lectures
they are a IDA class but it is really what you need to know for malware analysis

there is also open security

IntroX86

-- DISCLAIMER -- i am in no way tied to any of these sites and the courses may contain live malware samples for learning so use caution.

azmatt

Congrats! Working on my C and learning assembly language are tops on my to-do list so I can work on my RE and exploit dev. It's good to know that Practical Malware Analysis and the Malware Analyst's Cookbook will be good primers.

EngRob

Congrats!