Based on your complaints, you might want to check out Def Con's less trashy sister Black Hat

If you need more than two, you can buy more practice exams. I do not remember the pricing right now.

Lenny has been giving this out at his GREM courses for quite awhile. Nice to see that it is now publicly available.

HD Moore for the lifetime achievement.

Interesting that the browser most likely to have an exploitable condition is the one with the best protection.

It would be interesting to see their full testing criteria, too bad they are charging for that these days.

I have taken several SANS/GIAC courses and tests, and one recommendation I will add is to say make sure you know the material and only look up answers if you do not know the answer right away or have a question with two answers that could be right.

I have also found that indexing is becoming less important as they have been adding tables of contents to the most recent revisions.

It really depends on what you define as programming knowledge. I can read enough of it to undestand what most routines do, but could I write a realtion databgase management system or other complex application from scratch? Absolutely not. What SANS and Lenny are trying to say by that statement is that you don't need to be a developer or have completed a prgramming degree to take the course or gain a weatlh of knowledge from the course.

Jamy

Unfortunatelly, there is only one free tool left for SCAP, that I am aware of. Fortunatelly, it works pretty well. The tool is Secutor Prime.

http://www.threatguard.com/downloads.htm

It burns me that this guy is trying to pull the race card. It's because he is African America that the hate flows; the hate stems from his lack of ethics. There are plenty of African Americans and other minorities in IT Sec that are accepted just fine, the difference is they have a clue and are not shisters!

How about:

Pwning for Good - ethicalhacker.net

I agree. We do not need unethical types in our field.

Having recently taken the GREM course. I can personally tell you that it is excellent. Lenny Zeltser is very knowledgeable and also has an engaging teaching style. I will not rehash, the topics covered in the course, suffice it say that it covers all types of malware.

Looking at the topic listing for the CREA, it appears to me that the CREA and GREM are very similar, however since I have not taken it I cannot specifically speak to it. One thing to note though is that it appears the CREA is an exam and certification only, they do not seem to provide training. You may be able to take the GREM course and then certify on both the GREM and CREA.

Which you should do next out of the certifications that you list really depends on your professional goals and/or your interests.

If you ahve any specific questions on the GREM course, I would be happy to tey to answer them for you.

Wow! So now poeple are racist for calling him out on his lack of ethics. This guy is a straight up clown. If he really holds any certifications, they will be stripped as pretty much every certification has a code of ethics.

I like the store. I also like the slogan on the shirt. My only criticism is that the slogan may make people think EH is a job board.

This response could be jumping the gun a bit. Certain types of malware will go inactive or even delete itself if the network connection is pulled. A better step is to move the system to an isolated VLAN where further analysis can be performed. Part of properly responding to an incident is understanding what you have been attacked with.