Firstly I would like to thank everyone on the forum for voting for me for Blackhat even though I could not attend. Secondly, I would personally like to thank Don and the EthicalHacker.net framework concept he has with this site. It's not everyday that I've come across a site where I can learn from (because I do) and actually help others or at least try to share with others anything I've learned. With that said, along comes the long rambling (in usual fashion)

After winning July's contest, I was fortunate enough to be able to sign up for the GREM in lieu of SEC-542/SEC-504. Both those courses I'm almost positive are excellent courses however, I'm familiar with many core topics and have been moving more towards reversing so it made sense to at least beg SANS to let me swap any of those for the GREM. (Alright so I just asked and they agreed).

Anyhow, for those who don't know me on a personal level or who haven't corresponded with me via e-mail or other means, I have a dozen plus years of "professional" security experience under my wing. I initially started my foray into computing professionally circa 1991 at a financial institution where I assisted the fraud department in what was then Chemical Bank pre Manufacturer's Hanover merger. From there I moved into the advertising industry (J Walter Thompson, Grey Direct) and into "pre-press" production where I got my taste of heavy Unix based systems administration under a slew of different OS' (Irix, NeXT, System 7 (through 7.6 Quadras baby!)) and all different types of networking, AppleTalk, Novell, etc. My first forays into Linux came after I had been using FreeBSD (2.0) in which I began using Slackware followed by OpenBSD, QNX and other operating systems out of hobby (QNX, Tru64, etc.). My main tasks begin in hardcore systems administration, upgrades, keeping things running, trying new things. My first *true* venture into computing though came via my then Coleco Vision Adam

Security came and comes way via a hobby, interest and self-teachings. There were friends in the realm of systems/security (back then), IRC, "the Internet", pre-Internet were BBS', people like RSnake, Tattooman, Spikeman, Chameleon, Vacuum, Bronc Buster, Sinnerz, Technotronic, Rhino9 and a slew of others I've had the fortune to learn from and with and sort of "grow up online with." I'd been fortunate enough to learn from a lot of people in the industry, many of which actually are CSO's now.

Back when I got started, there wasn't much via way of what there is today regarding security articles, books, etc., so the books I recall reading were from the beautiful minds of Bellovin, Blaze, Cheswick, Dorothy Demming and others. My first true "hardcore" glimpse at security from a business standpoint came maybe in 95 from Marcus Ranum via the Lisa Conference where I heard about a system called Aurora. Around this time frame (94-96) I began finding and reading boatloads of information on security that interested me. I also began tinkering with tools like RScan, SATAN, Tiger, Autohack, COPS. Sites that I frequented back then, PacketStorm when it was @ Genocide2600 (greets to Genocide, DoXavG, Ken and others), Kwantaam Pozetron, Fravia and others.

Book after book, application after application. I was sold on determing how to secure whatever it was I was doing. In order to do so, I believed then and still believe now, one needs to understand how to compromise/break it. Fast forward almost 20 years later, here I am. Still reading, book after book, playing with application after application. Attempting to and sometimes writing my own, still tinkering, still fascinated. I've watched and experienced the dotcom "daze" via way of Metromedia Fiber, Starmedia, Register.com and a few others. I've had my share of working for dotcoms, ISP's, MSP's and now an ITSP where I am in charge of developing, deploying and administrating our managed security services. I keep my current employer out of the radar to avoid the downsides of the Internet as I've experienced those downsides in a horrible way once upon a time. (For those wondering where I work, unless I explicitly tell you, good luck finding out).

So what is it I do now. Tough to explain... I work at a "services" based company. We offer a variety of things from VoIP trunking and interop, telecom billing, managed firewalls, routers, pentesting, assessments, etc., etc., etc., If it exists as an IT service, we offer it. The breakdown of a typical of a typical day varies but I would place it at 40% security 20% networking 20% VoIP 10% systems administration/engineering 10% vendor/client/*other* meetings and conference calls. My environment: Juniper (SA, SSG, SRX, JunOS(all types)), Cisco (almost anything and everything), Avaya, Nortel, Foundry, Sonicwall, Session Border Controllers, and this list could be long enough to make someone puke. Because of my environment, I love being able to dabble with anything and everything. It definitely has allowed me to learn a lot more than staying static at another company (we only use Cisco... well we only use Juniper!).

Anyhow, I've been fortunate through the years and have my share of unfortunate circumstances as well. This is life though What do you do when you're handed lemons, you either make lemonade. With this said, I will keep the rambling down and try my best to post on the steps I'm taking to learn and understand GREM content. I've got 4-5 months to play with and get myself ready. So why GREM?!? Well, I've been doing penetration testing for a while before it became a hot topic (my first professional pentest as in 99 to be exact for back then the WWF via a managed service provider) so I'm comfortable with what I know. Why not Incident Response / Handling... Been there done that. Reverse Engineering as a whole is an interesting topic let alone malware. Because I've been slowly teaching myself reversing on the exploit side, it makes more sense for me to take this course. I'm hoping to understand more of the attack vectors used in that realm, to help me as a whole on the defensive realm (network, applications, sessions, etc.)

With the rambling aside, this month I decided to revisit it a lot of topics. Two current books Ajax Security by Billy Hoffman (dusted off) and "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System" Bill Blunden stay tuned.

haha! Even before opening this thread I thought to myself 'This is going to be Sil', and here you are.
Good luck for the course and hope to read a review from you.

Funny, that the amount of experience you've is almost exactly equal to my age. I fully agree with your thoughts about EHNet. It's a great community and of all the forums I'm in, members here are the most helpful and polite even with newbies. To top it all, Don always amazes us with great giveaways. I'll always be grateful to him for giving me the opportunity to take eLearnsecurity's PTP. I'm a final year college student (and that's the reason I stay away from questions pertaining to professional experience ) and with eCPPT and hopefully CCNA by the end of this year I guess I'll be ready to enter the 'job world'. I personally want to study more (M.tech), but if I screw up my entrance test, I'll perhaps be taking up a job (anything related to networking or system administration). I learn a lot of things by interacting with members here and reading posts and hopefully will be able to contribute back to this forum.

So this next month (January) begins the long awaited GREM vLive training and exam for me. While I've been waiting I haven't had as much time to study as I would have like to, so this week, I think I will take the time to go back and re-read some of the books I bought specifically for malware analysis. Although none of these books are mentioned in any site related to the GREM, I thought they'd help me along the way and they may help you too...

Malware Forensics: Investigating and Analyzing Malicious Code - If you've never read any of the books Eoghan Casey has written, you don't know what you're missing. Eoghan has some excellent forensics books and this one is no exception (although he is a co-author). So far, it's an alright book but it hasn't had that "a-ha so that's what I was missing!" more like a "a - got it now..." since many of the tools and processes written in the book are overlapped with things I already learned. What I like so far is the cross-collaboration with Forensics versus incident response. Sure I want to contain malware (incident response) but this book enables me to look at it from the dissection phase (forensics) and the best part so far (IMO) is the *nix chapters as I am not a Windows fan.

Malware Analyst Cookbook - Steve Adair is a member of a group I'm on and I've always respect him and what he has to say

Rootkit Arsenal - MUST HAVE MUST HAVE MUST HAVE ... Although not in any shape form or fashion related to malware analysis, this book has definitely been helping me think outside the norms. Why? It's because it's written to teach one HOW to be covert... HOW TO WRITE ROOTKITS. With this said, it enables me to think counter-offensively and forensically... "I wonder if the attacker did..."

Anyway, will likely update this as time progresses. Right now, I singled out a standalone machine to use for testing (Windows XP SP3 + VMWare + REMnux) will update this post with the tools as listed on Lenny Zeltser's page.

dante and sil, I am looking forward to read your appreciations of GREM and CREA!

As a note, on December 25th, at 7:20am when everyone was still asleep, I was coding in Assembly to get ready for going deeper into this field. Yes, I too have no life! 

Hey, I am a parent too!

My two daughters (6 and 8 year old) were still asleep while I was coding!

I look at it as: building up my life NOW to enjoy later... So if staying up an extra 2 hours per day is what it takes to retire comfortably, I'm game. I usually hit the sack about 12-1am and wake up at 5-6am. This is on a daily basis. I have a 9 year old who thinks he's 18 and I have an 18yo who thinks he's 14... The shocker comes out, I have a son who is potentially older than some of you readers