Practical Malware Analysis - Webinar/release

[Eleven]

If anyone has taken GREM and read The Malware Analyst's Coobook and Practical Malware Analysis, how well would someone do on the exam just by reading those two books and practiced what they learned?

[sil]

Its better to get the content from SANS since questions can be centered around what you saw/learned in the course not the Practical Malware Analysis book. There are quite a few tools covered in SANS that are not even mentioned in the Practical book. I have the practical book and while its ok, there are certain subjects that are covered in depth during the course (SANS) but only brushed up on in the Practical book.

[Eleven]

Its better to get the content from SANS since questions can be centered around what you saw/learned in the course not the Practical Malware Analysis book. There are quite a few tools covered in SANS that are not even mentioned in the Practical book. I have the practical book and while its ok, there are certain subjects that are covered in depth during the course (SANS) but only brushed up on in the Practical book.

The Malware Analyst Cookbook covers some document analysis that is in GREM and Practical Malware Analysis doesn't really cover.  I'm sure SANS is better.   However, I just can't justify ~$4000 on SANS when those two books may not cover all the stuff GREM does, but they come close and do it for ~$70.

[sil]

You're missing the point here. SANS' exam is whatever they want it to be not what another book places inside of it. You asked a specific question and got a specific answer. I have both books, Malware Analyst Cookbook and Practical Malware Analysis, while there is SOME content SIMILAR to what is on the GREM exam, the questions on the GREM exam are SPECIFIC to what is in SANS' content NOT the two other books. Can you pass it with just those two books? NO Does this mean you can't learn from those books? NO You WILL learn from those books but it will NOT be enough to do the GREM exam especially when during GREM training they use CONCEPTS, applications and approaches that differ from what is covered in those two books.

[Eleven]

Yeah, I understand that.   However, I'm pretty sure some people here have passed SANS exams (GPEN for example) without taking the SANS class or reading the SANS books... just by reading other books, online material and practicing.  I know it would be easier by taking the class, and probably just by reading those two books you would fail, but I'm wondering how relevant those books are to SANS.

They may differ, but I think they would have a lot in common with GREM and so it may be worth it to do it the hard way without official books if it's possible to save $4000.

[ajohnson]

I can't speak for this exam specifically, but it's definitely possible to pass SANS/GIAC exams without taking the corresponding course. You'll get two practice exams with a challenge attempt. While the difficulty may be less than the actual exam, the practice exams are still very useful for identifying gaps in knowledge. You'll undoubtedly be exposed to new tools, techniques, etc., and then you can go do some independent research. Also be sure to review the day-by-day breakdown on the course page and research all those items.

[3xban]

I would consider the books a good place to start if you have an interest in Reverse Engineering malware but I would agree with the sil that passing a GIAC course only using those books may be a waste of your 850 bucks.  The SANS classes are expensive, but the material covered is pretty good and does match up with the GIAC exam.  Not to mention you get the course materials which can be used during the exam since they are Open Book.  So get the sticky notes and crib sheets ready. 

[idr0p]

Good books for this cert
Malware: Fighting Malicious Code - Made by Course Writer Lenny Z. and Other Sans Instructor Ed S.

Malware Analysts Cookbook

and this book and you will be all set.

[sil]

This is probably on par to being the best free material you can find on malware from a realistic perspective (meaning, what really occurs when analyzing malware).

http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html

[3xban]

nice, thanks!