Reverse engineering certification

This topic contains 3 replies, has 4 voices, and was last updated by  sil 7 years, 6 months ago.

  • Author
    Posts
  • #7430
     ilduce 
    Participant

    Hello EH,

    I’m looking to get more into reverse engineering.  I have the option of taking either the Advanced Malware analysis course by the Academy of Computer Education or the Certified Reverse Engineering Analyst course by IACRB (Information Assurance Certification Review Board).  I know that both the CREA and AMA courses are hands on, but I don’t know anything about the certs.  What do you guys think would be the best course to take?  The SANS GREM is out of my reach right now due to the cost of SANS classes.

    http://www.iacertification.org/crea_certified_reverse_engineering_analyst.html
    http://www.trainace.com/courses/advancedmalwareanalysis/

    Thanks!

  • #46403
     dimo 
    Participant

    @ilduce wrote:

      I know that both the CREA and AMA courses are hands on, but I don’t know anything about the certs.  What do you guys think would be the best course to take?  The SANS GREM is out of my reach right now due to the cost of SANS classes.

    Hi I too would like the same feedback as  ilduce if anyone can shed light on the matter? what certs do employers look for here?

  • #46404
     YuckTheFankees 
    Participant

    When I type GREM into http://www.indeed.com, I get about 80 results. If I type in CREA, I barely get any results. As of right now, GREM is the certification you would want to get.

  • #46405
     sil 
    Participant

    When it comes to malware, experience will trump the cert so you want to get your hands dirty on this. The GREM is not that hard, but it is not an easy exam.

    It is considered an advanced forensics course by some so its best to look at it as such. In order to understand malware, you will need to understand a lot (emphasis A LOT) about the system the malware is targeting. This means you need to familiarize yourself with the appropriate tools to perform the appropriate function: Watch memory, the registry, file system, honeypots, networking.

    GREM as a class was a pretty cool course but experience and tinkering on your own will yield you greater results AFTER the exam. For that, I recommend labbing up REMNUX, Virtualbox over VMWare, heading to Contagiodump and learning the ropes with live samples.

    If you care to see a fast paced analysis check out what I did for the RSA compromise to give you an idea.

    http://www.infiltrated.net/rsa-comp-analysis

    You seriously need to understand a lot of different topics including Assembly, Java, Debugging, Reversing using IDA/WinDBG/Olly and so forth, tool FUNCTIONS etc to pass the GREM though.

    As for the work, can be really tricky. I have been working on an analysis right now for the past 6 months as part of a project. The sample I am using changes every four hours. My analysis documents and analyzes memory, registry, network connections and a heap of other things. Since it changes so much, I have had to write custom programs to keep track of what is new, what has changed and so forth. For anyone wondering the sample is part of a C&C and that’s all I will say about it 😉

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?