March 15, 2012 at 1:02 am #7430ilduceParticipant
I’m looking to get more into reverse engineering. I have the option of taking either the Advanced Malware analysis course by the Academy of Computer Education or the Certified Reverse Engineering Analyst course by IACRB (Information Assurance Certification Review Board). I know that both the CREA and AMA courses are hands on, but I don’t know anything about the certs. What do you guys think would be the best course to take? The SANS GREM is out of my reach right now due to the cost of SANS classes.
March 27, 2012 at 8:45 am #46403dimoParticipant
I know that both the CREA and AMA courses are hands on, but I don’t know anything about the certs. What do you guys think would be the best course to take? The SANS GREM is out of my reach right now due to the cost of SANS classes.
Hi I too would like the same feedback as ilduce if anyone can shed light on the matter? what certs do employers look for here?
March 27, 2012 at 2:00 pm #46404
March 27, 2012 at 4:12 pm #46405silParticipant
When it comes to malware, experience will trump the cert so you want to get your hands dirty on this. The GREM is not that hard, but it is not an easy exam.
It is considered an advanced forensics course by some so its best to look at it as such. In order to understand malware, you will need to understand a lot (emphasis A LOT) about the system the malware is targeting. This means you need to familiarize yourself with the appropriate tools to perform the appropriate function: Watch memory, the registry, file system, honeypots, networking.
GREM as a class was a pretty cool course but experience and tinkering on your own will yield you greater results AFTER the exam. For that, I recommend labbing up REMNUX, Virtualbox over VMWare, heading to Contagiodump and learning the ropes with live samples.
If you care to see a fast paced analysis check out what I did for the RSA compromise to give you an idea.
You seriously need to understand a lot of different topics including Assembly, Java, Debugging, Reversing using IDA/WinDBG/Olly and so forth, tool FUNCTIONS etc to pass the GREM though.
As for the work, can be really tricky. I have been working on an analysis right now for the past 6 months as part of a project. The sample I am using changes every four hours. My analysis documents and analyzes memory, registry, network connections and a heap of other things. Since it changes so much, I have had to write custom programs to keep track of what is new, what has changed and so forth. For anyone wondering the sample is part of a C&C and that’s all I will say about it 😉
- You must be logged in to reply to this topic.