.

CREA Certified Reverse Engineering Analyst

<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Sat Sep 06, 2008 12:13 pm

CREA Certified Reverse Engineering Analyst

Hi All,

I was just wondering if anyone here has completed the Reverse Engineering Course offered by the InfoSec Institute and/or completed the certification?

I'm just curious becuase I have searched these forums a bit but can't seem to find any reviews on it.  I'm about to take the course myself as they're releasing it in an online format so I don't have to travel to the US to do it.

I'll definately post a review myself when I finish it.

oh, by the way - this is my first post - this looks like a good set of forums, I hope to be able to contribute to it in the near future.  :-)

Cheers,
Nick
Last edited by NickFnord on Mon Sep 08, 2008 7:27 am, edited 1 time in total.
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Mon Sep 08, 2008 7:24 am

Re: CREA Certified Reverse Engineering Analyst

I guess not many people have done this or are interested..... this thread is now the second result in a google search of the entire interwebs for "Certified Reverse Engineering Analyst"    :-\
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Sep 08, 2008 8:20 am

Re: CREA Certified Reverse Engineering Analyst

I think there is definitely interest, but since this is an already crowded niche for certification, it may just be that nobody has taken the course yet. I know the SANS and Mandiant courses are very popular in this area.
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Mon Sep 08, 2008 10:46 am

Re: CREA Certified Reverse Engineering Analyst

I had looked at the SANS course, and although it looks good I'd heard they were fairly expensive, there's also a time limit on the availability of the online content which I think is not the case for the infosec institute course (although I'll check). 

I'm not in it for the certification and my company is not paying for it so I'm hoping I've made a good decision - will find out within the next month or so I guess.
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Tue Oct 21, 2008 8:30 am

Re: CREA Certified Reverse Engineering Analyst

Just recieved word that this course should be ready for shipping out today - hopefully I'll get to start it by the end of the week  :-)

having done a bit of learning by myself over the past month or so, I'm concerned that the course content won't add much that I couldn't have learned for free via the web.  not that I'm doubting the knowledge and experience of the instructors, just I have lowish expectations unfortunately. 

I'll definately post some detail when it becomes available.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sat Nov 01, 2008 6:20 pm

Re: CREA Certified Reverse Engineering Analyst

How is the course going?
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Sat Nov 01, 2008 7:25 pm

Re: CREA Certified Reverse Engineering Analyst

Unfortunately not that well - I still havn't recieved the course material - I'm following it up with the infosec institute.

I have access to the online component which just contains the lecture videos by Danny Quist (from http://www.offensivecomputing.net/).  the videos start off fairly basic, but they get straight into it by about the 5th one (out of 35).  the idea goes that you watch a video of the instructor and then you do a lab excersise (contained in the material that was supposed to be mailed to me)  so the videos don't really go into all that much depth from the early on ones that I've seen.

It's also obvious that they're having some teething problems with the whole online thing - some of the videos are just powerpoint slides with a mouse cursor frantically trying to indicate something but with no one talking... so I'm assuming these things will sort themselves out.  going to give them another call on monday to see how everything is coming along.

I'm expecting the course to be high quality content, even if the delivery is lacking at the moment - they've had great reviews about the CEPT certification so I'm expecting the CREA one to be of similar caliber.

in the meantime I've got the Shellcoders handbook to keep me satiated.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sat Nov 01, 2008 9:58 pm

Re: CREA Certified Reverse Engineering Analyst

Hrmm that's too bad, it sounded promising.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Nov 02, 2008 6:09 pm

Re: CREA Certified Reverse Engineering Analyst

NickFnord wrote:in the meantime I've got the Shellcoders handbook to keep me satiated.


I was just looking at this today. Looks like a very cool book.
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Mon Nov 03, 2008 5:40 am

Re: CREA Certified Reverse Engineering Analyst

I've found it to be excelent so far.

I've made a few notes on the second chapter concepts on my blog (www.nickfnord.com) I don't know if it will help persuade you to get it.

I heard good things about the first edition and most of the reviews on amazon.com are about the first edition - some mention the mistakes throuought etc.

the second edition is very good and although I can't compare it to the entire first edition, it does seem to have a less condecending tone than the one chapter I read of the first edition somewhere.

It does go in-depth very quickly and so I'm taking it very slowly and making sure I understand everything before I move on, but it is has a nice tone to it that makes it a bit less dry:

quote from chapter 2:
"Now it is time to do something useful with the vulnerability you exploited earlier. Forcing overflow.c to ask for input twice instead of once is a neat trick, but hardly something you would want to tell your friends about - "Hey, guess what, I caused a 15 line C program to ask for input twice!" No, we want you to be cooler than that."


I have alredy found a number of minor technical errors, but at the moment suspect that they may have been introduced deliberately perhaps, as it forces you to understand what's going on rather than just copying and pasting code from the book. 

also - it's been noted that Jack Koziol is notably absent from the authors list of the second edition, but he is specifically mentioned in the authors acknowledgements and his code is liberaly sprinkled throuought the book:

  Code:
[jack@0day local]$ gcc shellcode.c -o shellcode
[jack@0day local]$ ./shellcode
sh-2.05b#


despite the fact I'm a newbie in this sort of thing, I'd highly recommend it anyway.  it definately doesn't hold your hand and so I'd imagine that it would be great for an old hat also.
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Wed Dec 03, 2008 8:51 am

Re: CREA Certified Reverse Engineering Analyst

Finally recieved my package with the software and lab notes.  It was merely a miss-communication of package tracking numbers rather than the fault of the infosec institute.

They've also fixed the online component and added practical excersise videos also.

Now to get stuck into it.  I'll be writing a complete review after about a week or so.

I'm particularly impressed with the CD's that just came - they have all the software required for the lab excersises including the crackme's and viruses that are analysed and on the other CD there's one large VMware image containing everything for those who don't have a lab environment set up already.

*rubs hands together with childish glee*
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Dec 03, 2008 10:35 am

Re: CREA Certified Reverse Engineering Analyst

Nick,

keep us (me in particular, I'm being selfish) posted. I like the sound of this course, so I'd be interested in a first hand review.

RR

<edit: note to self, must learn to type....>
Last edited by RoleReversal on Wed Dec 03, 2008 11:51 am, edited 1 time in total.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Dec 03, 2008 11:09 am

Re: CREA Certified Reverse Engineering Analyst

Do you have a place to publish that review? Wink wink nod nod.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Wed Dec 03, 2008 11:34 am

Re: CREA Certified Reverse Engineering Analyst

oh, I was definately ntending on posting it here on EH.net (and on my blog with gratuitous linking to the EH article of course) - would you prefer I start a new article or place it in this thread? 
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Dec 03, 2008 11:41 am

Re: CREA Certified Reverse Engineering Analyst

Please continue posting individual thoughts in this thread, as I'm sure many want to be kept in the loop during your training. Let's take the article discussion of board.

Don
CISSP, MCSE, CSTA, Security+ SME
Next

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software