Posts: 2

Joined: Wed Sep 05, 2007 6:18 am

Post Fri May 06, 2011 4:32 pm


So I convinced my office to let me take the GREM and while I'm at it, have lots of fun and do the CREA as well. Sounds like studying for one compliments the other. Pretty excited about it. However, Don't know a lot about the CREA or IACRB. I really like that they have practical parts of the exam, wish more companies did that. Pretty much anyone can cram for a written test (not always easy but almost always doable) but its harder to fake a practical.
WIth that said, anyone have experience, or thoughts on the CREA? Not a lot of study material so just going to focus on malware analysis, IDA Pro, regular reversing stuff :)Anyone take it and have an opinion on it?


User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sat May 07, 2011 8:17 am


I have taken the GREM and the class is rock solid however, if you have experience doing any kind of exploitation, chances are you have also reverse engineered something during the course of your career or hobby. This makes the static analysis portion of the class simpler. I can't speak about the CREA because I haven't taken that class so instead I will offer an opinion based on the CPT and CEPT which comes from InfoSecInstitute.

When I took the CPT and CEPT the content was spot on as were the videos. My only gripe was that they were pre-recorded so any questions you would need to ask could not be asked. In comparison, I took GREM via vLive which enabled me to ask away and point out alternatives to not only the class but the instructors. It also enabled me to clarify my interpretation of what I was learning.

GREM - rock solid and whether or not you pass or fail, you *will* learn a lot in order to get your feet wet with analysis.

CPT/CEPT - if the CREA was done in similar fashion, you *will* learn alternative and obscure methods and tools to do the work.

Now, because I haven't taken the CREA, I will share an e-mail from last year when I asked someone who DID take the exam:

The CREA course was very interesting to me, a lot more interesting than the CEH. It teaches RE methodologies using real life examples such as cracking s/w registrations, unpacking malware - using Ollydbg and IDApro.

Unfortunately, half of my class did not posses the required prerequisite knowledge, and were more interested in automated tools and step-by-step methods to RE code. ie "toolies". The learning materials were disorganised, and the print quality of the powerpoint slides in the book was very poor.

Thankfully I had a very talented instructor, who is an expert in RE and Malware. He was able to teach the material in a much better way than the course layout, and impart some of his wealth knowledge on the subject matter. Becoming skilled at RE requires lots of practice and skill, something that no course could really teach in a week.

In summary, although I think there are better courses for RE available, I am glad I did the course mainly due to the high ability of the instructor and the amount of his own knowledge he was able to pass onto me, and provide me with a hands-on head start into the world of RE.

Hope this helps,


On 06/22/10 7:58 PM, sil wrote:
xxxx, Sorry to bug you but I have a quick question. Was the CREA training/certification worth taking. I'd rather ask someone whose taken it and can give an honest opinion.

With that said, you should see about potentially taking the GREM followed by a class taught by Joe McCray and company http://www.trainace.com/courses/advance ... eanalysis/ or any of the classes at Recon.cx, Recon is what I call "top of the food chain" in this area



User avatar


Posts: 4270

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon May 09, 2011 10:43 am


FYI - Conference Info:

Recon 2011
July 8 - 10, 2011
Montreal, Canada

http://www.ethicalhacker.net/component/ ... ic,7016.0/


Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software