.

Reverse engineering certification

<<

ilduce

Newbie
Newbie

Posts: 1

Joined: Wed Mar 14, 2012 8:01 pm

Location: DC

Post Wed Mar 14, 2012 8:02 pm

Reverse engineering certification

Hello EH,

I’m looking to get more into reverse engineering.  I have the option of taking either the Advanced Malware analysis course by the Academy of Computer Education or the Certified Reverse Engineering Analyst course by IACRB (Information Assurance Certification Review Board).  I know that both the CREA and AMA courses are hands on, but I don’t know anything about the certs.  What do you guys think would be the best course to take?  The SANS GREM is out of my reach right now due to the cost of SANS classes.

http://www.iacertification.org/crea_cer ... alyst.html
http://www.trainace.com/courses/advance ... eanalysis/

Thanks!
OSCP CEH CCNA CISSP
<<

dimo

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Apr 08, 2008 5:27 am

Location: Ireland

Post Tue Mar 27, 2012 3:45 am

Re: Reverse engineering certification

ilduce wrote:  I know that both the CREA and AMA courses are hands on, but I don’t know anything about the certs.  What do you guys think would be the best course to take?  The SANS GREM is out of my reach right now due to the cost of SANS classes.


Hi I too would like the same feedback as  ilduce if anyone can shed light on the matter? what certs do employers look for here?
C|EH C|HFI ECSA Comptia Security +
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Tue Mar 27, 2012 9:00 am

Re: Reverse engineering certification

When I type GREM into www.indeed.com, I get about 80 results. If I type in CREA, I barely get any results. As of right now, GREM is the certification you would want to get.
OSCP in progress
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Mar 27, 2012 11:12 am

Re: Reverse engineering certification

When it comes to malware, experience will trump the cert so you want to get your hands dirty on this. The GREM is not that hard, but it is not an easy exam.

It is considered an advanced forensics course by some so its best to look at it as such. In order to understand malware, you will need to understand a lot (emphasis A LOT) about the system the malware is targeting. This means you need to familiarize yourself with the appropriate tools to perform the appropriate function: Watch memory, the registry, file system, honeypots, networking.

GREM as a class was a pretty cool course but experience and tinkering on your own will yield you greater results AFTER the exam. For that, I recommend labbing up REMNUX, Virtualbox over VMWare, heading to Contagiodump and learning the ropes with live samples.

If you care to see a fast paced analysis check out what I did for the RSA compromise to give you an idea.

http://www.infiltrated.net/rsa-comp-analysis

You seriously need to understand a lot of different topics including Assembly, Java, Debugging, Reversing using IDA/WinDBG/Olly and so forth, tool FUNCTIONS etc to pass the GREM though.

As for the work, can be really tricky. I have been working on an analysis right now for the past 6 months as part of a project. The sample I am using changes every four hours. My analysis documents and analyzes memory, registry, network connections and a heap of other things. Since it changes so much, I have had to write custom programs to keep track of what is new, what has changed and so forth. For anyone wondering the sample is part of a C&C and that's all I will say about it ;)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software