PASSED THE SANS GREM!

Passing the GREM

Before I discuss my experience taking and passing the GREM, let me first explain what it is from GIAC.

GREM (GIAC Reverse Engineering Malware) is a certification program offered by GIAC, which is an organization that provides professional certifications in the field of information security.

The GREM certification is designed to validate the knowledge and skills of malware analysis and reverse engineering professionals. It focuses on teaching individuals how to analyze malicious software (malware) to understand its inner workings, behavior, and potential impact on computer systems. This knowledge is essential for identifying, mitigating, and preventing malware-related threats in various environments.

Now that's covered, I was lucky enough to be picked for FOR610 in early February of this year (2023.) for work-study, meaning I could take the entire course and exam for $2500. The class I took was with Evan Dygert, a great teacher, and I have nothing but the utmost respect for him! He's fantastic to talk with and cares about his students. I spent my week helping him post links and pinning any links he requested. Because I took the entire course, I also had the chance to take the GREM Netwars, where you compete at the end of day six against all the other students to win a challenge coin. The Netwars is a realistic simulation of an RE/MA job (I'd assume.), just a bunch of malware, figuring out what it does and answering the questions. I thankfully WON! This means I got the REM challenge coin, and it's also my first-ever coin, so it will hold value for me for years to come.

Once the class was completed, it was time to start studying and creating my index. I originally started indexing with the pancake method. Still, I was hit with some medical issues requiring surgery on short notice. Since I knew I would be in pain for the next few weeks. Also, I needed to trust myself to keep up with creating sticky notes and tabbing on prescription painkillers. I opted for a more general breakdown of keywords, page numbers, and descriptions with nothing extra.

All-in-all, my index took me over a month to create. When I first drafted my index, I decided to take my first practice exam and got around 65%, which is a fail, but at least it showed me where I was lacking! I redid my index, went over some of the labs, and noted specific steps for the labs within my index so that if something related to JS or PS, I could easily find the lab in reference in the workbook. Once that was completed, I took my second practice test and received a 78%; I repeated the same steps to ensure I got the correct findings and made the index easier to utilize since time is an essential factor in a SANS/GIAC exam.

I opted to buy a third practice test since I am human and have confidence issues, and the 78% was only 7% away from failing, but once I took my third one and scored 90%, I knew it was time to test. I scheduled my exam for a late evening and wanted to give myself the entire day to study (Worst idea ever.) but found myself after a few hours just not really looking anymore but watching YouTube, lol.

Upon taking the exam and doing the usual preparations like dismantling all my monitors and whatnot, It was time!

After about 2 hours and some other minutes, I passed the GREM with an 88%.

I thank Evan and a fellow student in my course for my passing; they were helpful and made it fun even if I had surgery between the course and the test date.

I recommend taking an online/in-person course for this type of exam; it is regarded as one of the most challenging SANS exams and is a very niche topic. I recommend indexing any way you retain the information; the glorified pancake method works, but going super simple does for others like me.