0xJunkCod3
  • 0xJunkCod3
  • Malware write-up: Remcos
  • Malware write-up: Generic Downloader
  • Learning Assembly - Part 2: Registers/Flags
  • BTLO - RE - A Classic Injection - Writeup
  • Learning assembly - Part 1: Bitwise Operations/Endianness
  • What to do after the SANS/GIAC GREM
  • PASSED THE SANS GREM!
Powered by GitBook
On this page

What to do after the SANS/GIAC GREM

I'm a wannabe security researcher. I find malware fascinating, and it's one thing I tend to keep up on since I work in Incident Response; I've always thought the next best thing for my career would be to switch from a more intense role, where time is of the essence, and you need to come up with a plan as quick as possible, to a position where you have a bit more leisure when it comes to your investigating. I know every role is different, and some reverse engineers/malware analysts spend an hour or two per sample or even shorter depending on the need, but I'm generalizing here.

You might feel slightly moody about it if you're like me and have completed your GREM. It's an excellent certification that introduces you to some samples and how things work, but it just scratches the surface and doesn't dive deep into anything. You might search for other courses, like Signals Lab, RE-and-More, RE101, etc. What to pick up next, or make work buy? Well, lucky for you, I've bought all of this shit... And here's what I recommend!

If you still need the fundamentals, I recommend contacting RE-and-More and asking about his courses. They're very nicely priced, and the more you take, the cheaper they are! I also recommend picking up his book, which he and another co-authored. (He also has a course, but I'm unaware of what it's like.) Alexey will basically rebuild you from the ground up and solidify what you know and don't know while introducing things that should have been covered in the GREM. He doesn't have the GREM himself, but he does have 15 YOE in Reverse Engineering/Malware Analysis and is deemed a brilliant individual by everyone I've spoken to about him!

Once you complete his courses and get the 20+ hours of fundamentals/more individualized courses under your belt, I recommend picking up Zero2Automated and starting working on those labs; they'll be challenging and make you sweat quite a bit (in a good way.) I would also go over the book I mentioned by Alexey and his Co-author. You'll realize he covered some of the books in his 1-on-1 training, but don't discredit the man and his time with you! The book is just another piece of the puzzle to solidify this information. RE/Malware analysis is a constant cat-and-mouse game when it comes to learning; you'll forget things here, learn new things there, and become a better person in this niche ass field.

After you have completed all of those, now is the time I would start looking into more of the hardcore workshops/courses like Hexorcist, Targeted Malware, and so on, while also picking up samples from the places you know of like VX, Malware Bazaar, VirusShare and so on and just creating malware reports for fun on any sample you deem necessary to take apart.

While this way might cost an arm and a leg overall, it is a necessary evil when it comes to switching to a more niche career. But there are other ways to do it!

PMAT by TCM can be picked up for $1 during Black Friday. Zero2Automated isn't always $250 (I can't recall the sale I saw for them a while back), and plenty of books exist that will take you from novice to intermediate for under $100. OALabs streams/YT are entirely free, and for $5 a month, you can get unlimited access to his Patreon, where he does more in-depth stuff.

PreviousLearning assembly - Part 1: Bitwise Operations/EndiannessNextPASSED THE SANS GREM!

Last updated 1 year ago