GIAC Malware Analysis Certification: GREM

GIAC Malware Analysis Certification: GREM

The GIAC Reverse Engineering Malware (GREM) certification is designed for technologists who protect the organization from malicious code. GREM-certified technologists possess the knowledge and skills to reverse-engineer malicious software (malware) that targets common platforms, such as Microsoft Windows and web browsers. These individuals know how to examine inner-workings of malware in the context of forensic investigations, incident response, and Windows system administration.

Reasons to Become GREM Certified:

  • Become more valuable to your employer and/or customers by highlighting your cutting-edge malware analysis skills through the GREM certification
  • Motivate yourself to develop a new skill set by reaching for a concrete, measurable, and achievable goal embodied by the GREM certification
  • Join the ranks of highly-respected professionals who possess the knowledge and skills that are relatively rare in the industry
  • Reinforce and affirm your ability to understand characteristics of real-world malware, so you can better respond to incidents and reinforce defenses

Certified Skills that GREM Certified Professionals Possess

  • Assemble the toolkit for malware forensics
  • Perform behavioral analysis of malicious Windows executables
  • Perform static and dynamic code analysis of Malicious Windows executables
  • Intercept system and network-level activities in the analysis lab
  • Patch compiled malicious Windows executables
  • Shortcuts for speeding up malware analysis
  • Core concepts for reverse-engineering malware at the code level
  • x86 Intel assembly language understanding
  • Identify key x86 assembly logic structures with a disassembler
  • Patterns of common malware characteristics at the Windows API level
  • Work with PE headers of malicious Windows executables
  • Handle DLL interactions and API hooking
  • Manual unpacking of protected malicious Windows executables
  • Capability to subvert anti-analysis mechanisms built into malware
  • Analyze protected malicious browser scripts written in JavaScript and VBScript
  • Reverse-engineer malicious Flash programs
  • Analyze malicious Microsoft Office (Word, Excel, PowerPoint) and Adobe PDF documents
  • Examine shellcode in the context of malicious files
  • Analyze memory to assess malware characteristics and reconstruct infection artifacts
  • Use memory forensics to analyze rootkit infections
SANSFIRE 2019 - DC
Latest Blog Posts

A few Ghidra tips for IDA users, part 2 - strings and parameters
April 22, 2019 - 10:08 AM

A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
April 16, 2019 - 2:59 PM

A few Ghidra tips for IDA users, part 0 - automatic comments for API call p [...]
April 16, 2019 - 2:40 PM

Latest Tweets @sansforensics

MALWARE CAN HIDE, BUT IT MUST RUN! New #FOR526 #MemoryForens [...]
April 23, 2019 - 12:40 PM

Get an iPad Mini, Microsoft Surface Go, or take $300 off whe [...]
April 23, 2019 - 12:40 AM

Take #FOR500 #WindowsForensics with @hexplates or #FOR610 Re [...]
April 22, 2019 - 8:40 PM

Latest Papers

Unpacking & Decrypting FlawedAmmyy
By Michael Downey

Putting it all together through Automation
By Kenneth Ray

Evidence of Data Exfiltration via Containerised Applications on Virtual Private Servers
By Seth Enoka

"Forensics is a lot more than just imaging a drive."
- Joseph Fresch, Guaranty Bank

"For my line of work, basic & extensive understanding of the file system is extremely important. The literature and books on file systems for me are very critical & thanks you for them, great reference material"
- Vince Ramirez, Las Vegas Metro P.D.

"A great course on timeline, registry, and restore point forensics. SANS is continuing to be the leader on teaching new techniques happening with forensics."
- Brad Garnett, Gibson County Sherrif's Dept.