Skip to main content
CyberLive

GIAC Reverse Engineering Malware Certification (GREM)

Practitioner Certification
GIAC Reverse Engineering Malware Certification (GREM)
Register nowRenew
dod_8140
Jump to:

Demonstrate preparedness to analyze and reverse-engineer malicious software that targets the most widely used platforms.

The GIAC Reverse Engineering Malware (GREM) certification validates a practitioner’s ability to examine the inner workings of malware in the context of forensic investigations, incident response, and Windows system administration. GREM is designed for technologists who protect their organizations from malicious code, showing that these individuals possess the knowledge and skills to reverse-engineer malicious software (malware) that targets common platforms, such as Microsoft Windows and web browsers.

Areas Covered

  • Malware analysis using malware code and behavioral analysis fundamentals
  • Windows Assembly code concepts for reverse engineering, and common Windows malware characteristics in Assembly
  • In-depth Analysis of malicious executables and self-defending malware
  • Analysis of malicious document files, .NET programs, and protected executables

Who is GREM for?

  • System and Network Administrators
  • Auditors
  • Security Consultants and Managers
  • Technologists looking to formalize and expand their expertise
  • Forensic investigators and security practitioners looking to expand their skillsets
  • Individuals who have dealt with incidents involving malware

CyberLive: Real labs. Real tools. Real skills.

CyberLive is a hands-on exam format that replaces traditional multiple-choice testing with performance-based challenges in realistic lab environments to validate real-world capability.

Virtual Machines:

Full-scale lab systems that behave like physical computers: install, attack, defend, and run services.

Real Security Tools:

Exact tools used by professionals every day including all the quirks and challenges

Authentic Code:

Real code, real exploits, real impacts

Learn more about CyberLive

Exam Format

  • 1 proctored exam
  • 66 questions
  • 3 hours
  • Minimum passing score of 73%

Note: GIAC periodically reviews and may update certification specifications to ensure fairness, validity, and reliability. Using a psychometric standard-setting study, GIAC has set the passing score for the GREM exam at 73% for all candidates who receive the exam version released on or after August 27th, 2022.

To confirm the exam format and passing score that apply to your specific attempt, please refer to the Certification Information section of your GIAC account: https://exams.giac.org/pages/attempts.

Certification Delivery

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

Woman Staring at Tablet

Exam Certification Objectives & Outcome Statements

  • Analyzing Malicious Office MacrosThe candidate will be able to analyze macros and scripts embedded in suspicious Microsoft Office files to understand their capabilities.
  • Analyzing Malicious PDFsThe candidate will be able to analyze suspicious PDFs and embedded scripts to understand the nature of the threat they might pose.
  • Analyzing Malicious RTF FilesThe candidate will be able to analyze suspicious RTF files and embedded shellcode to understand their capabilities.
  • Analyzing Obfuscated MalwareThe candidate will be able to identify packed Windows executables and obfuscated malicious JavaScript and unpack it to gain visibility of it's key capabilities.
  • Behavioral Analysis FundamentalsThe candidate will be able analyze static properties of a suspected malware sample, develop theories regarding its nature, and determine subsequent analysis steps.
  • Common Malware PatternsThe candidate will be able to identify common API calls used by malware and understand what capabilities the APIs offer to the malware samples. The candidate will be able to identify common techniques used by malware including code injection, hooking, and process hollowing techniques.
  • Core Reverse Engineering ConceptsThe candidate will apply dynamic analysis techniques to examine a malware sample in a debugger and will apply static analysis techniques to interpret common assembly instructions and patterns in Windows malware using a disassembler.
  • Examining .NET MalwareThe candidate will be able to analyze .NET programs to understand their capabilities.
  • Identifying and Bypassing Anti-Analysis TechniquesThe candidate will be able to identify and bypass common debugger detection and data protection measures used in malware, including the detection of security tools.
  • Malware Analysis FundamentalsThe candidate will be able to describe key methods for analyzing malicious software and identify the needs of malware analysis lab.
  • Malware Flow Control and StructuresThe candidate will be able to analyze common execution flow control mechanisms, such as loops and conditional statements, in assembly language.
  • Overcoming Misdirection TechniquesThe candidate will be able to overcome misdirecting execution workflow as an anti-analysis technique used in malware.
  • Reversing Functions in AssemblyThe candidate will be able to analyze malware functions in assembly language to understand use of parameters, return values and other structural elements.
  • Static Analysis FundamentalsThe candidate will be able analyze static properties of a suspected malware sample, develop theories regarding its nature, and determine subsequent analysis steps.
  • Unpacking and Debugging Packed MalwareThe candidate will demonstrate process for unpacking malware using a debugger and repairing unpacked malware for further analysis.

Practice Tests

  • Practice exams are a simulation of the real exam, allowing you to become familiar with the test engine and style of questions
  • Practice exams can serve as a gauge to determine if your preparation methods are sufficient
  • The bank of practice questions is limited, so you may encounter the same question on multiple practice tests
  • Practice exams never include actual exam questions
  • Purchase a GREM practice test here

How To Prepare

Other Resources

  • Training is available  in a variety of modalities including live training and OnDemand
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or self-paced study through other programs or materials may meet the needs for mastery
  • Understand the procedure to contest exam results
  • Use this justification letter to share key details of this certification opportunity with your boss

Find Affiliate Training

Demonstrate preparedness to analyze and reverse-engineer malicious software that targets the most widely used platforms.

Find Training Now

Subscribe to GIAC’s Monthly Newsletter

Receive expert insights, priority access to certifications, essential updates on regulatory changes and industry developments.