How I Studied for GREM
GREM was the most demanding certification I have taken yet on my journey. I passed with an 80%. I felt exceptional walking out of the exam. It did required an entire year of consistent effort to reach that point. This was not a certification that could be brute forced through memorization or shortcuts.
What I studied for the test
- dynamic analysis
- C
- Assembly
- basics of x86 reverse engineering
- x86 registers
- decompiling
- debugging
- different types of recent malware
Preparation demanded deep study of C programming, reverse engineering, and real-world malware attack paths, along with extensive static and dynamic analysis. A major emphasis was placed on understanding how malware behaves across different execution environments and why proper virtual machine segmentation matters during analysis.
The course also reinforced the importance of maintaining access to a physical analysis machine for cases where malware actively detects virtualization. Learning how malware identifies virtual environments, employs anti-VM and anti-forensic techniques, and alters behavior accordingly was critical. Understanding these evasive behaviors fundamentally changed how simple it is to grasp obfuscation and what red herrings hackers send out.
What made GREM different from the other exams was how it demanded knowledge of C, registers and reverse engineering. I had to learn C programming properly, not just syntax, but how registers translates into code. That naturally led into x86 and x64 assembly, calling conventions, stack frames, heap, registers, and memory layout. There was no avoiding it. If you didn’t understand the code, you didn’t understand the malware.
I spent a significant amount of time reversing binaries that initially made no sense to me. Early on, the process felt slow and overwhelming, and progress was incremental at best. Over time, patterns began to emerge. Control flow became easier to follow, and common compiler behaviors started to stand out.
As I gained experience, I learned how to recognize different packers and look past the noise they introduce. Instead of being distracted by obfuscation or inflated code paths, I focused on identifying meaningful execution logic. I stopped guessing and started reasoning, and that shift was the most important part of my preparation.
Understanding the attack path was critical. Learning how one stage of malware execution leads into the next provided clarity on what each phase was responsible for and why it existed. Instead of viewing malware as a single binary, I began to see it as a sequence of intentional actions working together to achieve a goal like the Mirai malware.
Cyber Yeti was one of the most influential resources during this process. His explanations around malware internals, assembly reasoning, and analyst mindset helped solidify concepts that the course material alone did not fully lock in for me. Malware Analysis for Hedgehogs and other reverse engineering content creators also played a major role in reinforcing how to approach unfamiliar samples methodically instead of emotionally.
There were many points throughout the year where progress felt slow. That never concerned me. Consistency mattered far more than speed, and steady effort was the only way forward. Each concept is built on the last. Every mistake forced a deeper level of understanding. GREM did not reward surface-level effort. It rewarded persistence, discipline, and precision.
GREM taught me more than technical skills. It significantly accelerated my growth in cybersecurity and malware analysis and gave me the confidence to apply those skills in real operational environments. I had the opportunity to use what I learned during my time in the Marines, and later during my internship with Parsons, where I was able to contribute to reverse engineering efforts because I genuinely understood the process rather than following steps.
Through that experience, I helped establish the first reverse engineering on mission capability for 8th Communication Battalion, II MEF, USMC. I also supported reverse engineering of open source tools at Parsons, applying the same analytical discipline and methodology I developed while preparing for GREM. Those opportunities validated the time and effort I invested and confirmed that the skills gained from this certification translate directly to real world impact.
If you are at this point also in your career and don’t know where to go next. Cyber Yeti has a great way to guide you forward.
Where do I start?
