eCRE Certification

eLearnSecurity Certified Reverse Engineer

TRAINING BY INE

Overview

The eLearnSecurity Certified Reverse Engineer (eCRE) is awarded to reverse engineers after passing a rigorous, practical examination.

WHY eCRE?

Here are some ways eLearnSecurity Certified Reverse Engineer certification is different from conventional certification:

  • Ensures that the candidate has a strong understanding of theoretical aspects behind reverse engineering through a challenging multiple choice pre-exam.
  • Establishes that the candidate can perform a thorough reverse engineering scenario in practice through a 100% practical exam.
  • Rewards certification to only those applications that receive greater than a 84% score on their pre-test then perform a thorough reverse engineering scenario.
Knowledge Domains

By obtaining the eCRE, your skills in the following areas will be assessed and certified:

  • Basics of IA-32 CPU architecture
  • Basics of stack operations
  • Windows API’s
  • PE format
  • Reverse engineering of Windows based applications
  • Analysis of complex algorithms
  • Anti-obfuscation techniques
  • Analysis of obfuscated code
PREREQUISITES

The eCRE is a certification for individuals with a highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however, below are suggested prerequisites for a successful outcome:

  • Understanding a letter of engagement and the basics related to an Incident Response engagement
  • Deep understanding of networking concepts
  • Knowledge of Incident Response processes and methodologies
  • Packet/traffic analysis
  • Ability to correlate events and logs
  • Familiarly with tools such as Wireshark, ELK & Splunk
  • Attacker Techniques, Tactics & Procedures
  • How to detect all stages of the “Cyber Kill Chain”
  • Familiarity with ELK and Splunk searches
  • Ability to effectively analyze thousands of events within a SIEM
  • Windows (and Sysmon) events
  • Attacker activity detection through process analysis
The exam

eLearnSecurity’s eCRE is divided in two steps: a theoretical assessment through a multiple choice test and a practical assessment.

The exam is divided in two steps: a theoretical assessment through a multiple choice test and a practical assessment

Both tests can be taken online, on-demand.

Certification Process

THERE ARE TWO WAYS TO BECOME eCRE CERTIFIED:

1. Enroll in the Reverse Engineering Professional learning path through INE’s Cyber Security Pass.

The Reverse Engineering Professional learning path takes you from a basic-intermediate understanding of reverse engineering to a Professional level and prepares you for the eCRE exam with the necessary theory and a number of hands-on practical challenges similar to the final exam.

TRAINING BY INE

2. Attempt the certification without training

eLearnSecurity allows anybody to attempt the certification exam without attending any training. Candidates do so at their own risk. The candidate that feels prepared enough to demonstrate their practical and professional skills can purchase an eCRE voucher and go through the certification process.

Whether you are attempting the eCRE certification exam on your own or after having attended one of our approved training courses, you will need to follow these steps to get a certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Regular vouchers expire after 180 days from purchase.

Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

The eCRE is a two-part certification. The first part consists of a theoretical multiple choice quiz, you will have 90 minutes to take it and it requires an 84% or above to pass. Please note that if you do not pass the first part, or submit your quiz on time, you will not be able to the second stage and will lose your voucher with no free retakes. Additionally, the first part of the eCRE counts as 30% of the total grade.

Upon successful completion of the first part, you will then be able to proceed to the second part of the certification process, which is purely practical and counts for 70% of your total grade. You will have to submit a report for this stage and an instructor will review your report. Please reference your Letter of Engagement in your Member’s Area for more details.

Once you have completed the exam portion, it’s time to finalize your report. This should be a commercial grade report proving all of your findings and providing remediation steps for your client. You must submit your report within 14 days from the beginning of the certification process (step 2), in PDF format for review.

You are awarded the certification after an eLearnSecurity instructor carefully reviews your findings and deems your work sufficient. Should you fail the first attempt, you will receive valuable feedback from our instructors. You will then have one free attempt to re-take the certification.