Open in app

Sign in

Write

Sign in

eCMAP exam review

The perfect certification to start your career as a malware analyst.

Andrea
4 min readJul 27, 2022
eCMAP

Hi guys!

As of July 21, I am finally an eCMAP holder.

Today I want to tell you about my fantastic experience with this certification and give you some tips in case you decide to try to get it.

Let’s start.

Background

I have always been fascinated by malwares.

As I mentioned in this article of mine, to date they turn out to be the biggest threat when it comes to cyberattacks and thousands of dollars are lost every year because of them.

I’ve always been very undecided about what path to take in the infosec world, and I thought malware analysis was the right choice at this the time and the few people working on it nowadays.

Many people decide to take the path of penetration testing, I decided to do something alternative to explore a field that in some ways still remains incomplete in my opinion.

Suffice it to note the lack of certifications, in fact currently the only two existing malware analysis certifications are the eCMAP and the SANS GREM.

You may wonder why I decided to opt for a certification like this and not choose a SANS certification that is much more accredited.

The reasons basically is the cost and content of the certification.

I don’t want to make a long speech, but I think for a 16-year-old guy like me, pay $1000 (the eCMAP cost $400) for the cert and $3000 for the training is excessive and especially from what I know SANS GREM is very difficult and is often recommended to people with already some experience.

That said, we can finally start talking about my journey.

Training

The course is divided into 6 modules.

Introduction to Malware Analysis, Static Analysis Techniques, Assembly Crash Course, Behaviour Analysis, Debugging and Disassembly Techniques and Obfuscation Techniques.

Introduction to Malware Analysis: A brief introduction to malware analysis by explaining some basic concepts.

Static Analysis Techniques: This module explains the concepts and tools for learning static analysis of malwares.

Assembly Crash Course: This module is very useful because it allows you to learn in its basic concepts of assembly, which is a must for a malware analyst.

Behaviour Analysis: This module explains the concepts and tools for learning dynamic analysis of malwares.

Debugging and Disassembly Techniques: This module explains the concepts and tools such as IDA pro and x64dbg to perform disassembly of malwares.

Obfuscation Techniques: Finally, in the last module, the various techniques used by malwares to make analysts’ jobs more difficult are explained.

I found all the modules very well-structured and easy to understand, later I will give you tips on what to focus on during the study phase so that you will not have problems during the exam.

In total, it took me about 1 month of studying for about 1–2 hours a day to pass the exam.

The exam

When you start the exam, you will be sent an email with everything you need, so make sure you have your email in hand.

One thing I was not aware of was the fact that you were provided a lab for the exam.

Basically you will be given the VPN file, and you will have to connect via RDP to the machine, however it is all explained in the files that will be sent to you.

Once inside the lab, you will be given a file, on which you will have to perform a full analysis and write a report.

Note: Remember that you will have 8 days in total to take the exam, however, only 5 days you will have the lab available, so be very careful.

I found the exam relatively easy, it took me only 2 days in fact to finish everything.

I have to admit, however, that in some cases I had a fair amount of luck, in fact I didn’t even think I would pass it initially.

If you take the exam, you will understand what I am talking about 😉.

Tips

I will try to give you some useful tips for passing the exam.

  1. Focus very well on the Obfuscation Techniques module because it will be vital during the exam.
  2. Don’t get anxious, 8 days is enough.
  3. Make a good report and add as much information as possible.
  4. Learn very well how to use IDA pro.
  5. If you have a doubt about something, don’t overthink it, maybe you are on the right track.

Conclusions

And here we come to the end.

I hope this review was helpful to you and in case you decide to take the exam, I wish you good luck!

See you in the next article.

Bye guys!

Malware
Cybersecurity
Certification
Elearnsecurity

--

--

Andrea
Andrea

Written by Andrea

140 Followers
1 Following

Infosec learner since when i was 14. I love to share my knowledge to people.

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams