Motawkkel Abdulrhman

Motawkkel Abdulrhman

Malware Analysis Professional, Digital Forensics Investigator

My eCMAP review

3 minute read

what is eCMAP

eCMAP refers to elearnSecurity Certified Malware Analysis Professional and the cert covers and tests the following areas:

Run malware and track its activity
Reverse Engineering and/or unpacking malware
Ability to debug malware step-by-step
Identify how the malware achieves obfuscation
Identify C2 channels and what they are used for
Bypass anti-analysis techniques
Locate and analyze dropped and downloaded malware as well as persistence mechanisms

You can directly buy and take the exam or you can study the training path (Malware Analysis path) on INE first.

The training path is suitable for someone who wants to approach Malware Analysis as it starts from the basic concepts up to more advanced stuff and the modules-labs are all linked together.

eCMAP exam tips

As I wrote, the exam will test your skills in the above techniques so before you start your exam you need to make sure that you are comfortable performing them.

Another thing to note is that nothing in the exam is out of the scope of the training materials provided by INE.

So studying all the content and doing all the labs should make you more than prepared for the exam and you won’t find any difficulties.

I recommend if you are taking the training path on INE to take notes (especially from the LAB scenarios), Believe me you’ll need them!

The exam sample will be in a VM and the RDP credentials will be supplied to you to connect, however I think it is way easier to just copy the exam sample to you local VM and do your analysis there (make sure to prepare a good VM with all the tools needed).

Don’t fully rely on you local analysis, you’ll definitely need to get back to the exam VM sometimes (you’ll know when to do that).

The exam’s time is comfortable, four days of lab access and rest of week is for report writing, personally I started to write while I was analyzing at the same time because I feel this is the right approach and this way I can have a report of linked actions (this might not be the case for you but I prefer this), I finished the exam after two days (every day I worked for 8-10 hours including breaks), most of the time was consumed in report writing, I took this average time because I did some analysis reports before, you might take more time or less (depends on your level of experience and writing skills).

Make sure to make a clean report and to categorize your steps of solving based on the techniques you used (try to look for a malware analysis report template and use it).

If you saw something that confused you don’t hesitate in researching it (Malware Analysis field is all about researching), MSDN will help you a lot.

Take a screenshot of everything you explain in your report because screenshots are a proof that you did that step.

The exam has a lot to document so make sure you covered the different functionalities of the sample.

Last words

eCMAP is a great cert with a great content, But that doesn’t mean its the end of the road, this field is a broad field and everyday we find a new Malware with new functionalities and techniques, So in order to be a great Malware analyst you have to constantly look for new challenges to learn.

As the cert just concentrates on EXE you need to start learning powershell, .NET, C# Malware and even MS Word and Excel macros as they are really popular.

At the end I would like to thank you for reading and wish you Good Luck!.

Cert