Dissecting Your Attack: My Malware Analysis Certification Journey

Created in December 04, 2025

2025   ·   certification   tcm   pmat   pmrp   ·   certification   career


Link

Dissecting Your Attack: My Malware Analysis Certification Journey


The Set-up

I had the ‘where do you want to take your career’ conversation with my boss; the one where a vague ‘I just want to break into things’ was no longer going to cut it. I wanted to move into security research. I liked studying for OSED (even though I still haven’t passed it). Now that I’m on the Blue Team, malware analysis feels like the perfect complementary skill to keep that train rolling forward. She agreed and approved the training plan, and off to the races I went.


The First Half

I sailed through the first ~45% in a couple of days and I felt unstoppable. It was all lab set-up and creating a secure, malware analysis environment to protect myself. You create a virtual machine and let Chocolatey install FlareVM. After, set-up REMux. Boom! You are at 45% completed. At this point, I was also reading Practical Malware Analysis for extra reinforcement. Feeling like I could take on the world, I started the basic static analysis section. This is when momentum plummeted.


The Second Half

Seriously, momentum crashed. If the first half took two days, the last half took two months. Hilarious, right? “Dipped” is an understatement; it was a complete swan dive. The instructor was the same and still engaging. I still wanted to hear about it. Heck, the test is over and I wrote another report for this site. But every time I sat down to watch a video, I would watch a little bit and immediately get distracted by anything around me. The good news? I was understanding the work and still enjoying myself when I actually worked on it. I had to take inventory and determine what was causing my slowdown. Pivot. Come back and crush this class out of the park.


The Change

I made two changes to get back on track. First, I dropped Practical Malware Analysis. It wasn’t part of the TCM course, and spreading myself thin was killing my focus. Because this certification was a part of my work plan, I had to finish. I planned to focus solely on the course. Second, I started grinding malware boxes online (BTLO, CyberDefenders, HTB Sherlocks). I learn better hands-on anyway and hoped it would make the lessons stick.


Finish and Exam Prep

With those changes in place, my study progress began to pick up. Eventually, with enough time and grit, I finished the PMAT course. I reported the achievement to my team and got a little recognition, which felt good. Time to bunker down (or ‘lock in,’ as the kids say) and prep for the exam. I did more practical boxes and I converted my notes into a practical Obsidian playbook. More notably, I procrastinated. A lot. Anxiety is a funny thing. Then one Saturday, without complete notes or a battle plan, I just hit the button and started the exam. If I kept waiting until I have the perfect set-up, I would never take the test.


The Exam

I am not sure what I can say here. I want to protect the integrity of the TCM exam. It was nothing like what ChatGPT prepped me for. One sample, maybe two. Do some analysis. Bingo, bango, out in four hours. None of that was true. It was much more intense. You are actually allotted five days to take the exam. So there were two or three nights where I stayed up until 4:30 or 5:30 a.m. because I kept thinking of more things to check and investigate. I was also captivated. The mind wander was minimal. I was hooked, pouring my energy into it, determined to give it my all. So, I did a sweep and kept my notes in CherryTree. Some red team habits never die, I guess. Then, I started the report. As I was building it, I kept finding things I’d missed. I started bouncing between the exam VPN and my report. Finally, I got it to a state I found acceptable and hit submit.


The Results

I’m waiting on results. TCM says 5-7 business days for manual grading, which feels like an eternity but is completely reasonable. Regardless of the outcome, those five days in the exam taught me more about malware analysis than any video lecture could. I gave it everything I had, and that’s what matters.

UPDATE 5-Dec-2025: I received the mail telling me my results are posted. Logged into the website, held my breathe, and read. PASSED! I feel like this validated my experience and the report I posted. I feel like it re-engerizes my studies and upskilling to keep trudging through and doind my best work. Hopefully, I inspired you too to try the test.

You can see my practical malware analysis skills demonstrated in my Malware Analysis Report.


Reflections

My biggest takeaway: don’t obsess over pristine notes. Fifteen-minute videos took me hours because I paused every 30 seconds to write something down. Focus on the content. Make sure you understand. More importantly, since it is a practical exam, make sure you can do it. Go back after and take your notes if you need them.

The best advice for people grinding out their studies:

Focus on the content; note taking comes second.


Tools Referenced:

  • Tool write-ups coming soon!

Similar Content:

Thanks for reading, and if you’re tackling PMAT or PMRP too, I’d love to hear how your journey went.