eCMAP Certification

eLearnSecurity Certified Malware Analysis Professional



eLearnSecurity’s eLearnSecurity Certified Malware Analysis Professional (eCMAP) certification is the most practical and professionally-oriented certification you can obtain in malware analysis. Instead of putting you through a series of multiple-choice questions, you are expected to perform a full analysis on a given malware sample, show proof of what the malware does, and finally write a signature that could be used to detect the malware sample on other systems or networks.


Here are some of the ways eLearnSecurity Certified Malware Analysis Professional certification is different from conventional certification:

  • eCMAP is a comprehensive malware analysis simulation based on a real-world scenario designed by INE’s course instructors. Candidates are required to analyze a malwares sample and provide a detailed report that simulates a corporate record.
  • Candidates are asked to deploy multiple advanced methodologies to conduct a thorough analysis on a given malware.
  • Only individuals that provide proof of their findings in addition to identifying the vast majority of the malware’s functionality are awarded the eCMAP Certification.
  • Only individuals who provide proof of their findings in addition to writing a working exploit are awarded the eCMAP Certification.
Knowledge Domains

By obtaining the eCMAP, your skills in the following areas will be assessed and certified:

  • Run a malware and tracking its activity
  • Reverse Engineering and/or unpacking malware
  • Ability to debug malware step-by-step
  • Identify how the malware achieves obfuscation
  • Identify C2 channels and what they are used for
  • Bypass anti-analysis techniques
  • Locate and analyze dropped and downloaded malware as well as persistence mechanisms

The eCMAP is a certification for individuals with highly technical understanding of systems and malware attacks. Everyone can attempt the certification exam, however here are the advised skills to possess for a successful outcome:

  • Letters of engagement and the basics related to malware analysis engagement
  • Deep understanding of Windows OS
  • Knowledge of malware analysis processes and methodologies
  • Good reverse engineering skills
  • Familiarly with tools such as IDA Pro, sysinternals, x64dbg, etc.
  • Ability to perform static analysis, dynamic analysis, reverse engineering, IOC creation and behavioral analysis
  • Familiarity with bypassing anti-analysis tricks, unpacking, detecting persistence mechanisms, etc.
  • Manual malware analysis through debugging and process analysis
  • Ability to create a professional malware analysis report
The exam

eLearnSecurity’s eCMAP is the only certification for Malware Analysts that evaluates your abilities at using cutting-edge analysis techniques, inside a fully featured and real-world environment.

eLearnSecurity’s eCMAP is a hands-on challenge. The final deliverable is a working and reproducible proof of concept that is reviewed by INE’s course instructors.

Certification Process


1. Purchase an INE subscription and take the Malware Analysis Professional learning path.

The Malware Analysis Professional path was built for cyber security professionals with an advanced understanding of malware. The courses prepare you for the eCMAP exam through a blend of expert-led courses and practical lab time.


2. Attempt the certification without training

Feel confident in your pentesting capabilities? eLearnSecurity offers certification vouchers for cyber security experts who feel as if they do not need the accompanying training. However, studying for the eCMAP exam by subscribing to INE’s Cyber Security Pass is highly recommended. If you’re ready for the exam now, click the link below to purchase your test.

Whether you are attempting the eCMAP certification exam on your own or you’ve prepared through INE’sMalware Analysis Professional path, you will need to follow these steps to get your certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Regular vouchers expire after 180 days from purchase.

Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

Once you click on the “Begin certification process” button, you will receive an email with instructions regarding the scope of engagement. This letter will contain everything you need to know to take your exam.

Once you have completed the exam portion, it’s time to finalize your report. This should be a commercial grade report proving all of your findings and providing remediation steps for your client. You must submit your report within 8 days from the beginning of the certification process (step 2), in PDF format for review.

You are awarded the certification after an eLearnSecurity instructor carefully reviews your findings and deems your work sufficient. Should you fail the first attempt, you will receive valuable feedback from our instructors. You will then have one free attempt to re-take the certification.

This exam is manually graded. Once submitted, it may take up to 30 days to receive your results.