After recently passing the Practical Junior Malware Researcher (PJMR) Certification provided by TCM Security, I decided to create this short article to share my experience with the training material and the exam. If you would like to learn more about the PJMR, then you can visit the TCM security website using the link below.
What is the PJMR?
According to the TCM Security website:
The Practical Junior Malware Researcher is a brand-new, one-of-a-kind certification focused on Malware Analysis, Research, and Triage. The PJMR certification exam assesses the mastery of the art and science of malware analysis.
This certification is designed for students who are interested in learning about malware analysis. To obtain this certification, students will have 5 full days to analyze malware samples, an additional 2 days to write-up a report and then complete a final debrief of their findings with a member of the TCM security staff.
PJMR Exam Preparation
To pass the PJMR exam, it is recommended that students complete the Practical Malware Analysis & Triage (PMAT) course on TCM Academy. The course is a mixture of instructor-led videos delivered by Matt (a.k.a “HuskyHacks”) and practical lab exercises, with a total of 9+ hours of material.
The training material outlines how to safely handle malware and construct an isolated lab environment, which will be necessary to analyze the lab malware samples provided throughout the course.
N.B. While building the lab environment, it will be necessary to take snapshots that can be reverted back to. The course provides a list of tools/resources used and some of the labs will have a disclaimer stating that certain tools will be needed in order to complete the exercise. To save time, I would recommend checking that all necessary tools are installed before making your last snapshot, which means that you will not need to reinstall tools every time you revert back to an older snapshot.
After setting up my lab environment, I started to learn more about static and dynamic analysis. The course explores different tools and malware analysis techniques, which are then applied on malware samples in practical lab exercises. These lab exercises include write-ups and were very helpful in applying what was being learnt throughout the course. The course also covered developing detection rules and report writing, essential skills that will be important both, during the exam and in the real-world.
Additional Training Material
It is clearly stated by TCM Security that the PMAT course is the only material required in order to pass the exam. I would agree with this statement, however, it is also necessary to practice what was shown during the PMAT course. The course provides links to additional resources and websites where you can download malware samples.
At the end of the course, bonus binaries are also provided, which I found useful for practice. Platforms, such as TryHackMe and CyberDefenders, are also useful for research, gaining more proficiency with tools and practicing analysis techniques. TryHackMe even provides an entire room titled “MAL: REMnux-The Redux TryHackMe Writeup” (subscription only), a hands-on challenge that involves analyzing malicious macro’s, PDF’s and Memory forensics for a victim of Jigsaw Ransomware.
Finally, for anyone who would like a book recommendation, I found the book titled “PRACTICAL MALWARE ANALYSIS The Hands-On Guide to Dissecting Malicious Software”, to be a useful resource and covers many of the topics discussed throughout the course.
PJMR Exam Experience
On the day of my exam, I logged into my TCM Security Certifications account and started my exam. The exam environment was created and a scope document was provided, which outlined the requirements for a passing grade. TCM Security published a video, which covers the details of the exam and there is also an FAQ on the TCM Security website.
For the exam, I was provided 5 days to analyze the provided malware samples and an additional two days to write the report. The scope document provided details on how to access the exam environment, the exam scenario, passing criteria, etc. I found that everything I needed to know was contained in the scope document and was clearly outlined.
The breakdown of exam points was as follows:
- 4x Easy Malware Samples: 75 points each
- 3x Medium Malware Samples: 100 points each
- 2x Hard Malware Samples: 150 points each
- Yara Rules: 175 points total
- Assessment Debrief: 175 points total
Overall, I found the exam environment was responsive and I did not encounter any major issues. Every student that enrolls in the PMAT course will be given a link to join the HuskyPack discord, which contains an #faq channel that has a ton of frequently asked questions about the course and can be useful for troubleshooting issues.
I found that the labs and training material were sufficient preparation for the exam. I would recommend, however, to do some additional practice with the more advanced tools and techniques demonstrated in the course. This helps in better understanding the full range of capabilities for different tools and encourages the development of a personal malware analysis methodology based on your preferred tools and techniques for malware analysis.
For the debrief portion of the exam, I was required to present an overview for one of the malware samples I had analyzed. I scheduled my debrief shortly after the exam and presented my findings to one of TCM Security’s staff members. Once the debrief was completed, I was informed that I had passed and would receive a link to my certification soon after.
PJMR Exam Advice
For anyone considering the PJMR exam and looking for advice, I would provide the following recommendations.
- Complete the PMAT course if you are a beginner/intermediate in malware analysis.
- Develop a malware analysis methodology that incorporates your preferred tools and analysis techniques.
- Once the exam starts, read the exam scope document carefully! It will outline all of the necessary requirements for your malware analysis report.
- Be sure to take plenty of screenshots and document your findings, which can be used later during the report writing phase.
- When performing malware analysis, it is easy to get caught up in the minutiae of a malware sample. If you get stuck or find yourself overwhelmed with details, fall back on your methodology to gather the most vital details and move on to the next sample.
- Take your time! There is 5 days to analyze the provided malware samples and an additional 2 days for the report writing, so make sure to take breaks when needed.
Overall, I had a lot of fun taking the PJMR exam and I would recommend anyone looking for a place to start in malware analysis, to consider the Practical Junior Malware Researcher (PJMR) Certification. I found the content of the course was delivered well by by Matt (a.k.a “HuskyHacks”) and a great way for a beginner to get started into malware analysis. Thank you for reading till the end and best of luck in your exams! 😃