CREST Certified Malware Reverse Engineer

The technical syllabus identifies at a high level the technical skills and knowledge that CREST expects candidates to possess for the Certification examinations in the area of Intrusion Analysis.  This is a specialist exam for this subject area which also includes a core skills exam covering network and host intrusion.

The CREST Certified Malware Reverse Engineer (CCMRE) examination tests candidate’s ability to reverse engineer malware, particularly remote access Trojans.

Examination format
The candidate will be expected to possess not only the technical ability to find security weaknesses and vulnerabilities, but also the skills to ensure findings are presented in a clear, concise and understandable manner.  The examination consists of three tasks:

To pass the exam, the candidate must pass all three sections.

You can download the following documents from the links below:

Syllabus for the Certified Malware Reverse Engineer examination
Notes for Candidates to aid examination preparation

The Certified Malware Reverse Engineering examination costs £1,600 + VAT.  The examination is currently delivered at CREST examination centres.

Recommended Preparation Material
The CREST Assessors panel regularly identifies common themes and consolidates common questions and answers from candidates and from the industry in relation to the CREST certification examinations. Candidates are advised to familiarise themselves with these, although they are free to disregard them if they wish. The latest information can be accessed at

CREST recommend that candidates familiarise themselves with the content at which has been created specifically for those attempting a practical examination.

The following material and media has been cited as helpful preparation for this examination by previous candidates:

Reading Material:
Practical Malware Analysis
The Art of Memory Forensics:  Detecting Malware and Threats in Windows, Linux and Mac Memory (by Michael Hale/Andrew Case/Jamie Levy/Aaron Walters)
Reversing:  Secrets of Reverse Engineering (by Eldad Eilam)

Useful Information for Candidates
How to book
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue)
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)