A Review of TCM Security’s Practical Malware Analysis and Triage

Certificate of Completion

PMAT: Practical Malware Analysis and Triage

PMAT is a fairly intensive training authored and delivered by @HuskyHacks (Matt Kelly). Looking at the targeted audience (as per the training’s page), it is focused on beginners and intermediate analysts looking to upskill themselves. We’ll take an in-depth look at the course curriculum later. For now, here’s what the course enrollment offers you:

  • Access to 9+ hours of engaging, instructional video content
  • Access to the PMAT Lab repository containing dozens of malware samples designed to teach you the fundamentals
  • Course completion certificate

Course Curriculum

The curriculum covers everything from basic static analysis to advanced dynamic analysis — along with several other helpful bits — such as analyzing shellcode, macro-enabled documents, and others.

TCM Security’s Practical Malware Analysis & Triage

Course Content

Let’s break the course down into four sections — setup, basic analysis, advanced analysis, and specialties (shellcode, maldocs, automation, etc.).

Malware and Custom Samples

Every single video in the course is complemented with a malware sample — mostly custom developed by Matt — to help analysts practice the lesson. Two challenges and a “Boss Fight” is also added into the course which makes the learning experience quite awesome!

Matt’s Discord

Soon after enrollment, you’ll see your glistening invite to Matt’s personal Discord server. For me, personally, this was an much-needed addition to the course as it gets the student a bridge to the author and other students who’re likely going through the same content.


With the $30 price tag, the course is definitely a steal. The course has gray areas but I’ve seen two students pass on suggestions (similar to my review) to Matt and his humble response to the suggestions meant he’d be adding in content to ensure the course is truly serving its intended audience. I’m sure once Matt polishes a few sections in the course, it’s going to be far more valuable than the default price tag put by TCM Security.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store