FireEye released Commando VM, the Windows-based security distribution designed for penetration testing and red teaming.
FireEye today released an automated installer called Commando VM (Complete Mandiant Offensive VM), it is an automated installation script that turns a Windows operating system into a hacking system. The installation script works on systems running on a virtual machine (VM) or even on the base system.
“Penetration testers commonly use their own
Commando VM uses Boxstarter, Chocolatey, and MyGet packages to install all software packages, users need at least 60 GB of free hard drive space and 2GB of RAM to use it.
Commando VM automatically installs more than 140 hacking tools, including Nmap, Wireshark, Remote Server Administration Tools, Mimikatz, Burp-Suite, x64db, Metasploit, PowerSploit, Hashcat, and Owasp ZAP.
Experts that want to use Windows OS in penetration testing activities have to manually install hacking tools on Windows, a task that could hide many difficulties for most users.
Commando VM allows downloading additional offensive and red team tools on Windows bypassing security features implemented by Microsoft that flag them as malicious. The installer disables many Windows security features, its execution will leave a system vulnerable for this reason FireEye strongly encourage installing it on a virtual machine.
Commando VM could be installed on Windows 7 Service Pack 1, or Windows 10, in the latter OS it allows to install more features.
One of the authors of the Commando VM explained on Reddit that it top three features are:
“With such versatility, Commando VM aims to be the de facto Windows machine for every penetration tester and
“The versatile tool sets included in Commando VM provide blue teams with the tools necessary to audit their networks and improve their detection capabilities. With a library of offensive tools, it makes it easy for blue teams to keep up with offensive tooling and attack trends.”
Commando VM is available for download on Github, below step by step guide to install it:
“We believe this distribution will become the standard tool for penetration testers and look forward to continued improvement and development of the Windows attack platform.” concluded FireEye.
(SecurityAffairs – Commando VM, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.