Cyber security firm FireEye has released Commando VM, which is a Windows-based security distribution for penetration testing and red teaming.
Normally for hackers, Kali Linux is the best operating system for penetration testing and ethical hacking. Kali is a Linux based distribution and it requires knowing the basics of it to use it wisely unlike a Windows or Mac operating systems.
There were no Windows-based operating system for hackers mainly because Windows is not open-source. Also installing penetration testing tools on Windows manually is a difficult job for most users.
Complete Mandiant Offensive VM (Commando VM) suite is the first Windows-based security distribution which can be installed automatically. Commando VM is not a pre-configured snapshot of a virtual machine image with many tools installed on a Windows system and is not a complete distribution.
Commando VM originated from Flare VM, which is the firm’s reverse engineering and malware analysis platform. Commando VM is an automated installation script that turns your Windows operating system, running on a virtual machine or even on the base system, into a hacking machine.
According to FireEye researcher, it is possible to run the install script on the base machine but it is not encouraged. Commando VM downloads additional offensive and red team tools on Windows most of which are flagged by windows defenders as malicious. So, several Windows security features are disabled. Running Commando VM on the host will make it vulnerable and that is why it is highly not recommended.
It is recommended to use Commando VM as a VM keeping in mind of system hygiene. In order to do this a VM should be set up with at least 60GB space and 2GB RAM. The system can be installed on Windows 7 Service Pack 1 or Windows 10.
The suite includes testing software, offensive tools, and blue team auditing and detection features. It uses Boxstarter, Chocolatey, and MyGet packages for software installation and includes more than 140 tools for cybersecurity professionals. These include Wireshark, Python, Go, Covenant, Hashcat, and Burp-Suite.
The top three features of the tool as suggested are
- Native Windows protocol support (SMB, PowerShell, RSAT, Sysinternals, etc.)
- Organized toolsets (Tools folder on the desktop with Info Gathering, Exploitation, Password Attacks, etc.)
- Windows-based C2 frameworks like Covenant (dotnet) and PoshC2 (PowerShell)
Commando VM has the versatile tool sets to provide blue teams with the tools necessary to audit their networks and improve their detection capabilities. With a library of offensive tools, they can keep up with offensive tooling and attack trends.
Installing Commando VM is easy. It can be downloaded from GitHub and after decompress it, execute the PowerShell script available in the package on your VM-based Windows to complete the installation. The rest of the installation process is done automatically.
The VM will reboot several times due to the numerous software installation requirements. After the installation process gets over, the PowerShell prompt remains open for you to hit any key before exiting. Then lastly you need to reboot your machine to make sure that the final configuration changes has been made.