FireEye released Commando VM, a windows based security distribution designed for penetration testers.
Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments. Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests. The benefits of using a Windows machine include native support for Windows and Active Directory, using your VM as a staging area for C2 frameworks, browsing shares more easily (and interactively), and using tools such as PowerView and BloodHound without having to worry about placing output files on client assets.
Commando VM uses Boxstarter, Chocolatey, and MyGet packages to install all of the software, and delivers many tools and utilities to support penetration testing. This list includes more than 140 tools, including:
- Remote Server Administration Tools
Start by creating a new virtual machine (VM) with these minimum specifications:
- 60 GB of disk space
- 2 GB memory
Next, perform a fresh installation of Windows. Commando VM is designed to be installed on Windows 7 Service Pack 1, or Windows 10, with Windows 10 allowing more features to be installed.
Once the Windows installation has completed, we recommend you install your specific VM guest tools (e.g., VMware Tools) to allow additional features such as copy/paste and screen resizing. From this point, all installation steps should be performed within your VM.
- Make sure Windows is completely updated with the latest patches using the Windows Update utility. Note: you may have to check for updates again after a restart.
- We recommend taking a snapshot of your VM at this point to have a clean instance of Windows before the install.
- Navigate to the following URL and download the compressed Commando VM repository onto your VM:
- Follow these steps to complete the installation of Commando VM:
- Decompress the Commando VM repository to a directory of your choosing.
- Start a new session of PowerShell with elevated privileges. Commando VM attempts to install additional software and modify system settings; therefore, escalated privileges are required for installation.
- Within PowerShell, change directory to the location where you have decompressed the Commando VM repository.
- Change PowerShell’s execution policy to unrestricted by executing the following command and answering “Y” when prompted by PowerShell:
- Set-ExecutionPolicy unrestricted
- Execute the install.ps1 installation script. You will be prompted to enter the current user’s password. Commando VM needs the current user’s password to automatically login after a reboot. Optionally, you can specify the current user’s password by passing the “-password <current_user_password>” at the command line.
Installationprocess takes about 3-4 hours to complete.