Monday, February 10, 2025
HomeComputer SecurityCommando VM - Windows-based Distribution for Penetration Testers Like Kali Linux

Commando VM – Windows-based Distribution for Penetration Testers Like Kali Linux

Published on

SIEM as a Service

Follow Us on Google News

Commando VM launched by FireEye, aiming to provide a Windows distribution that focused on supporting penetration testers and red teamers.

It is recommended to install the Commando VM in a virtual machine, for installation it requires 60 GB of disk space, 2 GB memory, and the operating system should be Windows 7 Service Pack 1, or Windows 10.

The distribution helps penetration testers in creating handy and versatile toolboxes for offensive engagements in Windows platform like Kali Linux.

According to FireEye, Commando VM uses Boxstarter, Chocolatey, and MyGet packages to install all of the software, and delivers many tools and utilities to support penetration testing. You can find the complete list of the command VM tools in Github repo.

The distribution comes with 140 tools including the following popular tools

  • Nmap
  • Wireshark
  • Covenant
  • Python
  • Go
  • Remote Server Administration Tools
  • Sysinternals
  • Mimikatz
  • Burp-Suite
  • x64dbg
  • Hashcat

It contains tools for Active Directory scanning, Command & Control, Developer Tools, Evasion, Exploitation, Information Gathering, Networking Tools, Password Attacks, Reverse Engineering, Utilities, Vulnerability Analysis, Web Applications, and Wordlists.

The Commando VM brings customized windows machine for every penetration tester and red teamers, also it includes the audit tools for the blue team as well.

The installation process is pretty simple, all you need is to install a fresh copy of the Windows operating system in VM and then Vmware tools for additional functionalities such as copy/paste.

Then need to download the Commando VM from GitHub to the windows machine, you can find the step by step installation instructions in FireEye blog post.

Commando VM

“Commando VM is built with the primary focus of supporting internal engagements. To showcase Commando VMs capabilities, we constructed an example Active Directory deployment. This test environment may be contrived; however, it represents misconfigurations commonly observed by Mandiant’s Red Team in real environments.”

“We believe this distribution will become the standard tool for penetration testers and look forward to continued improvement and development of the Windows attack platform,” FireEye said.

Course: Learn The Complete Hacking Tools in Kali Linux Operating System

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...