11/29/2022 | News release | Distributed by Public on 11/29/2022 08:05
Commando VM is a testing platform that Mandiant FireEye created for penetration testers who are more comfortable with the Windows operating system. Windows Commando VM is essentially the sister to Kali Linux, a Linux testing and malware analysis platform widely used by the penetration testing community.
These security testing platforms are packaged with all the common solutions and scripts that a pentester would need for offensive testing. Commando VM can be installed on Windows 7 SP1 or Windows 10 and is made easily accessible on GitHub: https://github.com/mandiant/commando-vm.
Knowing how to use these testing platforms is important for both red and blue teamers. To protect against threats, an administrator must think like an attacker. How better to do that than to use the tools they'll be attempting to leverage against you? Commando VM makes it very easy to do this.
Commando VM is packaged with many tools that can be used for a variety of purposes, including the following:
Information gathering is a major part of assessing your own environment. Understanding what is exposed to an attacker with no privileges is vital to understanding what requires protection. If you can see something with these tools and scripts, so can adversaries.
The next step is to try to exploit the sessions, permissions or other issues you've found using these tools:
An adversary who gets into your network may also attempt to identify and exploit vulnerabilities in your internal web applications using this tool in Commando VM:
Commando VM can be installed on a virtual machine or a physical machine, but for ease of deployment, management and use, I'd suggest using virtual. This will allow you to take snapshots along the way and roll back from any issues you encounter.
The minimum requirements for your machine to run Commando VM are 60 GB of space and 2 GB of memory, which is what I used for my testing. The recommended specifications on their GitHub page are 80+ GB of space, 4+ GB of memory and 2 network adapters. The package can be installed on Windows 7 SP1 or Windows 10, but Windows 10 allows for more features to be installed.
In any case, make sure your system is fully patched, and take a snapshot before beginning the installation process.
You can download Commando VM from GitHub: https://github.com/fireeye/commando-vm.
Commando VM is installed in 3 pretty simple steps:
As you can see, as the installation script executes, it will run some checks and ask if you'd like to take a snapshot prior to installation. It will prompt you for credentials so it can log in and continue installing after each reboot. During the process, the PowerShell window will give you updates as to what it is installing, and you'll see various popups for software being installed automatically. Commando VM removes or disables a lot of the features that Windows comes prepackaged with since they aren't needed on a machine used for penetration testing.
The whole process takes roughly an hour and a half from start to finish, with 5+ reboots. It takes about 10-15 minutes before each reboot, at which point it starts back up, auto-logs in and continues to install more applications. Depending on the resources and internet speed of your virtual machine, the process may be quicker or take longer. You'll know it's complete when it logs you back in with a new background and a command prompt. Be sure to take another snapshot so you can start fresh if needed!
As noted earlier, Commando VM includes a lot of tools. In fact, over 2GB of tools were installed on our hard drive. Luckily, the list of tools is broken up into categories to make it easy to find the tool you need:
Here are some of the tools I find particularly interesting:
Commando VM is a testing platform created by Mandiant FireEye for penetration testers who are more comfortable with the Windows operating system.
It takes around an hour and a half to install Commando VM.