Let’s go Commando!

Penetration testers have been given an alternative to Kali Linux with a Windows-based security-focused distribution from FireEye that comes pre-packed with scores of hacking tools.

Commando VM features automated installation scripts that terraforms a Windows PC into a platform suitable for penetration testing.

The framework – billed by FireEye as the first Windows Offensive Distribution of its kind – features more than 140 tools for penetration testing and red teaming.

Security researchers often spend hours customizing a Windows environment to their needs. Commando VM – which FireEye released through GitHub – offers an off-the-shelf means to install many hacking utilities, including Nmap, Wireshark, Remote Server Administration Tools, Sysinternals, Mimikatz, Hashcat, and Burp-Suite.

Commando VM offers an easy way to setup a Windows pen testing environment by easing the process of VM provisioning and deployment, as explained in a blog post by FireEye.

The security team argues its technology is particularly useful for elements of pen testing engagements that involve assessing Active Directory environments.

“The benefits of using a Windows machine include native support for Windows and Active Directory, using your VM as a staging area for C2 frameworks, browsing shares more easily (and interactively), and using tools such as PowerView and BloodHound without having to worry about placing output files on client assets,” FireEye researchers Jacob Barteaux, Blaine Stancill, and Nhan Huynh explain.

Purists may prefer Kali Linux (the industry standard) or Parrot Security, another security-orientated Linux distribution, but the ready availability of a capable Windows-based alternative has nonetheless been welcomed by security researchers.

“I believe that most will retain the Linux base platform,” Steve Armstrong, an incident response expert and former lead of the UK's Royal Air Force penetration and TEMPEST testing teams told The Daily Swig.

“Many use Windows VMs for client products/protocols being targeted; but for most the bigger toolset runs better on Linux.”

“However, this makes it quicker to build a Win system so def a ‘thumbs up’ to FireEye,” he added.

Commando VM was built upon the foundations of FireEye’s previously released FLARE VM, a framework for reverse engineering and malware analysis.