• Todd

Commando VM

Most cyber security professionals  are familiar with Kali Linux from Offensive Security. If you're not, it's a Linux distribution that comes with hundreds of pre-installed tools for Penetration Testing and Forensics. Performing similar functions from a Windows environment has always been challenging because of the need to find tools on your own, install them, deal with dependencies and working around some of the controls built in to the Operating System.

But FireEye has changed that with the release of Commando VM. Commando VM packages up a large number of tools to be used on Windows 7 or 10. It differs from Kali in that it doesn't include the Operating System. You'll need to have a clean installation of Windows 7 or 10 to start with. The install will perform some customization that will make Windows less secure and less functional for use on a daily basis, so use a dedicated machine or better yet a Virtual Machine.

Once you have a Windows box running, download the install package from FireEye's GitHub. The zip file contains a PowerShell script (install.ps1). Open up a PowerShell instance as Administrator set the execution policy [Set-ExecutionPolicy Unrestricted]. The script will check that your system is ready and automatically download and install all of the tools and their dependencies. It took quite a while on my Windows 10 VM and it went through several reboots.

You'll find some of the same tools that are installed on Kali along with some Windows specific ones. One of the major advantages of using a Windows system is that you get native support for Active Directory, Kerberos, PowerShell and other Windows specific functions.

If you're a regular Kali user, give Commando VM a try. I think you'll find it to be a good tool to add to your collection.