Mandiant

0

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Security

penetration-testing
windows
fireeye-flare
red-teaming

CommandoLogo

What is CommandoVM?

Complete Mandiant Offensive VM ("CommandoVM") is a comprehensive and customizable, Windows-based security distribution for penetration testing and red teaming. CommandoVM comes packaged with a variety of offensive tools not included in Kali Linux which highlight the effectiveness of Windows as an attack platform.

Requirements

  • Windows 10

Insider Preview editions of Windows are not supported

  • 60 GB Hard Drive
  • 2 GB RAM

Recommended

  • Windows 10 22H2
  • 80+ GB Hard Drive
  • 4+ GB RAM
  • 2 network adapters

Install Instructions

Deploy a Windows Virtual Machine

Where can I find a Windows 10 Virtual Machine?

Pre-Install Procedures

You MUST disable Windows Defender for a smooth install. The best way to accomplish this is through Group Policy.

In Windows versions 1909 and higher, Tamper Protection was added. Tamper Protection must be disabled first, otherwise Group Policy settings are ignored.

  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

It is not necessary to change any other setting (Real Time Protection, etc.)

Important! Tamper Protection must be disabled before changing Group Policy settings.

To permanently disable Real Time Protection:

  1. Make sure you disabled Tamper Protection
  2. Open Local Group Policy Editor (type gpedit in the search box)
  3. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  4. Enable Turn off real-time protection
  5. Reboot

Make sure to reboot before making the next change

To permanently disable Microsoft Defender:

  1. Make sure you rebooted your machine
  2. Open Local Group Policy Editor (type gpedit in the search box)
  3. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  4. Enable Turn off Microsoft Defender Antivirus
  5. Reboot

Installation

  1. Complete the pre-install procedures by disabling Defender
  2. Download and extract the zip of the Commando-VM repo
  3. Run PowerShell as Administrator
  4. Set-ExecutionPolicy Unrestricted -force
  5. cd ~/Downloads/commando-vm
  6. Get-ChildItem .\ -Recurse | Unblock-File
  7. .\install.ps1 for a GUI install or .\install.ps1 -cli for command-line

Contributing

Looking to contribute? Check the links below to learn how!

Commando-VM (this repository)

VM-Packages (where all the packages live)

Troubleshooting

See the troubleshooting documentation for more information.

Credits

  • Jake Barteaux @day1player
  • Blaine Stancill @MalwareMechanic
  • Nhan Huynh @htnhan
  • Drew Farber @0xFarbs
  • Alex Tselevich @nos3curity
  • George Litvinov @geo-lit
  • Dennis Tran @Menn1s
  • Joseph Clay @skollr34p3r
  • Ana Martinez Gomez @anamma_06
  • Moritz Raabe
  • Derrick Tran @dumosuku
  • Mandiant Red Team
  • Mandiant FLARE

Legal Notice

This download configuration script is provided to assist penetration testers
in creating handy and versatile toolboxes for offensive engagements. It provides 
a convenient interface for them to obtain a useful set of pentesting Tools directly 
from their original sources. Installation and use of this script is subject to the 
Apache 2.0 License.
 
You as a user of this script must review, accept and comply with the license
terms of each downloaded/installed package listed below. By proceeding with the
installation, you are accepting the license terms of each package, and
acknowledging that your use of each package will be subject to its respective
license terms.