FireEye debuts Windows Commando VM as Kali Linux rival

The toolkit is aimed at filling a gap in the Windows-based penetration testing space.
Written by Charlie Osborne, Contributing Writer

For penetration testers out there, Offensive Security's Kali Linux platform is often considered the go-to option given its wide variety of tools, constant updates, and the relatively user-friendly interface.

Unless you have a bare metal machine with Linux installed, many will choose to deploy Kali as a virtual machine (VM) on another operating system and then bolt-on a wireless adapter and a few other accessories.

Microsoft Windows is a popular OS, but there is little to no competition against Kali when it comes to penetration testing. 

While there are many standalone tools which can be used for these purposes on the OS, full suites are not commonplace and certainly not as popular as Kali Linux has grown to be.

It is this niche that cybersecurity firm FireEye and Mandiant hope to fill. On Thursday, the companies revealed the Complete Mandiant Offensive VM (Commando VM) suite, a system geared towards penetration testers and red teams.

See also: Hijacked ASUS Live Update software installs backdoors on countless PCs worldwide

FireEye says that Commando VM originated from Flare VM, the firm's reverse engineering and malware analysis platform.

"Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments," the cybersecurity firm says. "Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests."

The company says that Commando VM allows penetration testers to make use of native support for both Windows and Active Directory, while also using a VM as a staging area for command-and-control (C2) networks.

CNET: Huge leaps in AI have made facial recognition smarter than your brain

Commando VM uses Boxstarter, Chocolatey, and MyGet packages for software installation and includes over 140 tools for cybersecurity professionals. These include Wireshark, Python, Go, Covenant, Hashcat, and Burp-Suite.

The suite includes testing software, offensive tools, and blue team auditing & detection features. The desktop interface is shown below:


FireEye recommends that Commando VM is still used as a VM for the sake of system hygiene. To do so, a VM should be set up with at least 60GB space and 2GB RAM. The system can be installed on Windows 7 Service Pack 1 or Windows 10.

Commando VM can be downloaded from GitHub.

TechRepublic: Employee mistakes and system errors are a larger threat to data security than hackers or insiders

"We are looking forward to addressing user feedback, adding more tools and features, and creating many enhancements," FireEye says. "We believe this distribution will become the standard tool for penetration testers and look forward to continued improvement and development of the Windows attack platform."

In related news, earlier this week VirusTotal launched a new interface which is suitable for older, legacy machines which is described as a "minimal interface for browsers."

The browser still offers the same functionality to users, including the upload of files to check for suspicious code and histories but is geared towards browsers which have trouble accessing pages which are code-heavy.

10 steps to learn how to hack

Previous and related coverage

Editorial standards