Convert Figma logo to code with AI

mandiant logocommando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

6,882
1,280
6,882
7

Top Related Projects

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Automate the creation of a lab environment complete with security tooling and logging best practices

5,124

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Metasploit Framework

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Quick Overview

Commando VM is a Windows-based security distribution for penetration testing and red teaming. It automates the installation of over 140 tools and customizations, transforming a Windows machine into a powerful platform for offensive security tasks.

Pros

  • Comprehensive tool suite for various security tasks
  • Automated installation process saves time and effort
  • Regular updates to keep tools current
  • Customizable to fit specific needs

Cons

  • Requires a Windows license
  • Large installation size (>20GB)
  • Some tools may conflict with antivirus software
  • Performance may be impacted on lower-end hardware

Getting Started

To set up Commando VM:

  1. Start with a clean Windows 10 installation
  2. Download the Commando VM repository:
    git clone https://github.com/mandiant/commando-vm.git
    
  3. Open PowerShell as Administrator and navigate to the Commando VM directory
  4. Run the installation script:
    Set-ExecutionPolicy Unrestricted
    .\install.ps1
    
  5. Follow the on-screen prompts to complete the installation

Note: The installation process can take several hours depending on your internet connection and system specifications.

Competitor Comparisons

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Pros of FLARE-VM

  • Focused on malware analysis and reverse engineering tools
  • Includes specialized forensics and debugging software
  • Lighter weight installation compared to Commando-VM

Cons of FLARE-VM

  • Less comprehensive for general penetration testing tasks
  • Fewer offensive security tools included out-of-the-box
  • May require additional setup for certain red team operations

Code Comparison

FLARE-VM (PowerShell):

cinst -y 7zip
cinst -y putty
cinst -y wireshark
cinst -y windbg
cinst -y ollydbg

Commando-VM (PowerShell):

cinst -y 7zip
cinst -y putty
cinst -y wireshark
cinst -y nmap
cinst -y metasploit

Both repositories use Chocolatey for package management, but FLARE-VM focuses on reverse engineering tools like WinDbg and OllyDbg, while Commando-VM includes more offensive security tools like Nmap and Metasploit.

FLARE-VM is tailored for malware analysts and reverse engineers, providing a streamlined environment for dissecting and analyzing malicious software. Commando-VM, on the other hand, offers a more comprehensive toolkit for penetration testers and red teamers, including a wider range of offensive security tools and utilities for various aspects of security assessments.

Automate the creation of a lab environment complete with security tooling and logging best practices

Pros of DetectionLab

  • Focuses on detection and monitoring, providing a complete lab environment for security professionals
  • Includes multiple VMs (Windows, Linux) and pre-configured security tools (Splunk, Suricata, Velociraptor)
  • Emphasizes automation and reproducibility using Vagrant and Packer

Cons of DetectionLab

  • Requires more resources due to multiple VMs and services
  • Steeper learning curve for setup and configuration
  • Less focused on offensive security tools compared to Commando VM

Code Comparison

DetectionLab (Vagrant configuration):

config.vm.define "logger" do |cfg|
  cfg.vm.box = "bento/ubuntu-18.04"
  cfg.vm.hostname = "logger"
  cfg.vm.network "private_network", ip: "192.168.38.105"
  cfg.vm.provision "shell", path: "provision.sh"
end

Commando VM (PowerShell installation):

Set-ExecutionPolicy Unrestricted -Force
. .\install.ps1
$env:COMMANDOVM="full"

Both repositories provide valuable resources for cybersecurity professionals, but with different focuses. DetectionLab offers a comprehensive environment for detection and monitoring, while Commando VM concentrates on offensive security tools for Windows systems. The choice between them depends on the specific needs and goals of the user.

Pros of DeepBlueCLI

  • Lightweight and focused on PowerShell log analysis
  • Easy to use and integrate into existing workflows
  • Provides detailed insights into Windows event logs

Cons of DeepBlueCLI

  • Limited to PowerShell and Windows event log analysis
  • Requires manual installation and setup
  • Less comprehensive than full-featured security platforms

Code Comparison

DeepBlueCLI:

$events = Get-WinEvent -FilterHashtable @{LogName='Security';ID=4624}
foreach ($event in $events) {
    # Analyze login events
}

Commando-VM:

# No direct code comparison available
# Commando-VM is a full Windows-based security distribution
# It includes various tools and scripts, not a single codebase

DeepBlueCLI is a specialized PowerShell script for analyzing Windows event logs, while Commando-VM is a comprehensive Windows-based security distribution. DeepBlueCLI offers a focused approach to log analysis, making it easier to integrate into existing workflows. However, it's limited in scope compared to Commando-VM, which provides a wide range of security tools and capabilities. Commando-VM offers a more complete environment for security professionals but requires more resources and setup time. The choice between the two depends on specific needs and available resources.

5,124

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Pros of PTF

  • More flexible and customizable, allowing users to add their own tools easily
  • Supports multiple operating systems, including Kali Linux and Ubuntu
  • Regularly updated with new tools and features

Cons of PTF

  • Requires more manual configuration and setup compared to Commando VM
  • May have a steeper learning curve for beginners
  • Less integrated with Windows-specific tools and features

Code Comparison

PTF:

./ptf
use modules/exploitation/metasploit
install

Commando VM:

Set-ExecutionPolicy Unrestricted
.\install.ps1

PTF uses a modular approach with a command-line interface for installing tools, while Commando VM employs a PowerShell script for a more automated installation process on Windows systems.

Both repositories aim to provide comprehensive penetration testing environments, but they cater to different user preferences and operating systems. PTF offers greater flexibility and cross-platform support, while Commando VM provides a more streamlined experience for Windows users with pre-configured tools and integrations.

Metasploit Framework

Pros of Metasploit-Framework

  • Extensive library of exploits and modules for various vulnerabilities
  • Active community development and frequent updates
  • Cross-platform compatibility (Linux, macOS, Windows)

Cons of Metasploit-Framework

  • Steeper learning curve for beginners
  • Requires manual setup and configuration of tools
  • Limited GUI options, primarily command-line based

Code Comparison

Metasploit-Framework (Ruby):

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Example Exploit',
      'Description'    => 'This is an example exploit module',
      'Author'         => ['Example Author'],
      'License'        => MSF_LICENSE,
      'Platform'       => 'win',
      'Targets'        => [['Windows', {}]]
    ))
  end
end

Commando-VM (PowerShell):

function Install-CommandoVM {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$false)]
        [string]$ProfilePath
    )

    # Installation logic here
}

Note: Commando-VM is primarily a collection of tools and scripts for Windows, while Metasploit-Framework is a specific exploitation framework. The code comparison shows the different approaches and languages used in each project.

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Pros of LogonTracer

  • Focused tool for visualizing and analyzing Windows logon events
  • Lightweight and easy to deploy, requiring minimal setup
  • Provides interactive graph visualization for easier pattern recognition

Cons of LogonTracer

  • Limited scope compared to the comprehensive toolset of Commando VM
  • Requires log data to be prepared and imported manually
  • Less actively maintained, with fewer recent updates

Code Comparison

LogonTracer (Python):

def parse_evtx(evtx_file, output_file):
    parser = PyEvtxParser(evtx_file)
    for record in parser.records():
        event = json.loads(record['data'])
        # Process and write event data

Commando VM (PowerShell):

function Install-BoxStarter {
    [CmdletBinding()]
    param(
        [string] $Password
    )
    # Installation logic for Boxstarter
}

Summary

LogonTracer is a specialized tool for analyzing Windows logon events, offering easy deployment and visual analysis. However, it has a narrower focus compared to Commando VM, which provides a comprehensive Windows-based security distribution. LogonTracer is ideal for specific logon analysis tasks, while Commando VM offers a broader range of security tools and capabilities for penetration testing and security research.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

CommandoLogo

What is CommandoVM?

Complete Mandiant Offensive VM ("CommandoVM") is a comprehensive and customizable, Windows-based security distribution for penetration testing and red teaming. CommandoVM comes packaged with a variety of offensive tools not included in Kali Linux which highlight the effectiveness of Windows as an attack platform.

Requirements

  • Windows 10

Insider Preview editions of Windows are not supported

  • 60 GB Hard Drive
  • 2 GB RAM

Recommended

  • Windows 10 22H2
  • 80+ GB Hard Drive
  • 4+ GB RAM
  • 2 network adapters

Install Instructions

Deploy a Windows Virtual Machine

Where can I find a Windows 10 Virtual Machine?

Pre-Install Procedures

You MUST disable Windows Defender for a smooth install. The best way to accomplish this is through Group Policy.

In Windows versions 1909 and higher, Tamper Protection was added. Tamper Protection must be disabled first, otherwise Group Policy settings are ignored.

  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

It is not necessary to change any other setting (Real Time Protection, etc.)

Important! Tamper Protection must be disabled before changing Group Policy settings.

To permanently disable Real Time Protection:

  1. Make sure you disabled Tamper Protection
  2. Open Local Group Policy Editor (type gpedit in the search box)
  3. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  4. Enable Turn off real-time protection
  5. Reboot

Make sure to reboot before making the next change

To permanently disable Microsoft Defender:

  1. Make sure you rebooted your machine
  2. Open Local Group Policy Editor (type gpedit in the search box)
  3. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  4. Enable Turn off Microsoft Defender Antivirus
  5. Reboot

Installation

  1. Complete the pre-install procedures by disabling Defender
  2. Download and extract the zip of the Commando-VM repo
  3. Run PowerShell as Administrator
  4. Set-ExecutionPolicy Unrestricted -force
  5. cd ~/Downloads/commando-vm
  6. Get-ChildItem .\ -Recurse | Unblock-File
  7. .\install.ps1 for a GUI install or .\install.ps1 -cli for command-line

Troubleshooting

See the troubleshooting documentation for more information.

Credits

  • Jake Barteaux @day1player
  • Blaine Stancill @MalwareMechanic
  • Nhan Huynh @htnhan
  • Drew Farber @0xFarbs
  • Alex Tselevich @nos3curity
  • George Litvinov @geo-lit
  • Dennis Tran @Menn1s
  • Joseph Clay @skollr34p3r
  • Ana Martinez Gomez @anamma_06
  • Moritz Raabe
  • Derrick Tran @dumosuku
  • Mandiant Red Team
  • Mandiant FLARE

Legal Notice

This download configuration script is provided to assist penetration testers
in creating handy and versatile toolboxes for offensive engagements. It provides 
a convenient interface for them to obtain a useful set of pentesting Tools directly 
from their original sources. Installation and use of this script is subject to the 
Apache 2.0 License.
 
You as a user of this script must review, accept and comply with the license
terms of each downloaded/installed package listed below. By proceeding with the
installation, you are accepting the license terms of each package, and
acknowledging that your use of each package will be subject to its respective
license terms.