Complete Mandiant Offensive VM ("CommandoVM") is a comprehensive and customizable, Windows-based security distribution for penetration testing and red teaming. CommandoVM comes packaged with a variety of offensive tools not included in Kali Linux which highlight the effectiveness of Windows as an attack platform.
- Windows 10
Insider Preview editions of Windows are not supported
- 60 GB Hard Drive
- 2 GB RAM
- Windows 10 22H2
- 80+ GB Hard Drive
- 4+ GB RAM
- 2 network adapters
Deploy a Windows Virtual Machine
You MUST disable Windows Defender for a smooth install. The best way to accomplish this is through Group Policy.
In Windows versions 1909 and higher, Tamper Protection was added. Tamper Protection must be disabled first, otherwise Group Policy settings are ignored.
- Open Windows Security (type
Windows Security
in the search box) - Virus & threat protection > Virus & threat protection settings > Manage settings
- Switch
Tamper Protection
toOff
It is not necessary to change any other setting (
Real Time Protection
, etc.)
Important! Tamper Protection must be disabled before changing Group Policy settings.
To permanently disable Real Time Protection:
- Make sure you disabled Tamper Protection
- Open Local Group Policy Editor (type
gpedit
in the search box) - Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
- Enable
Turn off real-time protection
- Reboot
Make sure to reboot before making the next change
To permanently disable Microsoft Defender:
- Make sure you rebooted your machine
- Open Local Group Policy Editor (type
gpedit
in the search box) - Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
- Enable
Turn off Microsoft Defender Antivirus
- Reboot
- Complete the pre-install procedures by disabling Defender
- Download and extract the zip of the Commando-VM repo
- Run PowerShell as Administrator
Set-ExecutionPolicy Unrestricted -force
cd ~/Downloads/commando-vm
Get-ChildItem .\ -Recurse | Unblock-File
.\install.ps1
for a GUI install or.\install.ps1 -cli
for command-line
- Jake Barteaux @day1player
- Blaine Stancill @MalwareMechanic
- Nhan Huynh @htnhan
- Drew Farber @0xFarbs
- Alex Tselevich @nos3curity
- George Litvinov @geo-lit
- Dennis Tran @Menn1s
- Joseph Clay @skollr34p3r
- Ana Martinez Gomez @anamma_06
- Moritz Raabe
- Derrick Tran @dumosuku
- Mandiant Red Team
- Mandiant FLARE
This download configuration script is provided to assist penetration testers
in creating handy and versatile toolboxes for offensive engagements. It provides
a convenient interface for them to obtain a useful set of pentesting Tools directly
from their original sources. Installation and use of this script is subject to the
Apache 2.0 License.
You as a user of this script must review, accept and comply with the license
terms of each downloaded/installed package listed below. By proceeding with the
installation, you are accepting the license terms of each package, and
acknowledging that your use of each package will be subject to its respective
license terms.