Commando VM for Pentesting With Windows

Hello Everyone,

Just a really quick share with you all on a recent VM release from fireeye !

Hope you all enjoy giving it a trial let me know what you think.



I installed it recently, took hours. Still testing . I’ll post pics shortly

Can’t wait to try it out as I’m moving to a mostly Windows environment soon enough, I’ll install it then.

I think its a good way to run under the radar, considering most network monitors already look for kali host names, only been able to play around a little but so far has everything i expected.


It would be very amateurish for any experienced hackers to use a Kali VM for pentesting engagements or ops :wink:

1 Like

very true, but our local red team is a bit lazy, makes it way easier for my blue team to work :smile:

I’m a bit confused, how exactly is this a VM?
It seems like all they offer you is a one click installation for a whole bunch of penetration testing software.

its not a VM image or ISO, its meant to be installed on a win10 or win7 VM you already have provisioned, so yeah the name is a bit inaccurate

I see, well I don’t like bloat that much so I’ll probably hold off on this one.
But I did check out what tools they have and I don’t know all of them, so I’m just going to use it as a reference point to learn more pentester tools.

1 Like

The installation script gets rid of all the shitty default programs… I can confirm that.

Installed it last night and slept while it was installing. I took a peek at the installation script which is pretty much a powershell script, but hey… it works. Anyways, pretty much the script uses boxstarter ( which after reading what it is on their site, choco is like a repo on Linux which are used for apt and installing packages and dependencies.

Personally, this seems like a great idea and I am kind of impressed?

1 Like

Yes i installed it as well. Took hours but, it was worth it. I enjoy this experience.

Thank yoı, i’m going to install it

After testing this a little, it’s definitely better on a VM. You can install it straight to the physical machine, but during the install it disables a lot of security features to make the installs go smoother.

Also, if you run into issues, being able to rollback to snapshots really helps.

1 Like

So what I did on both the physical machine I installed CVM on and the virtual machine was I installed flare-vm on top of it. I also installed mingw-x64 and Pelles-C IDE among a bunch of other debuggers and decompilers that were not installed by default. I don’t personally like using chocolatey for installing new programs though, I don’t know why. Maybe it’s just because I’m old

I personally like having both a virtual machine (obviously) and a physical system. The physical system boots a lot faster due to being on raw hardware while the VM is useful for malware analysis because you control the environment, can rollback, can clone, can edit the existence of every instance you create to your hearts content easier than the raw hardware counterpart.

Of course this is just my personal opinion like saying geany is better than notepad++, or using pulma over gvim


This looks great, thank you for sharing.

1 Like

I waited too long to get a good Windows VM on-hand. After using Commando, I don’t want to go into an AD environment without it.