Have any of you built the Metasploitable 3 target VM? It’s not a simple job, but you can do it if you can follow instructions.
Now FireEye has created a Windows red-team VM, the “Commando VM” (sorry but that makes me think of “going commando”).
Creating a Windows attack or victim machine is tricky because of licensing. Metasploitable 3 does it by installing tools over a 90-day licensed Windows demo installation, which means you’ll have to rebuild it periodically. Commando VM does it by simply making you install a Windows VM with your own media/license, and installing the tool set on top of that.
I haven’t downloaded and built this yet, but I will. We’d all like to hear from anyone who’s used this VM. Could be pretty cool …
https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html