Basterlord released the much sought after 2nd version of his manual on Twitter.
Translation:
The advantage for those who bought the manual is saved, I publish only the manual without additional materials, lists of IP addresses for the check and other material necessary for work.
This appears to be most of the same manual that the team at Prodaft wrote about several months ago. The manual is filled with beautiful, if occasionally gory, images and a lot of hype for itself:
Translation (roughly):
Warning!
The material contains killer content!
All coincidences with real companies are just coincidences!
The manual is supposed to provide tools to help wannabe initial access brokers get into the business, but it is very light on details and and methods and is much more interested in hyping up Basterlord and telling war stories.
The first piece of advice is to rent a server (duh), but it doesn’t really tell the reader how to do that (in fairness, the fuller version of the manual may discuss this in more detail). If you need help setting it up? Basterlord’s advice: Google It. Which isn’t wrong, but I would expect more of a concierge service for $10k.
His first real piece of advice, use Metasploit to scan for Cisco SSL VPNs with default or common credentials. He also suggested Fortinet, but was afraid there would be too many of them.
Next he advises scanning for Microsoft machines with port 88 open.
This he does a better job of explained what to do with that information once you have scanned it (see translated document below).
He also talks about targeting ESXi servers, scanning and attempting password re-use techniques in order to gain access, if that doesn’t work he offers advice about looking for information on then network. He also includes a couple of common passwords that he has used in the past.
None of the techniques outlined in the manual are particularly groundbreaking or unique. I have seen the same techniques outlined in underground forums and message boards. The point is, they don’t need to be advanced to work, as we have seen time and time again.
In the short term there will likely be an increase in threat actors trying out these techniques, so I would recommend reviewing them and ensuring you are protected.
Overall, I give the manual 1 out of 5 stars.
Thanks to Jon Dimaggio for providing the translated text in document format.