I have tried digging into Jason Hall's "cybersecurity" / "security research" past and I have been unable to find information that substantiates his skills as a security researcher. The only thing he appears to ever discuss is social engineering, which is hardly technical, or particularly difficult. He even himself describes it as the easiest form of hacking.
His primary credential to his 1337 hacking skills are his DEF CON badges, but if you review the writeup(s), they, again, appear to contain little-to-no technical information. Furthermore, it is apparent that for all these wins, it is not Jason Hall winning, but it is a team of 10-13 people. I doubt he even has a single badge in his possession.
Also his love for stenography is reminiscent of a retard who grew up watching a few too many Cicada 3301 documentaries.
A problem of course is that half of the URLs where the courses were hosted are now offline, For example, co9[.]io, the group he got most badges with, is offline, and their last tweet was 2022:
For his "third" badge in DEFCON 24, there were 13 team members:
The description on his (teams) website is "vulnerability disclosures and rambles on application security" yet nothing of the sort can be found on the page.
Archive
Quick overview for those who want to read themselves:
DEFCON24 (2016, 13 members):
Archive
DEFCON23 (2015, 12 members):
Archive
DEFCON22 (2014, 2? members):
Archive
Word on the street is that he has three black badges, but I can only find evidence that he *won* (
was present for the winning of) two. If you review the listing of Black Badge winners, he only appears twice:
https://github.com/DefconParrot/Black-Badge-Winners
It would seem that he only won 24 and 23, not the 22 badge, or any other badges.
He also has a completely dead GitHub account with the same profile picture as his PotatoSec Twitter Account (notice the lack of contributions even to private repositories):
https://github.com/Thorwich (
Archive)
I've been able to find a post on the hashcat forums from a user named Thorwich back in 2015, which struggled to get the tool running on his bespoke GeForce GTX 980M.
Link:
https://hashcat.net/forum/thread-4345-post-24776.html (
Archive)
Hashcat is a tool for performing hash cracking // "password recovery". This does imply some sort of security research being attempted, but also hints that it may have been unsuccessful.
His domain where he used to store his ""crypto"" challenges, potatopla[.]net, is currently up for sale for around 500 $. If anyone has discovered any technical reporting from Mr. Software, please let me know, because I'd love to read it.
If you look at the source code to their website (gopiratesoftware[.]com, IP 45.79.71[.]37) you'll find this bitcoin wallet:
34zDcJftTVo2XFs6y1HwrhpLFDNncqukTa
Which according to Blockchain Explorer has 1.28396737 BTC, which is worth around $69,760.32.
Check this out this Transaction ID, where he received 47k$ in BTC from 31 different wallets: 2a74119c0e3741e97b50a43f9627ae7b2fbe86ef901c023e287c27496dbe0518