Jason Thor Hall / PirateSoftware / Maldavius Figtree / DarkSphere Creations / Maldavius / Thorwich / Witness X / @PotatoSec - Incompetent Furry Programmer, Blizzard Nepo Baby, Lies about almost every thing in his life, Industry Shill, Carried by his father, Hate boner against Ross Scott of Accursed Farms, False Flagger

[The ATF Disliked That]

It is very possible he "social engineered" one of the guys involved with the puzzles to get part of a solution at one of them.

He was probably the kid you always have in your group who did fuck all, but was just useful enough to contribute to the write up.

Mald considered it fair game to mislead people by not making it clear he was part of a team trying to solve those puzzles because that's "people hacking" or something.

If this was not specifically stated as against the rules for the event, I'm willing to throw him a bone for that. Despite his faggotry, he is very good at manipulation. Now, if an event is trying to test real skills on the actual task at hand and social engineering really has no part in it, then yeah call him the fuck out for it, and I would say make it against the rules, but yeah I know real world doesn't have any rules.

An "opsec specialist" that claims to favor steganography over a password manager like KeepassXC.

And doesn't the stenography just return the string value anyways into the password field? I just did a stenography lab for my Associate's and the lab was put an image through the program, add some other shit to it, and it returned the password (I understand my case is anecdotal and I'm not sure of other ways what he could possibly be using, so correct me if I'm wrong or literally ignorant to other situations. Now, I'm not autistic enough to do stenography. Just have a fucking password manager.

I've never been to DEFCON because it's an ego fest, can anyone verify?

I've heard it's a cool event, but for me, it's really niche to certain people, and I don't really have an interest in it. You see a lot of proof of concept presentations, skills events (where these black badges are handed out). I did go to a university event where it was like a "mini-DEFCON" where they showed you all these concepts and what to look out for. Some job fair like areas where you can see new employment opportunities.

Are there any clips of Maldy talking about Linux? Proficiency with Linux is basically a requirement for hacking and I can totally see him shit talking Linux because he's too stupid to learn a new environment.

I know there are some Linux clips of him. It may or may not have been pointed out in this thread, but I think he's said he doesn't use Linux(?). (Someone please help follow up on this, this is one of those, I wanna swear he said that type of moment).


Edit: A couple sentences added to make my thoughts more complete.

 

[Maeis]

I just did a steganography lab for my Associate's and the lab was put an imgae through the program, add some other shit to it, and it returned the password

I did that for my Digital Forensics. It's really cool and you can hide a lot of text before it gets obvious to the naked eye that the data's being screwed with. I don't know why nobody bothers with it.

 

[HackerX]

Speaking of which:

View attachment 7576683

I've never been to DEFCON because it's an ego fest, can anyone verify?

His jimmies are rustled:

View attachment 7576717

"People even tried to say my DEFCON challenge wins weren't real"

Nigga you were in a team.

Oh lord. Based on my experience it sounds like he was effectively on a project to conduct a cyber security audit. Blah blah blah, there's no way he was doing cool shit. Wanna know why? 2 things. DoE and Operational Technology. OT cyber security is still in it's infancy and you'll be extremely hard pressed to find any red teaming or pen testing gigs because people are still stupidly skiddish when it comes to OT. Multiply that with DoE (AKA GOVERNMENT) and lol.

In all likelyhood, he was probably roaming around with ONE information security guy the entire day who was constantly saying "yeah, shits fucked if any threat actors cared enough". On an OT network that was built years ago that didn't have cyber security in mind when it was architected. AND talking to a handful of electrical engineers that do not give a shit other than their systems being up and working.

Are there any clips of Maldy talking about Linux? Proficiency with Linux is basically a requirement for hacking and I can totally see him shit talking Linux because he's too stupid to learn a new environment.

Has he ever mentioned TempleOS? That's usually a pretty good barometer for if someone has jacked into the matrix or not. When I mentor wee lads, Saint Terry the Terrible is one of the first nuggets of knowledge I bestow.

 

[Aidan]

I did that for my Digital Forensics. It's really cool and you can hide a lot of text before it gets obvious to the naked eye that the data's being screwed with. I don't know why nobody bothers with it.

Steganography isn't restricted to images but there's probably a better way to do whatever you're trying to do. In Mald's case, his passwords aren't encrypted if he's being honest, which I hope he isn't. Then you get into how cumbersome his system is... when he could use a password manager which has an encrypted file and can be stored in an encrypted container. More secure and convenient.
You could decide to hide your encrypted container in another file using steganography and if he said that, it'd make some sense.

 

[Nothing Is Written]

Mald's solution online isn't the only solution online and the show collaborated with the guy behind the puzzle for DEFCON. In fact, he wasn't even the first to solve it at DEFCON so what is he talking about here? There's a whole post breaking this particular claim down and how he's blatantly lying for no reason.

From memory, the puzzle master "1o57" used his burner phone from previous DEFCONs, not his "personal" phone as Mald claims. Upon finding out they used one of his ASCII cyphers containing his burner number in the show (which was first publicly written up by other teams as you've pointed out, before Mald's), the dude was flattered:

 

[fukkit]

"Saying that i am sexually attracted to ferrets"

meanwhile spent however long on secondlife animating ferret cocks and paying for fursona art
CONFIRM OR DENY FERRET FUCKER

 

[The ATF Disliked That]

Steganography isn't restricted to images but there's probably a better way to do whatever you're trying to do. In Mald's case, his passwords aren't encrypted if he's being honest, which I hope he isn't. Then you get into how cumbersome his system is... when he could use a password manager which has an encrypted file and can be stored in an encrypted container. More secure and convenient.
You could decide to hide your encrypted container in another file using steganography and if he said that, it'd make some sense.

Which is another example on how much work he makes for himself. He's added more steps to the process for something so basic, like how he has shitty spaghetti code for his game.

From memory, the puzzle master "1o57" used his burner phone from previous DEFCONs, not his "personal" phone as Mald claims. Upon finding out they used one of his ASCII cyphers containing his burner number in the show (which was first publicly written up by other teams as you've pointed out, before Mald's), the dude was flattered:

View attachment 7577011View attachment 7577013View attachment 7577014

Mr Robot Debunked @ 21:00 (Has Chapter Skip) This guy points this out in video. Archive

 

[Nothing Is Written]

Are there any clips of Maldy talking about Linux? Proficiency with Linux is basically a requirement for hacking and I can totally see him shit talking Linux because he's too stupid to learn a new environment.

Yes, they're in this thread somewhere. He had trouble porting his game over to SteamOS for the Steam Deck (despite GMS virtually doing all the work for you), and from his lamentation it sounds like it simply came down to his inexperience with Linux.

 

[Onomatopoeia]

OT cyber security is still in it's infancy and you'll be extremely hard pressed to find any red teaming or pen testing gigs because people are still stupidly skiddish when it comes to OT.

I wouldn't say infancy but without one of the well known certifications (OffSec, INE, SANS / GIAC etc.) you would never earn a gig. As far as I know Maldy doesn't even have beginner level certified knowledge let alone offensive penetration skills. Most companies also just Audit their systems because guess what you can't really do offensive security on live systems without impacting their availability, performance or breaking laws regarding data privacy, data security.

Every third rate apprenticeship IT specialist learns how to do these audits it's nothing special and requires no higher education or god forbid, even a bachelor or master.

Was he ever seen on stream showing his certs or did he ever even talk about one? If no he's definitely lying. Not like I questioned that to begin with.

 

[Fats McGee]

The comments on Ross's live stream today were... Amusing. "KF is 4chan on steroids... Best to avoid..." No, 4chan is run by literal feds to act as a honeypot and is simultaneously highly censored and curated. There's a difference. But someone did give him what I think is good advice, basically saying "The farms are supporting you whether you interact or not. Save yourself the backlash of associating with them, they won't be mad." I agree. I don't think the setback of having people screech at him for daring to speak with Null would be helpful to the movement in any way. And as conflict-averse as Ross is, it wouldn't help his mental state either. We don't need cooperation, thanks, or credit to support the movement, we can do it just for the love of watching Mald throw his hissyfits. And fuck, do I love watching Mald throw his hissyfits.

 

[Aidan]

Mr Robot Debunked @ 21:00 (Has Chapter Skip) This guy points this out in video. Archive

One hilarious thing about Mald is how people love calling him out so there's a very small genre of "Pirate Software lied" section of videos on Youtube and if you click one then you get more. If you type "PirateSoftware" in the search bar it's a list of controversies he will ban people for bringing up.

 

[Nothing Is Written]

And doesn't the stenography just return the string value anyways into the password field? I just did a stenography lab for my Associate's and the lab was put an image through the program, add some other shit to it, and it returned the password (I understand my case is anecdotal and I'm not sure of other ways what he could possibly be using, so correct me if I'm wrong or literally ignorant to other situations.

I got so frustrated upon discovering this:

I explained this previously, but this is exhibitionism at best and naivety at worst. Security by obscurity is unreliable, tedious, and hard to manage well.

Using steganography for his passwords gives us information that: a) his passwords are embedded in images on his local system, and b) the passwords are for his Twitch account (at least).

Anyone with enough willpower, time, and a reverse cipher oracle feeding in plaintext to match embedded patterns in the images can easily crack this shitshow.

Also, as they're embedded in static images, the passwords themselves are static. This means no key rotation, no master key rotation, and the fact that should the images' data change at all (common in compression, especially uploading), his passwords would be bit-shifted and unrecoverable.

That's fine, that's his prerogative. But claiming to be a cyber security expert and doing the opposite of what's considered standard (not even best: standard) practice demonstrates his enormous lack of understanding around the subject.

This is an obscure, tedious, slow, vulnerable, unreliable, multi-media-dependant, amateur display of what he believes to be elite security hygiene.

I'm not even touching on his allegedly security-controlled gitnet that pseudo-symlinks sensitive data from his federal contract job that was apparently not sensitive enough for him to be allowed to keep store said data after he left in the first place.

It absolutely reeks of incompetence.

Or we can Occam's razor this belief that he's done any of this and call him a fucking liar.

 

[Fats McGee]

Moist using that as an opportunity to shit on Mald has made it safe and a move that gives moral good boy points to support SKG and criticize Mald.

I told a buddy of mine that this was the turning point. There were plenty of smaller channels talking about this and taking shots at Mald, but they were people like Endymion who I think most of the internet consider to be chudtubers. They don't have the ability to recruit anyone new to a cause because their audience is comprised solely of people they've pandered to and only watch to hear their opinion parroted back to them. A fight between Endymion subscribers and Mald subscribers would peter out pretty quick, because it's just two small echo-chamber groups having a pissing contest. If you really want to win a popularity contest and ruin someone's reputation, you need the normies on your side. Not the chudtubers or the breadtubers. The normies. They're the majority, and as such, the most incessant, obnoxious and powerful. I hate to give credit to Charlie but you're dead nuts accurate. As soon as the slop-tuber normie god himself made a video about Mald and didn't side with him, it was open season. It opened the floodgates to turn the backlash from a trickle to a tsunami, and Mald clearly wasn't expecting that.

 

[31. Januar]

The fact this guy is a somethingawful oldfag explains SOOO so much. All of these guys have the same "heh I don't give le fuck I'm too old and too cool for you " attitude that you can immediately see though.

As far as I can see it was another "20 YeArS" type of deal. "Oh look, I'm from the oLd InTeRnEt, not like you newfags, worship me":
View attachment 7574150
Curious how he stopped saying cringe like that after the Mana Gem Event, so I guess he's not incapable of being self-aware. Still pretty funny hearing shit like "it just gives me vitamins" coming from Mald.

Is it the paywall-induced-echochamber that made goons so mentally disabled over time, or is it something else? This isn't the only insufferable up-his-own-ass faggot to be spawned out of SA, with the exact same attitude too. It's like the internet equivelant of a boomer (really, X-er) past his prime babbeling about how "you cunts wouldn't've survived a day in the 80s!" when confronted with a more traditional perspective.
Come to think of it, there's very little difference really.

 

[HackerX]

I wouldn't say infancy but without one of the well known certifications (OffSec, INE, SANS / GIAC etc.) you would never earn a gig.

I'm specifically referring to OT. As an industry, OT cybersecurity is where IT was in the late 2000s/early 2010s. It's only within the last few years that people are treating it seriously which is hilarious considering I'd MUCH prefer an IT system going down than OT.

Most companies also just Audit their systems because guess what you can't really do offensive security on live systems without impacting their availability, performance or breaking laws regarding data privacy, data security.

Oh lordy lordy. You think people have controls in place for their OT infrastructure? Much less in the government. I can guarantee with near certainty that any OT network that Mald may have looked at a few years ago was flat and not segmented in any meaningful way. At the absolute best, there were usernames/passwords beyond admin and default credentials. OT was, and still is TBH, and funny lesson on duality.

 

[Glowie]

The people in his Discord are fucking retarded, talking about how americans are signing it.
View attachment 7572465
View attachment 7572464
View attachment 7572463

They're furfags with severe case of coomer rain, what else is new? They ban anyone who isn't kissing Thor's ass.

 

[SlyVMan]

I honestly wonder what this secret project even is that he had to delay working on Heartbound til now.

 

[potato sack]

I honestly wonder what this secret project even is that he had to delay working on Heartbound til now.

View attachment 7577159

can you imagine he reached 100% and finished enemas?

 

[The Stranger]

I honestly wonder what this secret project even is that he had to delay working on Heartbound til now.

View attachment 7577159

Taking the poop gnome's knot

 

[Nothing Is Written]

Oh lord. Based on my experience it sounds like he was effectively on a project to conduct a cyber security audit. Blah blah blah, there's no way he was doing cool shit. Wanna know why? 2 things. DoE and Operational Technology. OT cyber security is still in it's infancy and you'll be extremely hard pressed to find any red teaming or pen testing gigs because people are still stupidly skiddish when it comes to OT. Multiply that with DoE (AKA GOVERNMENT) and lol.

In all likelyhood, he was probably roaming around with ONE information security guy the entire day who was constantly saying "yeah, shits fucked if any threat actors cared enough". On an OT network that was built years ago that didn't have cyber security in mind when it was architected. AND talking to a handful of electrical engineers that do not give a shit other than their systems being up and working.

Has he ever mentioned TempleOS? That's usually a pretty good barometer for if someone has jacked into the matrix or not. When I mentor wee lads, Saint Terry the Terrible is one of the first nuggets of knowledge I bestow.

YESSSS

Everything about what you said I've been struggling to put into words. OT security is still stuck in the stone age, and anyone pretending it’s some bleeding-edge war zone is either lying or doesn’t know what they’re looking at. It’s a mess of legacy systems, vendor lock-in, zero visibility, and patching policies that boil down to "don’t touch anything or it might break". The deeper you go down in system layers, the worse it gets. The idea that Mald was doing anything other than a glorified clipboard walk is laughable.

Pen testing in OT isn’t a thing in the way people like Mald want to fantasise about. Like you said, no one’s letting some rando run scans or exploits on a live power grid, let alone a nuclear station where I'm almost certain requires higher clearance. Most of these environments can barely handle being looked at the wrong way without something falling over. Everyone’s scared shitless that even passive monitoring might cause a fault and no one’s trusting some second-rate hack whose only prior experience was QA testing at Blizzard with that kind of access anyway.

And if this was a DoE project (doubtful), from what colleagues have told me and assuming it's anything like here, US gov audits are the definition of surface-level, compliance-first nonsense. Ticking boxes for operability. It’s all about documentation and paper trails, not actual threat hunting or security posture - that shit's more common in the private sector that aren't slave to federal oversight. Federal contractors probably got walked through a checklist, maybe talked to a few engineers who couldn’t care less about sec posture as long as the station doesn't explode, and leave with a report that boils down to "yep, this would be catastrophic if someone gave a shit". And they don't because they can't because the hardware is fucking OLD.

Mald wasn’t doing cyber ops. He wasn’t pulling packets off SPAN ports or analysing traffic from legacy PLCs. He was probably tailing some burned-out infosec or more likely a physical sec guard who's been screaming into the void for years, watching as that guy explains how broken everything is including his marriage. Then he went home and spun it into some delusional fantasy where he was seconds away from stopping an international threat actor, when what was more likely (if it happened at all) spent less than two hours noting physical security vectors like shitty keypads or cameras that were installed in the 80s.

His mere presence online is a waste of bandwidth.

/rant