🌟 Internet Famous Jason Thor Hall / PirateSoftware / Maldavius Figtree / DarkSphere Creations / Maldavius / Thorwich / Witness X / @PotatoSec - Incompetent Furry Programmer, Blizzard Nepo Baby, Lies about almost every thing in his life, Industry Shill, Carried by his father, Hate boner against Ross Scott of Accursed Farms, False Flagger

Which will happen first?

  • Jason Hall finishes developing his game

    Głosy: 38 0,7%
  • YandereDev finishes developing his game

    Głosy: 604 10,7%
  • Grummz finishes developing his game

    Głosy: 150 2,7%
  • Chris Roberts finishes developing his game

    Głosy: 171 3,0%
  • Cold fusion

    Głosy: 2 090 37,0%
  • The inevitable heat death of the universe

    Głosy: 2 592 45,9%

  • Łączna liczba głosujących
    5 645
OT cyber security is still in it's infancy and you'll be extremely hard pressed to find any red teaming or pen testing gigs because people are still stupidly skiddish when it comes to OT.
I wouldn't say infancy but without one of the well known certifications (OffSec, INE, SANS / GIAC etc.) you would never earn a gig. As far as I know Maldy doesn't even have beginner level certified knowledge let alone offensive penetration skills. Most companies also just Audit their systems because guess what you can't really do offensive security on live systems without impacting their availability, performance or breaking laws regarding data privacy, data security.

Every third rate apprenticeship IT specialist learns how to do these audits it's nothing special and requires no higher education or god forbid, even a bachelor or master.

Was he ever seen on stream showing his certs or did he ever even talk about one? If no he's definitely lying. Not like I questioned that to begin with.
 
The comments on Ross's live stream today were... Amusing. "KF is 4chan on steroids... Best to avoid..." No, 4chan is run by literal feds to act as a honeypot and is simultaneously highly censored and curated. There's a difference. But someone did give him what I think is good advice, basically saying "The farms are supporting you whether you interact or not. Save yourself the backlash of associating with them, they won't be mad." I agree. I don't think the setback of having people screech at him for daring to speak with Null would be helpful to the movement in any way. And as conflict-averse as Ross is, it wouldn't help his mental state either. We don't need cooperation, thanks, or credit to support the movement, we can do it just for the love of watching Mald throw his hissyfits. And fuck, do I love watching Mald throw his hissyfits.
 
One hilarious thing about Mald is how people love calling him out so there's a very small genre of "Pirate Software lied" section of videos on Youtube and if you click one then you get more. If you type "PirateSoftware" in the search bar it's a list of controversies he will ban people for bringing up.
1751252752154.webp
 
And doesn't the stenography just return the string value anyways into the password field? I just did a stenography lab for my Associate's and the lab was put an image through the program, add some other shit to it, and it returned the password (I understand my case is anecdotal and I'm not sure of other ways what he could possibly be using, so correct me if I'm wrong or literally ignorant to other situations.

I got so frustrated upon discovering this:

I explained this previously, but this is exhibitionism at best and naivety at worst. Security by obscurity is unreliable, tedious, and hard to manage well.

Using steganography for his passwords gives us information that: a) his passwords are embedded in images on his local system, and b) the passwords are for his Twitch account (at least).

Anyone with enough willpower, time, and a reverse cipher oracle feeding in plaintext to match embedded patterns in the images can easily crack this shitshow.

Also, as they're embedded in static images, the passwords themselves are static. This means no key rotation, no master key rotation, and the fact that should the images' data change at all (common in compression, especially uploading), his passwords would be bit-shifted and unrecoverable.

That's fine, that's his prerogative. But claiming to be a cyber security expert and doing the opposite of what's considered standard (not even best: standard) practice demonstrates his enormous lack of understanding around the subject.

This is an obscure, tedious, slow, vulnerable, unreliable, multi-media-dependant, amateur display of what he believes to be elite security hygiene.

I'm not even touching on his allegedly security-controlled gitnet that pseudo-symlinks sensitive data from his federal contract job that was apparently not sensitive enough for him to be allowed to keep store said data after he left in the first place.

It absolutely reeks of incompetence.

Or we can Occam's razor this belief that he's done any of this and call him a fucking liar.
 
Moist using that as an opportunity to shit on Mald has made it safe and a move that gives moral good boy points to support SKG and criticize Mald.
I told a buddy of mine that this was the turning point. There were plenty of smaller channels talking about this and taking shots at Mald, but they were people like Endymion who I think most of the internet consider to be chudtubers. They don't have the ability to recruit anyone new to a cause because their audience is comprised solely of people they've pandered to and only watch to hear their opinion parroted back to them. A fight between Endymion subscribers and Mald subscribers would peter out pretty quick, because it's just two small echo-chamber groups having a pissing contest. If you really want to win a popularity contest and ruin someone's reputation, you need the normies on your side. Not the chudtubers or the breadtubers. The normies. They're the majority, and as such, the most incessant, obnoxious and powerful. I hate to give credit to Charlie but you're dead nuts accurate. As soon as the slop-tuber normie god himself made a video about Mald and didn't side with him, it was open season. It opened the floodgates to turn the backlash from a trickle to a tsunami, and Mald clearly wasn't expecting that.
 
The fact this guy is a somethingawful oldfag explains SOOO so much. All of these guys have the same "heh I don't give le fuck I'm too old and too cool for you 😏" attitude that you can immediately see though.
As far as I can see it was another "20 YeArS" type of deal. "Oh look, I'm from the oLd InTeRnEt, not like you newfags, worship me":
TooGrizzled-oMJWVr2-yXo-14900.mp4
Curious how he stopped saying cringe like that after the Mana Gem Event, so I guess he's not incapable of being self-aware. Still pretty funny hearing shit like "it just gives me vitamins" coming from Mald.
Is it the paywall-induced-echochamber that made goons so mentally disabled over time, or is it something else? This isn't the only insufferable up-his-own-ass faggot to be spawned out of SA, with the exact same attitude too. It's like the internet equivelant of a boomer (really, X-er) past his prime babbeling about how "you cunts wouldn't've survived a day in the 80s!" when confronted with a more traditional perspective.
Come to think of it, there's very little difference really.
 
I wouldn't say infancy but without one of the well known certifications (OffSec, INE, SANS / GIAC etc.) you would never earn a gig.
I'm specifically referring to OT. As an industry, OT cybersecurity is where IT was in the late 2000s/early 2010s. It's only within the last few years that people are treating it seriously which is hilarious considering I'd MUCH prefer an IT system going down than OT.
Most companies also just Audit their systems because guess what you can't really do offensive security on live systems without impacting their availability, performance or breaking laws regarding data privacy, data security.
Oh lordy lordy. You think people have controls in place for their OT infrastructure? Much less in the government. I can guarantee with near certainty that any OT network that Mald may have looked at a few years ago was flat and not segmented in any meaningful way. At the absolute best, there were usernames/passwords beyond admin and default credentials. OT was, and still is TBH, and funny lesson on duality.
 
Oh lord. Based on my experience it sounds like he was effectively on a project to conduct a cyber security audit. Blah blah blah, there's no way he was doing cool shit. Wanna know why? 2 things. DoE and Operational Technology. OT cyber security is still in it's infancy and you'll be extremely hard pressed to find any red teaming or pen testing gigs because people are still stupidly skiddish when it comes to OT. Multiply that with DoE (AKA GOVERNMENT) and lol.

In all likelyhood, he was probably roaming around with ONE information security guy the entire day who was constantly saying "yeah, shits fucked if any threat actors cared enough". On an OT network that was built years ago that didn't have cyber security in mind when it was architected. AND talking to a handful of electrical engineers that do not give a shit other than their systems being up and working.

Has he ever mentioned TempleOS? That's usually a pretty good barometer for if someone has jacked into the matrix or not. When I mentor wee lads, Saint Terry the Terrible is one of the first nuggets of knowledge I bestow.

YESSSS

Everything about what you said I've been struggling to put into words. OT security is still stuck in the stone age, and anyone pretending it’s some bleeding-edge war zone is either lying or doesn’t know what they’re looking at. It’s a mess of legacy systems, vendor lock-in, zero visibility, and patching policies that boil down to "don’t touch anything or it might break". The deeper you go down in system layers, the worse it gets. The idea that Mald was doing anything other than a glorified clipboard walk is laughable.

Pen testing in OT isn’t a thing in the way people like Mald want to fantasise about. Like you said, no one’s letting some rando run scans or exploits on a live power grid, let alone a nuclear station where I'm almost certain requires higher clearance. Most of these environments can barely handle being looked at the wrong way without something falling over. Everyone’s scared shitless that even passive monitoring might cause a fault and no one’s trusting some second-rate hack whose only prior experience was QA testing at Blizzard with that kind of access anyway.

And if this was a DoE project (doubtful), from what colleagues have told me and assuming it's anything like here, US gov audits are the definition of surface-level, compliance-first nonsense. Ticking boxes for operability. It’s all about documentation and paper trails, not actual threat hunting or security posture - that shit's more common in the private sector that aren't slave to federal oversight. Federal contractors probably got walked through a checklist, maybe talked to a few engineers who couldn’t care less about sec posture as long as the station doesn't explode, and leave with a report that boils down to "yep, this would be catastrophic if someone gave a shit". And they don't because they can't because the hardware is fucking OLD.

Mald wasn’t doing cyber ops. He wasn’t pulling packets off SPAN ports or analysing traffic from legacy PLCs. He was probably tailing some burned-out infosec or more likely a physical sec guard who's been screaming into the void for years, watching as that guy explains how broken everything is including his marriage. Then he went home and spun it into some delusional fantasy where he was seconds away from stopping an international threat actor, when what was more likely (if it happened at all) spent less than two hours noting physical security vectors like shitty keypads or cameras that were installed in the 80s.

His mere presence online is a waste of bandwidth.

/rant
 
Ostatnio edytowane:
He almost certainly saw his 4chan threads over the last few days too. Maybe even this very KF thread we're in. I guarantee you otherwise he'd have never mentioned the sexual attraction to ferrets.
Screen Shot 2025-06-28 at 04.39.54-fullpage.webp


:lossmanjack:

no one’s trusting some second-rate hack whose only prior experience was QA testing at Blizzard with that kind of access anyway.

That's common for him, is to just stumble up the ladder in any given field, with no prior education or experience, which leads me to doubt his claims wholesale. As you just said, went from QA at blizzard to "working for the DoE"... oh brother!

"Director of strategy" for a publisher.. why? In reality it's just a free check from his friend. FoH
 
Ostatnio edytowane:
Everyone’s scared shitless that even passive monitoring might cause a fault and no one’s trusting some second-rate hack whose only prior experience was QA testing at Blizzard with that kind of access anyway.

And if this was a DoE project (doubtful), from what colleagues have told me, US gov audits are the definition of surface-level, compliance-first nonsense.
He wasn’t pulling packets off SPAN ports or analysing traffic from legacy PLCs.

This bit really sticks out to me and I'm sure it's been said before, it would be absolutely retarded to have some random government contracting company touch those sensitive internal systems. Seeing how autistic we all are, I'm sure someone found where he was employed when he did this or was he actually directly hired by the DoE? If he wasn't then he's just straight up fucking lying about who he worked for. I don't have linkedin beacuse i fucking hate that site.
 
Has he ever mentioned TempleOS? That's usually a pretty good barometer for if someone has jacked into the matrix or not. When I mentor wee lads, Saint Terry the Terrible is one of the first nuggets of knowledge I bestow.
I'll have his phonebook if he utters name of holiest of holy
 
This bit really sticks out to me and I'm sure it's been said before, it would be absolutely retarded to have some random government contracting company touch those sensitive internal systems. Seeing how autistic we all are, I'm sure someone found where he was employed when he did this or was he actually directly hired by the DoE? If he wasn't then he's just straight up fucking lying about who he worked for. I don't have linkedin beacuse i fucking hate that site.

Of course he's lying, he's not a real dev or whatever he's pretending to be this day of the week, he just plays nerdy hacker guy on YouTube to people who don't know better.
 
Has he ever mentioned TempleOS? That's usually a pretty good barometer for if someone has jacked into the matrix or not. When I mentor wee lads, Saint Terry the Terrible is one of the first nuggets of knowledge I bestow.

"A deeply complex and beautiful piece of code" :story:
He mentions TempleOS a couple more times, but it's all very generic "brilliant programmer". I think it's safe to say he just saw some normie-tuber video.
 
He mentions TempleOS a couple more times, but it's all very generic "brilliant programmer". I think it's safe to say he just saw some normie-tuber video.
Well, from what I've seen, they both have some similar philosophies - I haven't looked too deeply at TempleOS's code, but I remember hearing Terry say some concerning things in his interviews about scope and encapsulation, etc. Terry largely has a philosophy of not wanting to be saved from himself, which I can respect, but it came off to me like he's the kind of guy who'd make everything globally accessible, which would make it a nightmare to work with. That's something he and Thor have in common, actually.

I'm not bashing Terry as a person, necessarily, but I've always gotten the sense that Terry is sort of an outsider artist as far as code goes, and I feel the need to assert that volume of effort and quality of effort are not inextricable. There can be a lot of something, but that doesn't imply that any of it is good, necessarily. The sheer amount of what he accomplished is impressive, sure, but that doesn't necessarily imply he did it in an especially-skillful way, and I see a bunch of people saying that because he built TOS on his own, that he must necessarily write good-quality code in doing it, when that's not necessarily true.

That said, that's also not me saying he's definitely a bad coder, just that I can't guarantee he's a particularly good one. If any of you guys have actually done a dive on Terry's code and I'm way off-base, though, by all means, put me in my place.
 
Ostatnio edytowane:
Random thought about SKG that I feel can be batted around. With the rise of legacy servers for MMOs like with WoW Classic and OSRS, it would be interesting to what can be done to preserve older version within the framework of the SKG initiative. Want to hear what all of you have to think.
 
Wstecz
Top Na dole