Episode: 4226
Title: HPR4226: JAMBOREE and Taco Bell!
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4226/hpr4226.mp3
Transcribed: 2025-10-25 21:42:18

---

This is Hacker Public Radio Episode 4226 from Monday the 14th of October 2024.
Today's show is entitled, J-A-M-V-O-R-E and Taco Bell.
It is hosted by Operator and is about 19 minutes long.
It carries an explicit flag.
The summary is, SOC Fortress Copilot Velociraptor Wazoo and Taco Bell Quesadilla Sauce.
Woo!
It's my attempt at, uh, what's the Robin Williams?
Missed outfire?
Uh, see?
It's before your time.
Anyways, this is Remember Critty with the-
Ow!
The episode of Hacker Public Radio with the host, Operator.
I am making, um, Taco Meat.
It was not a cooking show, but we won't see it asking today.
So today we're making, um, well, we have Taco Seasoning Mix, but we also have some, uh, original Taco Bell Seasoning Mix.
Honestly, it's just paprika, like a crap done paprika, and whatever else you want to put in there.
Some spices, and also thickening agent.
Any kind of, uh, uh, what do they call the cornstarch?
Want to put cornstarch in it and make it thick.
Um, some people like it to be goopy.
I like it greasy.
Um, Taco Meat, I specifically like greasy.
And I also beat it to death.
By that, I mean, I make the meat into-
I use two flat wooden spoons.
And this- this is not plastic.
Um, this is not the cast iron thing, but I usually use cast iron.
Um, two wooden spoons, and I just go-
Ah!
I'm not going to kill you with the audio of hacking up the meat.
But I will tell you about Jamboree's new feature.
Uh, single-click security operation center with Wazoo,
co-pilot from S.O.C. Fortress, not the Microsoft co-pilot.
And the other piece is Wazoo,
which is the kind of manager that brings all that together.
And then there is also Vosiraptor.
So Wazoo is supposedly an XDR.
Uh, Vosiraptor is sort of a EDR.
Um, if you've ever heard of OS query,
it's kind of the parent or the big brother of, uh,
or the little brother, the newer version of that.
You can actually do stuff to the endpoint,
whereas, um, things like OS query,
we don't only do read access.
You couldn't execute code necessarily without some modifications.
So, um, that will give you basically a one-click, single-click,
uh, S.O.C. Fortress,
co-pilot, Wazoo,
and Vosiraptor and all that stuff.
I'm going to be putting more secret sauce as it were.
We're talking about cooking, right?
Secret sauce to Vosiraptor,
because I want to try to get as close as EDR.
We pretty much have all the bases covered, open source,
except for EDR.
So we don't have any real good memory EDR stuff.
And about as close as you can get is something like, um,
Vosiraptor with, um,
maybe some, uh, Syslog,
and, um, WinLogby,
Chanigans.
They're probably as overlap there.
So I'm thinking I can get just Vosiraptor.
Um, so anyways,
uh, that is something to play with.
You can get a security operation center in six minutes.
So,
there's a lot of red teams out there.
A lot of red team tools out there.
There's plenty of things to pin test on.
There's plenty of other ways to do red team.
Activities, but there's nothing for, um,
for blue teams and making that stuff accessible.
So that's why I added it to Jamboree.
The other thing I added to Jamboree,
and this is that Jamboree,
like, Jamboree,
dot R McCurdy,
R-M-C-C-U-R-D-Y,
dot com,
and hopefully I'll remember to put it in the show notes.
But we have the usual suspects,
all the Android suite.
That's what it's been,
uh, it's a Java,
Magisk.
The original project was, uh,
Java, Android, Magisk,
Birk, Objection,
Emulator, Easy,
Jamboree.
Now, it's morphed into this.
I don't know what,
it's more of a
multiation installer,
kind of a jack of all.
Um, you got Birk suite,
you got Haxiom,
installer drivers,
you've got, um,
AVD,
which is the whole,
without the whole Android studio.
If you've ever had to do Android studio stuff,
this is like,
I think it's two minutes,
um,
to get everything going.
It installs Magisk for you.
It gives you the Birk certificates
and automatically uploads them to,
um, Birk suite,
or automatically downloads them to the,
uh, phone as a system shirt.
There's one time mobile security.
There's Frida,
the anti-root DSSL pinning.
There's an objection button.
There's a command line with ADB,
Java, Python, Git,
no prompts.
You get all those in one,
one deal.
You can also do,
uh, Postgres portable.
You've got Birk suite pro,
if you have a license,
Birk suite community,
with ZAP,
so you can use ZAP,
attack proxy through Birk suite.
So you can get the best of both worlds.
People like ZAP,
because it's easy to use,
scan, scan, go.
Birk suite gives you the,
getting into the weeds
and doing specific,
modifying requests.
So,
but Birk suite doesn't give you the easy,
click, click, click.
So ZAP gives you what Birk suite doesn't.
Birk gives you what ZAP does in their beautiful pair,
and you can do it for free.
So, um,
you got ZAP,
you got ADB logcat,
so you can look at your logs
from ADB,
or the Android.
Um,
shut down,
install base APKs,
we'll pull down.
There's a D-bloat UI,
which is kind of a work in progress,
but it was an idea,
was to run a bunch of D-bloat scripts
to give you the common stuff.
Um,
it's not really suggested
to necessarily run it,
of course,
on an emulated device.
It's not going to have any D-bloat.
But this is for your,
real hardware device.
If you've got a bunch of stuff,
it'll run this massive D-bloat tool,
that'll probably boot-loop your phone,
because there's so much crap out there.
Um, the other stuff is sharp-hound,
Neo4j and BloodHound.
Three clicks,
gives you the old-style
BloodHound stuff,
Active Directory tool,
if you haven't run it before,
especially on a legacy Active Directory system,
it'll look awful.
Um,
we're talking,
stuff that no one has ever seen before.
So,
those are great guys.
BloodHound guys are great.
They just,
um, added feature to add hybrid,
so if you have Active Directory in the cloud,
and on-prem,
which is the worst of both worlds
from the security perspective,
they have an enterprise product
that will bring it all together.
Um,
and that piece has been missing
for two or three years now.
Um, well,
ever since we went with the cloud.
Um,
we've got other GPT,
which kind of did a project,
Automatical Label 11,
for,
image generation,
SD.next,
which is stable diffusion,
another bridge of,
uh,
that stable diffusion bridge.
You got PyTherm,
which is a UI for,
um,
yeah, IDE,
or PyTherm,
because I've been writing
some PyTherm,
uh, WSL Oracle Linux,
WSL,
I'm going to subsist from Fllinix,
single-click,
um,
Ubuntu with Olama.
So you can got,
you can go ahead and click,
one click,
have Ubuntu running,
or,
uh, if you click,
yes,
it'll start up,
uh,
Olama before you,
you got a,
Olama server running.
Uh, let's see,
WSL,
as a C-forters,
go about it.
So that gives you all the horn,
the bells and whistles
for the blue team portable deal,
and I've got a video for that.
Um,
uh, WSL string,
this will shrink your images
for you.
Uh,
Silly Tavern,
which is a chatbot for,
um,
LOMs, essentially.
It's fun to play with,
and that's part of the,
it's kind of the stable-horn,
uh, mentality stuff
that I played with a couple of years ago,
uh, portable postgres,
Arduino IDE.
This is to build the duck-to-spark stuff.
I have these business cards as $2.
You can tape a,
basically,
portable USB Duckie,
which is a keyboard emulator
that you can,
you can program it to type
whatever payload you want.
So right now,
it just goes to my website,
uh, the window,
but window key are,
and then I'm going to create that time in there.
Um,
so it does that.
And the other piece is YouTube DLP,
which is a YouTube downloader.
That is,
you know,
a new YouTube downloader is easy to use.
You just click the button,
and it'll start download and stuff.
You can,
it'll open up a file,
and you just go to much URLs.
It'll fill out stuff down,
volatility three,
memory,
uh, forensics tool,
that automatically compiles a binary
a,
a nice,
a nice EPX packed binary
that will be,
um,
hopefully mostly,
off-escaded by, um,
by most,
IEDRs and stuff.
And then, of course,
update tamboury button.
You're using an old version of tambourine.
You want to just check.
Make sure you got the latest,
the greatest.
You can get that at a button,
or it'll start a new instance,
and you close the old instance window.
Um,
so that's,
where we're out of debt.
If you want to stick around,
we are eight minutes in,
so I've got you for a few more minutes.
We're going to make
Taco Bell,
uh,
quesadilla,
Taco Bell sauce.
We've got three pounds of meat here,
which is a lot,
you say,
but I can eat that in like two days,
with a kid.
So we're going to make the,
stay quesadilla sauce for Taco Bell.
The, the trip,
the trip to most of these zangie,
zangie,
or zangie sauces,
is, um,
at mayonnaise,
unfortunately,
or fortunately.
Um,
let's see,
Taco.
Let's see,
we got,
yeah,
copycat Taco Bell case at the,
time,
12 or 5 minutes of greedies,
half cup of mayonnaise,
probably blah, blah.
So we're going to double this,
at least.
So I'm going to get us a pot,
we got mayonnaise,
sour cream,
pickled jalapeno juice.
You want to get a big old,
big old thing about jalapeno juice,
or jalapenos from Costco.
I'll tell you,
mixing bowl is underrated.
Mixing bowl has to be rubber
on the bottom.
Also has to be not
shatter when you touch it.
There's an app called,
for Android call,
always on.
There's a bunch of them screen on.
Well,
it'll keep your phone on.
So if you're doing cooking
or whatever,
despite your security policy
on your corporate,
phones,
it just tells the phone to stay alive.
So,
you can also do that
just by watching a movie
or something.
Let a movie play in the background
or it will keep your phone on
no matter what.
You don't have to buy any security
policies.
Let's see.
So,
half cup of mayonnaise.
That means one cup of mayonnaise.
The other project I'm working on
is a media,
universal media trans coder,
saying,
I don't even know what to call it.
That is going to be
a few more months.
It's going to be part of an open
web UI,
open web UI,
plug-in,
or whatever.
Add-on.
Add-ons are kind of weird right now.
I don't know what's going on
with that whole space,
but add-ons are kind of broken right now.
So,
kind of waiting for that to patch itself out
or use pipes,
which is another way to program.
But I think the
pipes is kind of new or hotness
and it's got less features.
So,
I'm less inclined to use that.
We got a lot of grease in there.
Maybe too much.
But,
we're about that later.
So, we're going to do,
we have any dry ingredients.
A lot of dry ingredients now.
I usually try not to mess up a,
we're going to do a full cup of mayonnaise.
Oh, my God.
I go through this sauce,
like the water.
So, saying that I'm going to eat
like a full cup of mayonnaise
in like a week,
is not super healthy.
It's kind of a zany
sauce.
So, we're going to
didn't really
100% measure it,
but
we've got a lot of meat.
We've got
a lot of meat.
We've got
a lot of meat.
We've got a
service of
a lot of meat.
All right.
We've got a mayonnaise.
So,
gross.
I think mayonnaise
is gross,
but I haven't looked to eat it.
What else we need?
Manace,
our cream.
I'm going to do a full
not cottage cheese.
A full cup of sour cream.
We're going to eyeball this
because I do not want
to use the cup that I just
put much mayonnaise in.
Yeah.
Get a
used fork here.
What else have I been
working on?
Oh,
I've got a lab
at the maker space.
I'm going to do one
plop.
Two plop.
About this much.
I'm going to
do this.
I'm going to do this.
I'm going to do this.
I'm going to do this.
I'm going to do this.
I'm going to do this.
I'm going to do this.
I'm going to do this.
I'm going to do this.
About this much plop.
I can't go wrong with sour cream.
I don't like the fork.
I'm had to go get
tortillas and kid wanted to take
the bike to public's.
We got
five tires on the way back.
I didn't realize we had to go
to a scout's thing.
I mean,
that it'd be in like an
hour league for.
But it all worked out.
People they waited
around and they were all
doing other stuff.
So we've got
a minute.
It's got our
sour cream pickle
jalapeno tablespoons.
So yeah,
I'm just going to
pick a pickle
jalapeno diced.
Three tablespoons.
Pickle jalapeno diced.
So yeah,
so we're just going to
hum.
One,
two.
Yeah,
that kind of gives
it that zany
flavor.
Penning.
The jalapenos.
The jalapenos
gives it that
tame.
And you can emulate
the same thing just like
getting jalapenos.
Cutting them
up.
So then we want three
tablespoons, which is
going to be a lot more
in three.
That's going to be six.
So I should have six
tablespoons in here.
That's about
not enough.
That's six tablespoons.
Yeah.
Three.
Three is very
three both right?
Three tablespoons.
Pickle jalapeno diced.
And three
tablespoons.
Pickle jalapeno diced.
Okay.
So we're doing good there.
Uh,
slowly but surely
replacing all my
knives with
shun knives,
which are
good,
but that
this
this
steel is very
soft.
It's for
mainly for like sushi.
So
I started building out my
set of knives here,
loving,
you know,
fancy
knives and then
realize
you need like a,
what you want is like a
German,
okay, utility knife.
Like a German steak knife
that's got a hard,
nice, nice knife that's got
a hard steel.
Oh, my
kind of
no, anything about
anything at all about knives.
I just like
dropped things
and fancy knives.
Um,
yeah, you're
going to want like
a nice German
standing,
a sturdy knife.
And not these serrated
blood
blades that can cut
cans or whatever.
It's a bunch of
them, huh?
Um, that's like
not even
two tablespoons.
So I
got to get some more.
The key is to get
that.
Get this,
get these jalapenos in
here.
Diced,
nice and diced.
But don't want
the big chunks of
jalapenos in one
fancy steak case
it is.
Now,
um,
though,
not steak case it is,
but these are not
going to be
steaks.
This is going to be
beef.
KCDS.
But, uh, I'm going to make
steak, fancy steak for
myself.
My son is going to eat
the 30 pounds.
My son and I will eat
the 30 pounds.
Uh,
pack them up.
Um,
what do we just do?
Oh,
peanuts.
And we left it on
low for like a day.
And we realized it was
on low.
And had to
re-cook them.
Or you're not
really cooking them.
You're just making
them all salty.
All right.
We've got our
two ingredients.
We've got our two
pounds meat kind of
sitting on low
over there.
Trying to cook out
some of that.
Cook out some of the, uh,
water.
I'm also going to get this
grease in one single
place.
Let it pull up
over here.
That's, uh,
grease.
Right.
Put some, uh,
uh,
uh,
uh,
uh,
uh,
uh,
uh,
uh,
put some, uh,
right.
Put some,
um,
cornstarch in there.
All right.
Two teaspoons,
teaspoons
of accurate,
yeah, that's not
that much.
Two teaspoons
after you go.
We always
run out of chapters
after you go.
We have,
wow,
we don't have any.
That's why I say
I'm not going to make
sure.
Oh,
I am pepper,
it looks like
a white path
you get.
surely powder looks like paprika no paprika so that is a deal breaker we are not a stand still
Jesus too many spices um you buy them from the market like you're
I mentioned like it's not working you buy these at the market why
about a soda machine I think I did an episode on it maybe not um about uh
DIY soda she's a five gallon was this seven point five pound
CO2 with a regulator and then it comes with a little kit and you fill up two liter bottle so whatever
I am looking for what I'm looking for looking for
forgot paprika I don't think we have it so might have to go back to the store all for not
oh for a lot I'm going to have to eat something because I'm not eating dinner so we're gonna have to
bail on the paprika might go tonight what have we got here oh cinnamon again who eats cinnamon
I'm not a sweet cinnamon why do we have a metric ton of cinnamon can't complain I don't do the
they need cobwebs in here gross all right so paprika we know we need
I think it's a Google keep we've been trying Google keep to do a shared
profiless paprika
I got no idea that's spelled paprika all right well I guess that ends it I don't have any other
updates for you um all that you go and uh we were gonna have paprika cumin
and garlic granules, teaspoon, onion powder, salt and chili powder we did not check to see if I
had paprika I figured we had tons but we use salt Google take it easy have a good one
you have been listening to Hacker Public Radio at Hacker Public Radio does work today's show was
contributed by a HBR listener like yourself if you ever thought of recording podcast and click
on our contribute link to find out how easy it really is hosting for HBR has been kindly
provided by an onsthost.com the internet archive and our syncs.net on this otherwise stated
today's show is released on our creative comments attribution 4.0 international license