I’ve been thinking about gifts for Hackers and Makers lately as the holiday season arrives. I decided I’d build a public list of some of my favorite things (and perhaps some things I’d like myself as well!) I’ll break it down into a few categories for different kinds of hackers (and different kinds of gifters as well). Prices are current as of writing, but not something I’ll be updating.
- Stocking Stuffers (Under about $20)
- For Penetration Testers & Red Teamers
- For Hardware Hackers & Electronics Makers
- For InfoSec Students & N00bs
- Geek & Hacker Apparel
- Young Hackers & Makers
Stocking Stuffers (Under about $20)
Yubico U2F Security Key
The U2F Security Key by Yubico is a hardware 2-factor authentication token compatible with the Fido Alliance Universal 2-Factor (U2F) standard. This includes sites like Google (GMail), Github, Gitlab, Bitbucket, Dropbox and Facebook. Unlike SMS, U2F can’t be intercepted by an adversary (even in countries with government-run telcos). It continues to work with a dead battery in your smartphone, and is backed by a hardware secure element. It still won’t protect you against malware on your computer, but it’s a dramatic increase in security for most threat models. Everyone should have two security keys: one for daily use, and a backup (already enrolled) in a safe place in case something happens to the primary. $17 at Amazon
Red Team Field Manual
The Red Team Field Manual is a versatile guide for anyone who quickly needs to perform security tasks on both Windows and Linux. Though mostly targeted towards penetration testers & red teamers, this is useful for system administrators who spend most of their time on one platform but need to work on the other occasionally, or for budding infosec students getting used to working on their non-native platform. It provides command lines for a number of different tasks on both platforms, including:
- Networking Commands (ip address, routing table, etc.)
- Common file operations (search, replace, extract, hash, etc.)
- Common file locations (password hashes, configuration, etc.)
- Basic scripting operations (bash, python, powershell)
This is not reading material – it’s strictly a reference, but in a quite handy format & form factor. $9 at Amazon
iFixit Essentials Toolkit
The iFixit Essentials Toolkit is a smaller version of my favorite toolkit, the iFixit Pro Tech Toolkit. It contains a high quality screwdriver handle, the most frequently used screwdriver bits, and several tools useful for opening all kinds of devices, including smartphones, routers, and pretty much any other IoT device out there. It comes in a nice case that uses neodymium magnets to hold it closed. It also supports iFixit, who produce some really high quality teardowns and post it all online for free. $19.99 at Amazon
For Penetration Testers & Red Teamers
WiFi Pineapple Nano
Hak5’s WiFi Pineapple may be the best-known piece of hacking hardware out there. In the current generation, the Nano offers two radios built-in, making it perfect for a repeater style setup. In addition to the use as an attack device, allowing penetration testers to conduct wireless audits, attacks on clients, and other kinds of applied attacks, the Pineapple is also great for the hacker on the go. I often use mine to connect to hotel WiFi on one radio, perform a VPN link back to a VPN server, and provide a WPA2 hotspot on the other radio. Few other travel APs can provide this kind of functionality, so bringing the Pineapple Nano on the road with me always gives a lot of flexibility and options. $99.99 at HakShop
Packet Squirrel
If the WiFi Pineapple is a Swiss Army Knife for WiFi networks, then the Packet Squirrel is that for wired ethernet. As a physical man-in-the-middle (MitM) device, the Packet Squirrel allows you to perform network attacks, modify traffic, or just VPN your own devices. (Even multiple devices if a network switch is connected behind the Packet Squirrel.) While the Wifi Pineapple may be the classic Hak5 tool (perhaps excepting the USB rubber ducky), the Packet Squirrel is the newest member of the family. I haven’t had a chance to do much with mine yet, but it looks promising and has a ton of cool features. $59.99 at HakShop
Red Team: How to Succeed By Thinking Like the Enemy
Not just about Information Security Red Teaming, this book by Micah Zenko describes the way in which adversarial simulation helps organizations strengthen their posture. By taking a look at the role played by assumed attackers, it helps demonstrate how understanding the enemy leads to be better defenses, and how playing the enemy leads to finding previously unknown weaknesses in defenses. $20.32 at Amazon
Unauthorised Access: Physical Penetration Testing for IT Security Teams
Red Teaming takes on many forms, and understanding physical security is important for any penetration tester or red teamer, even if he or she does not actually execute physical attacks. Knowing about the possibilities in the physical space helps to understand risks and compensating controls. Unauthorised Access: Physical Penetration Testing for IT Security Teams by Will Allsopp describes the basics of penetration testing physical access controls (mostly buildings and datacenters) and will help you to look at these controls in an entirely new light. $25.43 at Amazon
For Hardware Hackers & Electronics Makers
Brymen BM235 Multimeter (EEVBlog Model)
When doing any electronics work, whether it’s making, debugging, reverse engineering, or any other form of hacking, being able to take voltage, current, resistance and other readings is critical. The typical tool of choice for this is the handheld multimeter, and the Brymen BM235 is my favorite multimeter. While there are surely better multimeters out there (the Fluke 87V is probably the best known multimeter for electronics work), this Brymen offers most of the features at a significantly lower price. Most hobbyists and hardware hackers don’t need the resolution of the 87V or similar multimeters, but the Brymen still offers good functionality, and most importantly, is a quality multimeter with proper safety features. $125 at Amazon
Dremel Cordless Rotary Tool
The Dremel 8220 is a 12V cordless rotary tool. You can use it to cut, grind, or drill all kinds of materials. I’ve used mine to cut openings in project boxes for several electronics projects, to open ultrasonically welded electronics devices, and even the occasional home improvement project. While they have corded models as well, I find the cordless model more convenient, especially when working on my patio. (Being in Silicon Valley, I don’t exactly have room for a full workshop.) $99.00 at Amazon
TUMPA Multi-Protocol Adapter
The TIAO USB Multi-Protocol Adapter, or TUMPA for short, is a multi-protocol interface, allowing for JTAG, SPI, UART, RS-232, and SWD. All of this is useful for interfacing with all kinds of hardware, like dumping flash, using JTAG to examine the running state of a CPU, or even just basic UART interfacing. Like so many of these multi-interface systems, it uses an FTDI FT-2232H chip, but this one has neatly designed interface connections and a great support wiki. $39.99 at Amazon
Ubertooth One
Given the proliferation of Bluetooth devices, the Ubertooth One is an essential device for assessing modern Internet of Things devices. The Ubertooth is essentially a Software Defined Radio (SDR) for bluetooth, allowing the security professional to examine, capture, modify, and replay bluetooth frames. Find out what your gadgets are sending to each other or look for bugs in the firmware itself. $127.95 at Amazon
Adafruit & Sparkfun Gift Certificates
Adafruit and Sparkfun are retailers of a variety of maker & hardware hacking supplies. Both have a wide variety of tools and parts and both support Open Source Hardware and the maker movement. Get an Adafruit or Sparkfun Gift Certificate if you don’t know what your favorite maker might want.
For InfoSec Students & N00bs
Hacking: The Art of Exploitation
Hacking: The Art of Exploitation may not be the most recent book, but it’s still a good read for those new to the binary exploitation areas of security. It’s an excellent introduction, and contains lots of still-relevant material, even if it doesn’t include bypasses for all the latest mitigations. $39.55 at Amazon
DT2000 Hardware Encrypted Flash Drive
The DT2000 is a flash drive from Kingston that features a keypad to allow the entry of a PIN allowing access to the hardware-encrypted contents. Contents are encrypted by 256 bit AES, and I have it on good word that this device has fairly properly implemented their encryption. They’re obviously significantly more expensive than stock flash drives, but the encryption and the case make them a great place to protect important documents and files including backups of password managers (you do use a password manager, don’t you?), financial records, medical records, GPG keys, and other sensitive data. I use an older USB 2.0 encrypted flash drive, and have been looking a lot at an upgrade, and the DT2000 would be at the top of my list. $124.88 at Amazon
Offensive Security Training
There are few things I’m prouder of than holding both the OSCP and OSCE certifications. They teach hands-on practical Offensive Security (hence the name) and do an incredible job of it, especially for those who learn best by doing. With fully immersive labs and exams that require doing instead of answering some multiple choice questions, these really push security professionals to the next level. If you know someone who can “Try Harder”, this is a great gift to get for them.
Raspberry Pi 3
Ever since the Raspberry Pi first hit the market, it’s been a popular option with Hackers and Makers. This starter kit gives everything you need to get started with the Raspberry Pi 3, which is the latest iteration of the full-sized Raspberry Pi. The 3 includes integrated WiFi and Bluetooth, so no more need for a dongle for that. One of the nicest features with the Raspberry Pi is how trivially you can switch your operating system: just swap to another MicroSD card. You can have one card with Raspbian, another with Kali, etc. Likewise, if you manage to terribly misconfigure your system, you can either move the MicroSD to another computer to fix it or just reflash it to a stock system. Though the Raspberry Pi 3 alone is $35, the kit with a case, power supply, heatsinks, MicroSD card, etc., is $69.99 at Amazon.
Geek & Hacker Apparel
Despite the Security Weekly suggestion to Hack Naked, there are a couple of providers of fine hacking apparel to be found because most hackerspaces and offices do require clothing:
Young Hackers & Makers
You’ll have to make your own decisions about the age appropriateness of each of the options here for the young hackers & makers in your life. I’m clearly not an expert in that area, but decided I’d share my thoughts anyway. (Plus, many of these items are fun for older hackers exploring new areas too!)
Circuit Playground Express
For the first foray into embedded systems and microcontrollers, I recommend the Circuit Playground Express from Adafruit. It allows programming the device in MicroPython and loading your code is as simple as plugging in and seeing it appear as a USB mass storage device. Save your micropython program to the device, hit reset, and see it run. It contains 10 Neopixel-style RGB LEDs, a thermometer, light sensor, accelerometer, sound sensor, speaker, buttons, switches, and more! It does require a bit of understanding of electronics, but it’s a great start into programming for the physical world. $32.99 on Amazon or $24.95 direct from Adafruit
Lego Mindstorms EV3
The LEGO Mindstorms EV3 is the robots kit I wish I had when I was a kid. While I did eventually get an original Mindstorms kit, the modern LEGO Robotics kit has far more features and has three kinds of sensors and two kinds of motors. Instructions for building multiple robots are included. If you (or your young hacker) gets bored of the built-in firmware and programming interface, it turns out the EV3 programmable brick is actually a fully-featured Debian Linux computer, for which a community has sprung up and built a replacement firmware allowing so much more. Imagine a swarm of EV3-powered robots. The kit is pricey, but it’s good for most ages and might inspire the next generation of robotics engineers. $349.95 at Amazon
This post contains affiliate links. If you click on a link, I may earn a small commission at no cost to you.