Welcome to the 2020 edition of my Hacker Holiday Gift Guide! This has been a
trying year for all of us, but I sincerely hope you and your family are happy
and healthy as this year comes to an end.
Table of Contents
General Security
ProtonMail Subscription
ProtonMail is a great encrypted mail provider for those with an interest in
privacy or cryptography. They offer gift
cards for
subscriptions to both ProtonMail and ProtonVPN, their VPN service.
Encrypted Flash Drive
I know cloud storage is all the rage, but sometimes you need a local copy.
Sometimes, you even need that local copy to be protected – maybe it’s user
data, maybe it’s financial data, maybe it’s medical data – and hardware
encryption allows you to go from one system to another without needing any
special software. Additionally, it can’t be keylogged or easily compromised
from software. This Datashur Pro is my choice of
encrypted flash drive, but there are a number of options out there.
Cryptographic Security Key
These devices act as a second factor for
authentication,
but some of them can do so much more. The Yubikey 5
can also function as a hardware security token for encryption keys and provide
one-time-password functionality. Keys from Feitian
Technologies
support Bluetooth Low Energy in addition to NFC and USB, allowing them to work
with a variety of devices. If you or your hacker are into open source, the
SoloKey keys are open source hardware implementations
of the specification.
Linux Basics for Hackers
I’ve been using Linux for more than two decades, so I honestly initially just
bought Linux Basics for Hackers because of the
awesome hacker penguin on the cover. If you’re not already familiar with Linux,
but need it to grow your skillset, this is an excellent book with a focus on
the Linux you need to know as an information security professional or hacker.
It has a particular focus on Kali Linux, the Linux distribution popular for
penetration testing, but the lessons are more broadly applicable across
different security domains.
Penetration Testers & Red Teamers
These gifts are for your pentesters, red teamers, and those learning the field.
The Pentester Blueprint
The Pentester Blueprint is a guide to getting
started as a professional penetration tester. It’s not very technical, and it’s
not going to teach your recipient how to “hack”, but it’s great career advice
for those getting started in penetration testing or looking to make a career
transition. It basically just came out, so it’s up-to-date (which is, of
course, a perpetual issue in technical books these days. It’s written in a very
easy-reading style, so is great for those considering the switch to pentesting.
Online Learning Labs
I can recommend several online labs, some of which offer gift cards:
Penetration Testing: A Hands-On Introduction to Hacking
Georgia Weidman’s book, “Penetration Testing: A Hands-On Introduction to
Hacking” is one of the best introductory guides to
penetration testing that I have seen. Even though it’s been a few years since
it was released, it remains high-quality content and a great introductory guide
to the space. Available via Amazon or No Starch
Press. Georgia is a great speaker and teacher
and well-known for her efforts to spread knowledge within the security
community.
WiFi Pineapple Mark VII
The WiFi Pineapple is probably
the best known piece of “hacking hardware”. Now in it’s seventh generation,
it’s used for conducting WiFi security audits, on-site penetration tests, or
even as a remote implant for remote penetration tests. I’ve owned several
versions of the WiFi Pineapple and found that it only gets better with each
generation. Especially with dual radios, it can do things like act as a
client on one radio while providing an access point on the other radio.
The WiFi Pineapple does have a bit of a learning curve, but it’s a great option
for those getting into the field or learning about the various types of WiFi
audits and attacks. The USB ports also allow expansion if you need to add a
capability not already built-in.
PoC || GTFO
PoC||GTFO is an online journal for offensive
security and exploitation. No Starch Press has published a pair of physical
journals in a beautiful biblical style. The content
is very high quality, but they’re also presented in a striking style that would
go well on the bookshelf of even the most discerning hacker. Check out both
Volume I and Volume II,
with Volume III available for pre-order to be
delivered in January.
Hardware Hackers
Tigard
Tigard is a pretty cool
little hardware hacker’s universal interface that I’m super excited about.
Similar to my open source project, TIMEP, it’s a universal
interface for SPI, I2C, JTAG, SWD, UART, and more. It’s great for examining
embedded devices and IoT, and is a really well-thought-out implementation of
such a board. It supports a variety of voltages and options and is even really
well documented on the back of the board so you never have to figure out how to
hook it up. This is great both for those new to hardware hacking as well as
those experienced looking for an addition to the toolkit.
Hardware Hacker: Adventures in Making and Breaking Hardware
Andrew “Bunnie” Huang is a well-known hardware hacker with both experience in
making and breaking hardware, and Hardware Hacker: Adventures in Making and
Breaking Hardware is a great guide to his experiences
in those fields. It’s not a super technical read, but it’s an excellent and
interesting resource on the topics.
RTL-SDR Starter Kit
Software-Defined Radio allows you to examine wireless signals between devices.
This is useful if you want to take a look at how wireless doorbells, toys, and
other devices work. This Nooelec kit is a great
starting SDR, as is this kit from rtl-sdr.com.
The iFixit Pro Tech Toolkit is probably the tool
I use the most during security assessments of IoT/embedded devices. This kit
can get into almost anything, and the driver set in it has bits for almost
anything. It has torx, security torx, hex, Phillips and slotted bits, in
addition to many more esoteric bits. The kit also contains other opening tools
for prying and pulling apart snap-together enclosures and devices. I will
admit, I don’t think I’ve ever used the anti-static wrist strap, even if it
would make sense to do so.
Young Hackers
imagiCharm
imagiCharm by imagiLabs is a small hardware
device that allows young programmers to get their first bite into programming
embedded devices – or even programming in general. While I haven’t tried it
myself, it looks like a great concept, and providing something hands-on looks
like a clear win for encouraging students and helping them find their interest.
Mechanical Puzzles
PuzzleMaster
offers a bunch of really cool mechanical puzzles and games. These include
things like puzzle locks, twisty puzzles, and more. When we’re all stuck
inside, why not give something hands on a try?
Friends and Family of Hackers
Bring a touch of hacking to your friends and family!
Hardware Security Keys
A Security Key is a physical 2 factor security
token that makes web logins much more secure. Users touch the gold disc when
signing in to verify their signin request, so even if a password gets stolen,
the account won’t be stolen. These tokens are supported by sites like Google,
GitHub, Vanguard, Dropbox, GitLab, Facebook, and more.
Unlike text-message based second factor, these tokens are impossible to phish,
can’t be stolen via phone number porting attacks, and don’t depend on your phone
having a charge.
Control-Alt-Hack
Control-Alt-Hack is a hacking-themed card game.
Don’t expect technical accuracy, but it’s a lot of fun to play. Featuring terms
like “Entropy” and “Mission”, it brings the theme of hacking to the whole
family. It’s an interesting take on things, and a really cool concept. If
you’re a fan of independent board/card games and a fan of hacking, this would be
a fun addition to your collection.
VPN Subscription
If your friends or family use open wireless networks (I know, maybe not as much
this year), they should consider using a VPN. I currently use Private Internet
Access when
I need a commercial provider, but I have also used
Ivacy before, as
well as ProtonVPN.
Non-Security Tech
These are tech items that are not specific to the security industry/area. Great
for hackers, friends of hackers, and more.
Raspberry Pi 4
Okay, I probably could’ve put the Raspberry Pi 4
in almost any of these categories because it’s such a versatile tool. It can be
a young hacker’s first Linux computer, it can be a penetration testing
dropbox, it can
be a great tool for hardware hackers, and it can be a project unto itself. The
user can use it to run a home media server, a network-level ad blocker, or just
get familiar with another operating system. While I’ve been a fan of the
Raspberry Pi in various forms for years, the Pi 4 has a quad core processor and
can come with enough memory for some powerful uses. There’s a bunch of
configurations, like:
Keysy
The Keysy is a a small RFID duplicator. While it
can be used for physical penetration testing, it’s also just super convenient if
you have multiple RFID keyfobs you need to deal with (i.e., apartment, work,
garage, etc.). Note that it only handles certain types of RFID cards, but most
of the common standards are available and workable.
Home Automation Learning Kit
This is a really cool kit for learning about home
automation with Arduino. It has sensors and inputs for learning about how home
automation systems work – controlling things with relays, measuring light,
temperature, etc. I love the implementation into a fake laser cut house for the
purpose of learning – it’s really clever, and makes me think it would be great
for anyone into tech and automation. Teens and adults wanting to learn about
Arduino, security practitioners who want to examine how things could go wrong
(could augment this with consumer-grade products) and more.
Boogie Board Writing Tablet
Sometimes you just want to hand write something. While I’m also a fan of Field
Notes Notebooks in my pocket, this Boogie Board
tablet strikes me as a pretty cool option. It allows
the user to write on its surface overlaid over anything of your choice (it’s
transparent) and then capture the written content into iOS or Android. I love
to hand write for brainstorming, some form of note taking, and more. System
diagrams are so much easier in writing than in digital format, even today.
General Offers
This is my attempt to collect special offers for the holiday season that are
relevant to the hacking community. These are all subject to change, but I
believe them correct at the time of writing.
No Starch Press
No Starch Press is possibly the highest quality
tech book publisher. Rather than focusing on quantity of books published, they
only accept books that will be high quality. I own at least a couple of dozen
of their books and they have been consistently well-written and high quality
coverage of the topics. They are currently offering 33.7% off their entire
catalog for Black Friday (through 11/29/20).
Hooligan Keys
Hooligan Keys offering 10% off from Thanksgiving
to Christmas with offer code
HAPPYDAY2020.
