Not easy to do a TL;DR for a list like this, but to speed through for those impatient you're looking at lockpicking kit, a WiFi dongle, coffee, a rubber duck, and a hard drive eraser for budget options. For the luxury ones, Flipper Zero, WiFi Pineapple, handheld manual coffee machine, the USB rubber ducky, and a USB stick that will burn out circuitry when plugged in.
You know how it goes, you’re trying desperately to think of something other than a pair of socks for the professional hacker in your life. Sadly, with their professionally paranoid nature they don’t drop even the slightest hint. They’ve already got enough screens, all the Raspberry Pis they can eat, and enough legacy floppy disks to hack an airplane. So what do you get them?
Depending on your budget, here’s a list of some nice cheap options that any cyber security professional can’t get enough of. And of course a few for if you’re feeling a little more generous and want to make their year.
Warning: Many of the presents listed here can be put to malicious purposes, and may be illegal to own in some areas. Check local laws before acquiring any of them, and remember they should be used for authorised activities only, the last thing you want is to end up on the naughty list with just a lump of coal.
1. Locks and Lockpicks
Either the security pro you know is already into lockpicking for curiosity and sport (known as locksport), or they want to get into it. While there are expensive options, a few and are cheap to pick up, and there are plenty of ____available. If they’ve already got all the kit, Deviant Ollam’s Practical Lock Picking or Keys to the Kingdom are a good add to the library of anyone interested in the hobby.
And, of course, if they’ve already got everything then no one into their locksport is going to turn down new locks to play with - odd second hand ones are even better in most cases.
Warning: Note that in a few countries and some states owning lock picking tools without a licence is illegal, so check local laws before grabbing a set just in case. Also, the standing rules of locksport are to never pick a lock you don’t own, and never pick a lock you depend on.
If you’re looking to spend more on your beloved hacker though, the toy of the year is definitely the Flipper Zero. With a built in battery and loads of functionality, this is basically an electronic lockpicking set stuffed into a pocket-sized form factor. Whether you’ll be able to get one in time for Christmas is up in the air, but it’s worth a shot as one of the best stocking stuffers out there.
2. A WiFi Dongle
Hear me out here. While a wireless network dongle may not seem like the most exciting thing in the world, it can be tricky to find one which allows monitor mode, an essential feature if you want to research wireless networks.
Most built-in wireless cards have monitor mode disabled, whether on a laptop, tablet, or phone, so a USB adapter can be a life saver when trying to capture handshakes for cracking. The traditional budget option for this is the . The problem is, this comes in three different versions so far, with only v1 natively supporting monitor mode and packet injection.
The good news is that if your beloved security professional has access to Kali (they do), they can____ v2 and v3 versions to support monitor mode and injection. At under $20, it’s an easy one to stick under the tree.
If you really want to show them you love them and understand their wireless-related desires though, there’s the option of going for the full tactical set from . One of the best-known wireless security tools around, the pineapple is pretty much the industry standard piece of kit for cracking wireless networks, setting up rogue access points, or all other forms of general penetration testing mischief.
3. Caffeine
It’s a stereotype that security people drink a lot of coffee.
It’s a stereotype for a reason. While some prefer their caffeine in the form of tea or energy drinks, some good coffee will work for most.
I’m picky about my coffee. My basic advice to follow is to avoid instant coffee like the plague, never use decaf. If they have a good coffee machine, or even just a grinder, be sure to buy beans rather than pre-ground.
It’s best to see if you have a local independent coffee roastery, or maybe a subscription service. There are plenty of these around, and for anyone who really enjoys coffee trying a variety of different ones is always a nice experience.
Then there’s the various accessories. A cheap option that makes some great, low-effort coffee and is nicely portable is to go for a maker. Just add hot water, and let it drip into condensed milk (then pour over ice) for the .
If you really want to spoil them though, the is definitely worth a look. Espresso is available anywhere you can get hot water and ground coffee, and far better than even a good office coffee machine. No power needed, and you can pair it with the to grind on the go.
4. Rubber Duck
is a tried and tested method, which works just as well for security as for anything else. And, of course, it’s a good budget option. Ducks are even multipurpose since as well as making excellent technical consultants, they can provide bath time companionship.
Be warned though, you should coordinate with other gift-buyers, as there is such a thing as too many ducks.
If you want to spend a little more (maybe they already have a few hundred ducks and buying more would be cruel) then there’s also the . This has nothing to do with rubber ducks apart from the name, instead it’s a handy USB device from Hak5 which impersonates a keyboard when plugged into a machine and runs a script on command.
USB injection is a surprisingly effective attack when combined with a little social engineering, and for any engagement where you’re physically wandering around an office having a way to quickly snap and send screenshots, or mark machines as compromised, can really come into its own.
5. Hard Drive Eraser
There comes a time in every security professional’s life when you really want that data gone. Very gone. Non-recoverable. Completely wiped.
But maybe they don’t want to toss it in the incinerator.
Well, for the environmentally-conscious data-destroying security pro in your life, the is a definite option. Quick, simple, secure wipe of the hard drive to a point where it’s theoretically non-recoverable. On the upper end of the budget side, but still cheap enough to be a stocking filler.
Sometimes though a simple hard drive wipe isn’t enough. Sometimes you want sheer destruction for the joy of destruction. It’s not so much about the data, you just want to watch the world burn.
If your security professional is on the more nihilistic side of things, then the is a definite option. While it may not wipe data to an unrecoverable state (it might, but no guarantees that you can’t just pull out the hard drive and stick it in another device), it will fry a gadget quite thoroughly.
Warning: Be very aware, incautious use of this device will likely end up with your security professional being very much on the naughty list for next year. The USB Kill is not a prank device, it will break things, badly and permanently. Not a toy.
The takeaway from this, there’s plenty out there for the cyber security professional in your life, so get them something nice this year!