You know how it goes, you’re trying desperately to think of something other than a pair of socks for the professional hacker in your life. Sadly, with their professionally paranoid nature they don’t drop even the slightest hint. They’ve already got enough screens, all the they can eat, and enough legacy floppy disks to . So what do you get them? Raspberry Pis hack an airplane Depending on your budget, here’s a list of some nice cheap options that any cyber security professional can’t get enough of. And of course a few for if you’re feeling a little more generous and want to make their year. Many of the presents listed here can be put to malicious purposes, and may be illegal to own in some areas. Check local laws before acquiring any of them, and remember they should be used for authorised activities only, the last thing you want is to end up on the naughty list with just a lump of coal. Warning: 1. Locks and Lockpicks Either the security pro you know is already into lockpicking for curiosity and sport (known as locksport), or they want to get into it. While there are expensive options, a few and are cheap to pick up, and there are plenty of __ __available. If they’ve already got all the kit, Deviant Ollam’s Practical Lock Picking or Keys to the Kingdom are a good add to the library of anyone interested in the hobby. practice locks set of lockpicks YouTube tutorials And, of course, if they’ve already got everything then no one into their locksport is going to turn down new locks to play with - odd second hand ones are even better in most cases. Note that in a few countries and some states owning lock picking tools without a licence is illegal, so check local laws before grabbing a set just in case. Also, the standing rules of locksport are to never pick a lock you don’t own, and never pick a lock you depend on. Warning: If you’re looking to spend more on your beloved hacker though, the toy of the year is definitely the . With a built in battery and loads of functionality, this is basically an electronic lockpicking set stuffed into a pocket-sized form factor. Whether you’ll be able to get one in time for Christmas is up in the air, but it’s worth a shot as one of the best stocking stuffers out there. Flipper Zero 2. A WiFi Dongle Hear me out here. While a wireless network dongle may not seem like the most exciting thing in the world, it can be tricky to find one which allows , an essential feature if you want to research wireless networks. monitor mode Most built-in wireless cards have monitor mode disabled, whether on a laptop, tablet, or phone, so a USB adapter can be a life saver when trying to capture handshakes for . The traditional budget option for this is the . The problem is, this comes in three different versions so far, with only v1 natively supporting monitor mode and packet injection. cracking TP-LINK TL-WN722N The good news is that if your beloved security professional has access to Kali (they do), they can__ __ v2 and v3 versions to support monitor mode and injection. At under $20, it’s an easy one to stick under the tree. force If you really want to show them you love them and understand their wireless-related desires though, there’s the option of going for the full tactical set from . One of the best-known wireless security tools around, the pineapple is pretty much the industry standard piece of kit for cracking wireless networks, setting up rogue access points, or all other forms of general penetration testing mischief. WiFi Pineapple Hak5 3. Caffeine It’s a stereotype that security people drink a lot of coffee. It’s a stereotype for a reason. While some prefer their caffeine in the form of tea or energy drinks, some good coffee will work for most. I’m picky about my coffee. My basic advice to follow is to avoid instant coffee like the plague, never use decaf. If they have a good coffee machine, or even just a grinder, be sure to buy beans rather than pre-ground. It’s best to see if you have a local independent coffee roastery, or maybe a subscription service. There are plenty of these around, and for anyone who really enjoys coffee trying a variety of different ones is always a nice experience. Then there’s the various accessories. A cheap option that makes some great, low-effort coffee and is nicely portable is to go for a maker. Just add hot water, and let it drip into condensed milk (then pour over ice) for the . Vietnamese drip coffee traditional experience If you really want to spoil them though, the is definitely worth a look. Espresso is available anywhere you can get hot water and ground coffee, and far better than even a good office coffee machine. No power needed, and you can pair it with the to grind on the go. WACACO Picopresso VSSL manual hand grinder 4. Rubber Duck is a tried and tested method, which works just as well for security as for anything else. And, of course, it’s a good budget option. Ducks are even multipurpose since as well as making excellent technical consultants, they can provide bath time companionship. Rubber duck debugging Be warned though, you should coordinate with other gift-buyers, as there is such a thing as too many ducks. https://www.youtube.com/watch?v=uYOmtEcZ1lk?embedable=true If you want to spend a little more (maybe they already have a few hundred ducks and buying more would be cruel) then there’s also the . This has nothing to do with rubber ducks apart from the name, instead it’s a handy USB device from Hak5 which impersonates a keyboard when plugged into a machine and runs a script on command. USB Rubber Ducky USB injection is a surprisingly effective attack when combined with a little social engineering, and for any engagement where you’re physically wandering around an office having a way to quickly snap and send screenshots, or mark machines as compromised, can really come into its own. 5. Hard Drive Eraser There comes a time in every security professional’s life when you really want that data gone. Very gone. Non-recoverable. Completely wiped. But maybe they don’t want to toss it in the incinerator. Well, for the environmentally-conscious data-destroying security pro in your life, the is a definite option. Quick, simple, secure wipe of the hard drive to a point where it’s theoretically non-recoverable. On the upper end of the budget side, but still cheap enough to be a stocking filler. Destruct hard drive eraser Sometimes though a simple hard drive wipe isn’t enough. Sometimes you want sheer destruction for the joy of destruction. It’s not so much about the data, you just want to watch the world burn. If your security professional is on the more nihilistic side of things, then the is a definite option. While it may not wipe data to an unrecoverable state (it might, but no guarantees that you can’t just pull out the hard drive and stick it in another device), it will fry a gadget quite thoroughly. USB Kill https://www.youtube.com/watch?v=I6bRoSK39io?embedable=true Be very aware, incautious use of this device will likely end up with your security professional being very much on the naughty list for next year. The USB Kill is not a prank device, it will break things, badly and permanently. Not a toy. Warning: The takeaway from this, there’s plenty out there for the cyber security professional in your life, so get them something nice this year!