Six Xmas Gifts for the Pentester in your Life

Some of my best friends are ethical hackers.

With the holidays approaching, these special people in my life will need special presents. Whether they are bounty hunting, pentesting as a part of a consulting project, doing security research to advance the field or working on a Red Team, they will want tools and information to make their life easier in the new year.

Pick one of the Xmas gifts from the list below, and you will be sure to make your Pentester smile. There are options for every budget, so let’s go shopping!

SteelCentral Packet Analyzer Personal Edition

https://www.cdw.com/product/steelcentral-packet-analyzer-personal-edition-license-1-user/2325318
Estimated Cost: $645

SteelCentral Packet Analyzer PE from Riverbed is a Wireshark on steroids with visually rich, graphical display and long-duration traffic analysis.

Your Pentester will quickly sift through terabytes of packet data to identify the source of network anomalies and application performance issues, as well as troubleshoot 802.11 wireless networks. The other neat feature is the ability to visualize long-duration traffic statistics by moving back in time through large datasets. The tool is fully compatible with Wireshark’s capture and display filters and prodigious dissector library for deep packet analysis.

License for Wallarm FAST

https://fast.wallarm.com/signup
Estimated Cost: $69/mo

This automated test generator and multiplier will make your hacker’s life a lot easier. It automatically generates and runs security tests for XSS, Path Traversal, SQLi, RCE and other OWASP Top 10 vulnerabilities and also generates tests with new payloads based on strategically applied fuzzing. They can also define and detect anomalies in addition to vulnerabilities with custom detection parameters. The tool deploys anywhere as a Docker container.

Subscription to PenTest magazine

https://pentestmag.com/levels-page/
Estimated Cost: $330

PenTesting magazine comes out every month with contributed articles on advanced pen testing techniques and interesting technologies. For example, in the July issue, your hacker will find the content on hacking with Python. Advanced Persistent Threat, Fuzzing, Automation, and Cryptography. The publication also offers online classes.

WiFi Pineapple and SDR

https://www.amazon.com/HackRF-Software-Defined-ANT500-Antenna/dp/B01H3T2U7G?ref_=fsclp_pl_dp_3
Estimated Cost: $314

It’s not all about software. HackRF One Software Defined Radio (SDR) & ANT500 Antenna Hardware Bundle has some interesting features to help sniff the network traffic:

1 MHz to 6 GHz operating frequency Half-duplex transceiver. Up to 20 million samples per second. USB powered
Includes male SMA ANT500 antenna, SMA female antenna connector & SMA female clock input and output for synchronization
Compatible with GNU Radio, SDR#, and more
Software-configurable RX and TX gain and baseband filter Software-controlled antenna port power (50 mA at 3.3 V)

GET LOOT Hacker Card Game

https://shop.hak5.org/products/get-loot —
Estimated cost: $13

For lighter weight budgets, you can get him or her GET LOOT, which is a 3–5 player competitive hacking game where the goal is to exfiltrate (steal) loot while sabotaging your rivals with strategic crypto-locks and Hak5 themed cyber attacks!

Hak5 website also has a great selection of variously priced items your Pentester will love from a selection of WiFi gear to a set of field guides for everything including Includes field guides WiFi Pineapple, USB Rubber Ducky, LAN Turtle, Bash Bunny and Packet Squirrel.

Subscription to vulners.com security advisor feed

https://vulners.com/search?query=type:*
Estimated cost: FREE

If you’re really stingy, you can always get your Pentester a card and a gift of knowledge. Subscription to vulners.com feed will send them news about new vulnerabilities as soon as they appear. They will always be the first to know when hackers come with fresh exploits

Happy holidays to all and if you are a white hat hacker and you know what you want for Christmas, add it in the comments!