Sorry I’ve been MIA lately; I’ve been traveling quite a bit for some R&R, and I recently attended DefCon! In case you’re unfamiliar, here’s a TLDR: DefCon is a conference for those in the cybersecurity field or anyone interested in it. Check out my post: The Cybersecurity Industry: That’s Not the Mainframe for a little bit more information. Researchers, white hat hackers, analysts, and engineers gather to listen to various talks, participate in ‘Capture the Flag’ tournaments, and for an extra fee, engage in official training.

When I wasn’t waiting in line to get into a demo, I was lining up for merchandise. This particular year was probably the largest DefCon attendance yet, and everyone was eager to get their hands on this year’s gadgets. And that’s what I’m going to talk about: hacker toys—gadgets that make cybersecurity fun.

One particularly fascinating device available for purchase either on their website or at the merchandise line is the WiFi Pineapple. It resembles an extra fancy Wi-Fi router, but when configured correctly, this device can mimic legitimate Wi-Fi networks that unsuspecting victims might log into. Once they do, the attacker can intercept everything connected to the pineapple: network traffic, machine details, even passwords. My neighbor next door has a habit of playing video games online very late at night. When my windows are open, I can hear him screaming into his lousy headset until 1 AM. While I’m pretending to be asleep, I’m daydreaming about all the havoc I could wreak on his connection with that Pineapple. However, I don’t endorse black hat hacking in most cases, regardless of how tempting it might be.

Another intriguing device is the USB Rubber Ducky. It’s a little bigger that a standard USB thumb drive, but with the right commands, it can install backdoors, send device data to a remote server, or even infect a machine with bloatware in seconds. All you have to do is plug this into a computer’s USB port, and this tool can execute hundreds of keystrokes per second and cause as much damage as one can imagine. Wipe the hard drive? Piece of cake. Send banking info to an unknown email address? Why not?

Lastly, the hottest tool this year is the Flipper Zero. When used properly, it can serve as a fun way to learn about radio frequencies and hardware penetration testing. However, if used maliciously, it could lead to a nice little breaking and entering charge. This device can emulate office badge identification cards, open garage gates, and even clone a hotel keycard (again, with malicious intent).

Unrelenting curiosity is a trait the majority of hackers need to cultivate throughout their lifetime, which is why all these products come sugarcoated with the potential good they can do for the field. These devices are designed to teach cybersecurity professionals to identify weaknesses in their specific internet landscape, but don’t assume that using them for nefarious purposes hasn’t crossed their minds. To provide some reassurance, the likelihood of my neighbor being “hacked” by one of these devices is slim to none, but I can’t guarantee there won’t be a phishing attempt.