On Twitter about a month ago @jermainlaforce had an awesome idea of hiding a USB HID device inside a lighter case, using one of those cheap Chinese spycams you can find on ::ebay:: for $5. HID attack tools are nothing new, here’s a video of one I made in 2011 using a Teensy board (edit: youtube account died)
All you need to do is open the top of the case and gut the insides, then replace the hardware with a USB (WHID, Ducky, Digispark, Teensy etc..). I also ended up ordering one because I figured I’d recycle the camera guts for another upcoming red team engagement I have coming up to monitor a dropbox location. The process is fairly simple and straight forward to build this out.
I decided to use a Digispark board because you can also get cheap knockoff ones on ::ebay:: too for like $1.50, I have a bunch of these laying around from various projects and it’s cheap, the whole project cost about $6.50. The camera button ended up broken during shipping so i ended up just ripping it all apart by yanking the USB metal to pull out the guts from the case. (it had a dab of some glue to hold it tight)
I then de-soldered the USB connector from the camera board to reuse on the Digispark board since it has one of those on-board USB connectors
I then soldered it to the Digispark going 1to1 with the pins to the board
Replaced the top portion that holds it to the case, and added some hotglue to keep it from wiggling around inside
Slide everything back together and you’re golden.
Depending on which dev board you used I have some example payloads on my ::github:: to get you started with some attack ideas.