On Twitter about a month ago @jermainlaforce had an awesome idea of hiding a USB HID device inside a lighter case, using one of those cheap Chinese spycams you can find on ::ebay:: for $5. HID attack tools are nothing new, here’s a video of one I made in 2011 using a Teensy board (edit: youtube account died)
All you need to do is open the top of the case and gut the insides, then replace the hardware with a USB (WHID, Ducky, Digispark, Teensy etc..). I also ended up ordering one because I figured I’d recycle the camera guts for another upcoming red team engagement I have coming up to monitor a dropbox location. The process is fairly simple and straight forward to build this out.
I decided to use a Digispark board because you can also get cheap knockoff ones on ::ebay:: too for like $1.50, I have a bunch of these laying around from various projects and it’s cheap, the whole project cost about $6.50. The camera button ended up broken during shipping so i ended up just ripping it all apart by yanking the USB metal to pull out the guts from the case. (it had a dab of some glue to hold it tight)
Depending on which dev board you used I have some example payloads on my ::github:: to get you started with some attack ideas.