How to Bring HID Attacks to the Next Level

Download Slides

Video coming soon.

Since the first public appearance of HID Attacks, many awesome researches, tools and devices have been released.

However, Offensive Security folks were always seeking cheap and dedicated hardware that could be controlled remotely (i.e. over WiFi or BT). And this is how WHID Injector and P4wnP1 were born.

WHID stands for WiFi HID injector, it is an USB Rubberducky on steroids, designed to fulfill Pentesters needs during their engagements. It can be easily controlled over the WiFi network and can potentially bypass air-gapped environments.

P4wnP1 is a tool based on RaspberryPi Zero W and it is a Bashbunny on Steroids. It has many cool features like Win10 Lockpicker, HID backdoor (which bypasses air-gapped environments as well), a call-home feature, etc.

During the talk we will see in depth how WHID was designed and which software it supports. We will also compare its features against P4wnP1’s ones. And (Murphy permitting) You will see them in action!

About the Speaker