A Pi Zero W in USB gadget mode looks like a keyboard to Windows — no driver prompt, no warning, it just starts typing. From there you can run anything a user could run, just faster and without them touching the keyboard. I wanted to get hands-on with this because physical attack vectors don’t get talked about enough, and knowing how the attack works is the first step to knowing how to stop it.
Configured in USB gadget mode to emulate a HID keyboard. Connects over USB and is recognized instantly by Windows with no driver install.
Scripted keystrokes execute a payload on the target the moment the device is plugged in — no user interaction beyond the physical plug.
Testing RAT injection, credential harvesting via PowerShell, and malware drop scenarios against Windows 11 targets in a controlled lab environment.
Most common OS in corporate environments. Understanding how it handles HID input and where defenses can be bypassed is the whole point.