Live hacking demos and a tabletop exercise show how quickly attackers can compromise school systems

Presenters at Virginia CyberCon staged multiple live demonstrations to show how quickly attackers can gain access to school systems and how tabletop practice can surface operational gaps.

A physical‑security demonstration used a $200 radio tool (a “flipper”) to clone school access cards in seconds, raising concerns about badge handling and physical‑access controls. Organizers also showed an "OMG" cable — a malicious USB cable that emulates a keyboard and can execute commands when plugged into a computer — and warned attendees not to plug unknown cords into District hardware.

A live hacking skit then demonstrated how a malicious USB cable or flash drive can deliver a payload that creates a reverse shell on a targeted machine; presenters stressed the value of layered defenses and tested, offline backups to mitigate such incidents.

A student demonstration by Connor Alley, a Louisa County High School senior, showed how freely available tools such as the Social Engineering Toolkit can be used to create a credential‑harvesting phishing page. Alley told the room that in the demo he was able to go "from having nothing for a campaign to credentials" in about five minutes.

Black Hills Information Security led a full‑room tabletop using Backdoors and Breaches, a card‑based tabletop tool. Jason Blanchard of Black Hills explained how scenarios are crafted, and volunteers from the room practiced detecting attacks, assigning roles, and deciding whether to isolate systems or contact vendors and law enforcement. Organizers emphasized that tabletops should be collaborative, not accusatory, and that teams should document decisions, identify single points of failure, and convert tabletop findings into one manageable action item at a time.