Exploitation is a given. Unwanted parties will gain access eventually whether it is through technical, physical, or social means. The only other certainty is they will continue to come up with new ways to innovate. They have to blend in to succeed so how do they balance those two competing influences? More than just the inconvenience, at worst, of taking over simple I/IOT or the creepiness of your home webcam. We will begin by analyzing the attacks that have happened and how they worked. Then, we will build our own. I will walk through how an attacker doesn’t just attack you, but can easily build a mass attack campaign to take over thousands. Once they do, I show how instead of that inconvenience, they can laterally take over the house and hop to steal interesting things like embarrassing photos, social security numbers, bank account information, intellectual property, and tax returns for profit. If you cannot keep them out what can you do? For starters, let’s understand how they communicate including some unique ideas for protocols (Google Suite) and infrastructure (traditional smokescreen for non-attribution to re-purposing I/IoT devices). This is the attacker’s vulnerability: They have to use your connectivity. Finding them on endpoints is fairly difficult because they have numerous ways to evade. But, on the wire… the options are limited to just blending in. This talk is aimed to provide something to both offense and defense. For offense, demonstration of basic (orientation of concepts) to novel approaches for traffic protocols and infrastructure. For defense, awareness of traffic patterns along with protocol analysis with experiential detail (wireshark) helps them learn to fish (