With billions of IoT and OT devices powering manufacturing and industrial operations today, the xTended Internet of Things (xIoT) now surpasses traditional endpoints by an order of magnitude. Despite their critical roles, many of these IoT and OT Cyber-Physical Systems (CPS) remain overlooked and unsecured—operating with default or weak credentials, outdated firmware, insecure configurations, and an end-of-life state. This creates a vast and vulnerable attack surface that threat actors increasingly target to disrupt operations, exfiltrate data, or stage sophisticated ransomware attacks. The session will also delve into the anatomy of OT and OT-adjacent IoT cyberattacks, detailing how attackers exploit these devices to achieve malicious goals. A live hacking demonstration will showcase the methods used to compromise common, yet mission-critical, devices — emphasizing the importance of proactive security measures to disappoint bad actors. Attendees will leave with a deeper understanding of the scope and state of this attack surface, the critical role IoT and OT security plays in protecting the modern industrial landscape, and actionable steps that can be taken to strengthen their xIoT security posture.