This talk will provide an overview of the internet of things (IoT) distributed denial of service (DDoS) landscape. The number of known vulnerable devices continues to grow and, with it, a potential platform for malicious activity is also expanding. At the end of October 2016, Dyn was the target of a DDoS attack fueled by compromised devices distributed around the world. By November, bot herders were already seeking new devices populations via TR-064 & TR-069 protocol vulnerabilities. In December, the Java API for Remote Method Invocation (RMI) was added to the mix. Vulnerabilities and devices, details aside, are the “how” and “what” of the threat surface and are changing quickly. The goal of this talk is to provide both a comprehensive mental model for IoT botnets, as well as share some insight into recent adaptations to network threat models.