Smart buildings blur the line between IT and physical infrastructure, connecting HVAC, lighting, access control, elevators, cameras, and more under a single "brain" called a Building Automation System (BAS). Drawing on real engagements against Canadian smart building deployments, this talk guides you through a red teaming exercise that uncovers both digital and physical attack paths. You'll see how attackers gather intel, probe entry points, exploit insecure IoT protocols, and seize control of critical systems. We'll examine live scans, protocol abuse and real world video demos. Finally, we will flip to defense mode, offering a practical blue team playbook. Attendees will leave with an actionable framework rooted in Canadian field experience, for both offensive engagements and OT focused defenses.