Embedded systems are pervasive in our lives. They run millions of systems that hide behind functions we take for granted. ATM networks, biomedical devices, automotive telematics systems, and even ourcritical infrastructure rely on embedded systems. Often, there is a perception that you need to be a hardware ninja before you explore the security of embedded systems. I'm going to explore a software only methodology focused on the firmware layer of embedded systems. We will show ways to get embedded device firmware, and what to do with it once you have it. There are common classes of bugs that are clear as day from even simple firmware analysis, and we will look at a few.