This document discusses the pentester's approach to assessing the security of an IoT device. It outlines various attack surfaces at the hardware, software, and communication levels. The pentester's process involves understanding the device architecture, extracting and analyzing the firmware to obtain sensitive information like passwords, getting into the device's network, analyzing its communication protocol, duplicating requests to control the device remotely. Specific hardware hacking techniques are described like identifying communication points to dump the firmware directly from memory chips or by desoldering and reading the chip's contents.