We’ve all seen a lot of hype about malicious hardware and hardware implants this year. Not much came of it–except that now everyone wants to know if they might be affected or whether they have a chance to see a unicorn. I show my own process for finding unexpected features in hardware with little more than my soldering iron, discuss the use of some more advanced tools, and show what I’m looking for. Then, I’ll lay out my working general threat model for hardware security and conclude that scrappy, observant hackers can make life difficult for even advanced threat actors in this space.