Embedded devices are increasingly affordable and widely deployed in safety-critical and commercial domains. Yet, they remain vulnerable to firmware-level attacks. ARM Cortex-M microcontrollers dominate resource-constrained systems and are commonly deployed with firmware leveraging real-time operating systems (RTOSs) distributed in a monolithic binary image. Most security-critical vulnerabilities reside in application code, making the identification of such application entry points a prerequisite for meaningful analysis. This process is, however, particularly challenging for RTOS firmware images, which lack debug symbols and clear separation between system and application code. To address this challenge, we perform a systematic study of RTOS frameworks and analyze their initialization mechanisms. Based on our study, we design and implement Hestia, a novel analysis tool that enables fully automated identification of application entry points RTOS firmware without requiring any system knowledge. We evaluate Hestia on a datasets of 51 firmware images, demonstrating its effectiveness across a diverse set of firmware images deploying popular RTOSs.