The JTAG interface, while originally designed for engineers performing low-level system testing, is also widely abused by reverse-engineers and malicious threat actors in order to compromise the security of embedded or “IoT” devices. In this paper, we take the attacker’s perspective and explore the JTAG interface from the ground up.