JTAG is an IEEE standard for testing and debugging electronic circuits. In general, this standard allows serial test instructions and test data to be passed through the input ports. After execution of test instructions, the corresponding serial output can be shifted out. Due to this powerful low level hardware access, JTAG has been explored in literature for performing cyber attacks on devices. On the other hand, its potential has also been realized to defend against attacks at the lowest level. In this paper, we explore JTAG as a tool on both ends of the spectrum.