THREAT OPS › Threat News › Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound
Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound
<p class="wp-block-paragraph"><em><strong>TL;DR</strong>: TailscaleHound is an <a href="https://specterops.io/opengraph/">OpenGraph</a> collector for BloodHound that maps Tailscale users, devices, groups, tags, ACLs, grants, SSH rules, routes, app connectors, services, keys, invites, webhooks, and hybrid Azure identity relationships. The result is a graph that helps answer practical questions like
MITRE ATT&CK techniques
Indicators of compromise
- https://login.tailscale.com/url
- https://login.tailscale.com/admin/usersurl
- https://tailscale.com/docs/gitopsurl
Original source: https://specterops.io/blog/2026/05/21/tailscalehound/