Research & Incident Response

BreachLens Blog

Practical, forensic-grade guidance on Business Email Compromise, Microsoft 365 account takeover, and what to do when you've been breached.

Emergency Response
Your Microsoft 365 Account Was Hacked: A Step-by-Step Response Guide
If you think a Microsoft 365 mailbox has been compromised, the first hour matters. Here is exactly what to do — in order — to contain, investigate, and recover.
May 25, 2026 · 9 min read
Forensics
How to Investigate a Compromised Mailbox in Microsoft 365
Which logs to pull, how to scope what the attacker accessed, and how to turn raw M365 events into a defensible forensic timeline.
May 25, 2026 · 11 min read
Incident Response
Business Email Compromise Incident Response Checklist for IT Teams
A repeatable, phase-by-phase checklist your team can follow the moment a Microsoft 365 mailbox compromise is suspected.
May 25, 2026 · 8 min read
Threat Intelligence
AiTM Phishing Explained: How Attackers Bypass Your MFA
MFA is necessary but no longer sufficient. Here's how adversary-in-the-middle phishing defeats it by stealing session tokens — and what actually stops it.
May 25, 2026 · 7 min read