Sign in Subscribe
By Greyline Intelligence

About Us

Greyline Intelligence is an independent threat intelligence and investigative publication focused on Microsoft 365 and identity-based attacks.

We track real world attacker tradecraft across Microsoft 365, Entra ID, OAuth abuse, AiTM phishing, session hijacking, and modern cloud intrusion patterns — and translate it into clear, actionable takeaways for security teams.

Built from real investigations

Greyline Intelligence was created from years of hands-on work in enterprise security operations — including incident response, threat intelligence, detection engineering, and Microsoft 365 security.

The work behind Greyline comes from investigating real compromises, tracking attacker infrastructure, analyzing phishing campaigns, and mapping how intrusions unfold inside cloud-first environments. That experience shapes everything published here: high-signal reporting, evidence-based analysis, and practical recommendations that defenders can actually apply.

What we publish

Greyline Intelligence focuses on the threats that matter most to modern organizations operating in Microsoft cloud environments, including:

  • Incident response and real-world intrusion patterns
  • Microsoft Defender XDR investigations and detection opportunities
  • Microsoft Sentinel analytics, hunting, and KQL-based detections
  • Microsoft Purview, including DLP and Insider Risk Management
  • Threat intelligence, tracking attacker behavior and emerging techniques
  • Phishing tradecraft, including modern MFA bypass and AiTM campaigns
  • Insider threat signals and risk indicators
  • Posture & exposure assessments, identifying misconfigurations and high-risk gaps across Microsoft 365 and identity controls
  • Brand monitoring and domain abuse, including lookalike infrastructure

The Greyline approach

Most modern attacks don’t look like “malware” anymore.

They blend into normal business activity: valid logins, consented apps, session tokens, mailbox rules, cloud API calls, and subtle persistence. Greyline Intelligence exists to help defenders spot that boundary — the grey area between normal and malicious behavior — before it becomes a full compromise.

Who this is for

Greyline Intelligence is built for:

  • SOC analysts and detection engineers
  • Incident responders
  • Microsoft 365 and Entra security administrators
  • Security leaders who need clarity without noise

Stay up to date

New posts are published regularly, with a focus on high-signal reporting, practical detections, and hardening recommendations.

Subscribe to get updates straight to your inbox.

Subscribe to GreylineIntelligence.com

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe