Zero Day Logs cover art

Zero Day Logs

Zero Day Logs

Written by: ZDL
Listen for free

About this listen

Welcome to Zero Day Logs, the podcast that dissects the most consequential cybersecurity breaches of our time. We go beyond the headlines to reconstruct exactly how the world's most heavily defended networks are actually dismantled—focusing not just on the technical exploits, but the structural flaws, human errors, and critical executive decisions that determine who survives and who pays.


From billion-dollar hospitality empires brought to a standstill by a single, well-researched phone call to an IT help desk , to global identity gatekeepers compromised by contractor laptops and standard diagnostic files, each episode maps the attack path step-by-step. We break down the underlying enterprise architecture—explaining concepts like multi-factor authentication, federated identity, and zero-trust frameworks—so you understand the mechanics of the collapse.


Whether you are a security professional defending a network, or simply someone trying to understand how the digital infrastructure we all depend on actually fails, Zero Day Logs provides the unvarnished autopsy. We explore the uncomfortable reality of modern digital defense: that the weakest link is rarely a piece of software, but the human processes and vendor relationships where trust is extended and verification is skipped.


Find full technical breakdowns, attack timelines, and defensive configurations for every episode at zerodaylogs.com.

© 2026 Zero Day Logs Economics Management Management & Leadership True Crime
Episodes
  • The Support Ticket That Opened Every Door

    The Support Ticket That Opened Every Door
    Apr 28 2026

    In 2022, a teenager posted screenshots from inside the company that controls the login page for 18,000 organisations — not by breaking through a firewall, but through a contractor's compromised laptop. Twenty months later, it happened again. This time through a diagnostic file uploaded to a support ticket.

    This is the full story of both Okta breaches — how a contractor's laptop, a credential saved to a personal Google account via Chrome's password sync, and a file format most people have never heard of gave attackers a window into Cloudflare, 1Password, BeyondTrust, and thousands of others. And how one company was told something was wrong — and stayed silent for 18 days.

    Zero Day Logs is an investigative audio documentary built entirely from the public record: official security advisories, customer post-incident reports, court documents, and verified forensic findings. Every breach. One episode. Real consequences.

    Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.

    ____________________________

    CHAPTERS

    00:00 Cold Open — Screenshots on Telegram
    03:52 The Invisible Gatekeeper
    06:07 Lapsus$ — Not a Nation State
    07:52 What Actually Happened in 2022
    08:03 How Authentication Actually Works
    11:43 The Contractor's Laptop
    19:53 Twenty Months Later
    23:13 The 2023 Breach
    24:17 The HAR File — A Flight Data Recorder
    25:03 Session Cookies and Stolen Wristbands
    27:55 The November 29th Disclosure
    30:03 Cloudflare, 1Password, BeyondTrust
    34:15 The Supply Chain Problem
    36:38 Zero Trust and Assume Breach
    40:31 Eighteen Days of Silence
    41:43 The Three Missing Controls
    43:23 The Credential That Left the Building
    47:06 What Changed After
    48:20 The Chain of Trust
    53:09 Outro
    53:35 Next: SolarWinds

    ____________________________

    SOURCES & FURTHER READING

    - Okta Security Advisory — October 2023
    - Okta Expanded Disclosure — November 29, 2023
    - Okta Security Advisory — March 2022
    - Cloudflare blog: "How Cloudflare mitigated yet another Okta compromise"
    - 1Password Security Incident Report (2023)
    - BeyondTrust Incident Disclosure (2023)
    - CISA Identity Security Guidance
    - Lapsus$ public reporting / Arion Kurtaj UK conviction (2023)
    Show More Show Less
    55 mins
  • How One Phone Call Cost MGM $100 Million

    How One Phone Call Cost MGM $100 Million
    Apr 21 2026

    In September 2023, one of the largest casino and hospitality companies on Earth was brought to a standstill — not by malware, not by a state-sponsored strike, but by a single phone call to an IT help desk.

    This is the full story of how Scattered Spider exploited the gap between trust and verification — from a LinkedIn search to a rogue Identity Provider inside MGM's Azure AD tenant — and how a $100M containment decision brought the casino floor dark.

    Zero Day Logs is an investigative audio documentary built entirely from the public record: SEC filings, court documents, government advisories, and verified forensic findings. Every breach. One episode. Real consequences.

    Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    CHAPTERS

    00:00 Cold Open — Las Vegas Goes Dark

    00:19 The Casino Floor Stops

    01:38 The Help Desk: Where It All Started

    03:42 OSINT — They Opened LinkedIn

    04:43 Vishing: The Phone Call

    05:47 Inside Okta — The MFA Reset

    06:12 How Multi-Factor Authentication Works

    09:49 Lateral Movement — Mapping the Network

    11:53 Federated Identity Explained

    16:10 SAML Assertion Forgery

    18:25 The ESXi Architecture

    20:08 MGM Pulls the Plug

    20:48 What One MFA Reset Actually Cost

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    SOURCES & FURTHER READING

    • Okta Security Advisory (2023)
    • CISA Advisory AA23-320A
    • MGM SEC 8-K filing, September 2023
    • Microsoft DART case study
    Show More Show Less
    39 mins
No reviews yet