Zero Day Logs podcast artwork

PODCAST · technology

Zero Day Logs

Welcome to Zero Day Logs, the podcast that dissects the most consequential cybersecurity breaches of our time. We go beyond the headlines to reconstruct exactly how the world's most heavily defended networks are actually dismantled—focusing not just on the technical exploits, but the structural flaws, human errors, and critical executive decisions that determine who survives and who pays.From billion-dollar hospitality empires brought to a standstill by a single, well-researched phone call to an IT help desk , to global identity gatekeepers compromised by contractor laptops and standard diagnostic files, each episode maps the attack path step-by-step. We break down the underlying enterprise architecture—explaining concepts like multi-factor authentication, federated identity, and zero-trust frameworks—so you understand the mechanics of the collapse.Whether you are a security professional defending a network, or simply someone trying to unde

  1. 1

    How Uber Hid a Breach of 57 Million People

    On November 14, 2016, two hackers told Uber they had the personal records of57 million users and drivers. What Uber did next wasn't a breach response — itwas a cover-up: a $100,000 payment disguised as a bug-bounty reward, false NDAs,and a year of silence while a binding FTC order required disclosure. The breachitself was fixable. The concealment became the first criminal conviction of achief security officer.(0:00) The hackers make contact(0:40) The break-in: reused passwords to 57M records(6:45) Disguising the ransom as a bug bounty(10:40) The FTC order that made silence a crime(13:27) The first criminal conviction of a CSO(17:05) The four controls that were missingFree one-page technical breakdown (timeline, attack path, the four missingcontrols): https://zerodaylogs.comSources: U.S. FTC enforcement action and expanded consent decree; New YorkAttorney General settlement; U.S. DOJ charging documents and trial record,United States v. Sullivan; U.S. SEC filings.Zero Day Logs — the real anatomy of security breaches. Measured, sourced,no hype. https://zerodaylogs.com

  2. 0

    Yahoo: 3 Billion Accounts, Four Years Hidden

    Three billion user accounts. Two separate breaches. Four FSB-directed operatives. And nearly two years of silence between what Yahoo's security team knew and what the public was told.This episode traces the full operation from the spear phishing campaign that opened the door, through the forged authentication cookies that bypassed every login screen, to the SEC enforcement action that established a new category of regulatory risk: the failure to disclose a known breach.Chapters:0:00 — 3 Billion1:47 — The Spear Phishing Campaign3:26 — Inside Yahoo's Network5:39 — The Stolen Database7:28 — The Account Management Tool9:14 — The Hybrid Model: State + Criminal11:03 — The Silence13:23 — The Disclosures15:23 — The SEC Enforcement17:14 — The Indictment17:58 — Aftermath18:20 — The PatternSources: DOJ indictment (United States v. Dokuchaev et al.), SEC enforcement order (Altaba Inc.), Yahoo SEC filings, Verizon acquisition disclosures.Full technical breakdown and free PDF summary at zerodaylogs.com.

  3. -1

    Colonial Pipeline: From Legacy VPN to Bitcoin Seizure — The Complete Breakdown

    One leaked password. No multi-factor authentication. Nine days undetected.In May 2021, a compromised VPN credential — found on the dark web, tied to a former employee's account, protected by nothing more than a single password — gave DarkSide ransomware operators access to Colonial Pipeline's IT network. What followed: 100 gigabytes of stolen data, encrypted systems, a $4.4 million Bitcoin ransom, a six-day shutdown of 5,500 miles of fuel infrastructure, and a DOJ operation that clawed back 63.7 of the 75 Bitcoin using a method that remains partially redacted from the public record.This episode traces the complete chain: the entry vector, the nine-day dwell time, the franchise model behind DarkSide, the IT/OT boundary decision that shut down physically intact infrastructure, the ransom payment calculus, and the regulatory reckoning that followed.Primary sources: Senate testimony, CISA advisory, FBI seizure affidavit, GAO report.Free PDF breakdown: https://zerodaylogs.com00:00 — The Escalation01:30 — Introduction01:35 — What Is a VPN?02:39 — The Forgotten Door03:34 — One Password, No Second Factor04:40 — DarkSide: Ransomware-as-a-Service05:39 — Anatomy of the Attack07:29 — 100 Gigabytes Out the Door08:34 — Two Buildings, One Boundary11:12 — Seventy Minutes11:44 — The Shutdown Decision13:08 — The $4.4 Million Question14:02 — The Vault15:10 — The DOJ Strikes Back15:54 — Three Missing Controls17:55 — Eleven Years Without an Update18:21 — The Aftermath

  4. -2

    Target — Certified Compliant, Breached Eight Weeks Later

    On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores.This episode traces the full attack path — from a stolen HVAC contractor password to 40 million compromised payment cards — and examines why every control that could have stopped the breach already existed in published security guidance years before it happened.We cover: the Fazio Mechanical entry point, the network segmentation gap, how BlackPOS exploited the moment card data exists as plaintext in RAM, why FireEye's alerts went unacknowledged for 12 days, the exfiltration architecture that moved stolen data through three countries during peak shopping hours, and the compliance paradox at the center of it all.Full technical breakdown: zerodaylogs.comPrimary sources: U.S. Senate Commerce Committee "Kill Chain" analysis, Target SEC filings, multistate AG settlement, NIST and PCI-DSS standards.

  5. -3

    How Equifax Lost 147 Million Social Security Numbers

    A critical vulnerability was disclosed. A patch was released the same day. Equifax was warned directly. The patch was never applied. Two months later, attackers walked through the door — and spent seventy-six days inside a system holding 147 million Social Security numbers. Episode 5 covers the full 2017 Equifax breach — the Apache Struts vulnerability, the scanner that missed, the certificate that was blind for over a year, the breach response that made everything worse, and the PLA indictment that revealed what the stolen data was really for. 0:00 — Introduction0:42 — What Is Equifax1:17 — The Data You Never Chose to Give1:42 — Growth vs. Security2:05 — ACIS: A 1970s System on the Public Internet2:25 — CVE-2017-5638: The OGNL Injection4:19 — The Missed Scan5:37 — The Honour System6:16 — CEO vs. Committee6:37 — May 13th: The Door Opens7:13 — No Walls: Lateral Movement8:20 — The Harvest: 147 Million Records9:31 — The Expired Certificate10:45 — Found by Accident11:09 — The Response Timeline12:35 — The Response That Made Everything Worse13:52 — Insider Trading14:28 — Executive Departures14:52 — The Settlement15:34 — PLA Attribution16:23 — The Intelligence Mosaic17:05 — Entirely Preventable17:47 — ClosingFull technical breakdown: zerodaylogs.com

  6. -4

    The Twitter/X Breach — July 2020

    On July 15, 2020, the verified Twitter accounts of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Apple, and Uber were hijacked simultaneously. Every account posted the same Bitcoin scam. The attacker was a 17-year-old in Tampa, Florida.This episode reconstructs how a series of phone calls defeated Twitter's multi-factor authentication through a real-time credential relay, how a single admin tool called Agent Tools gave unrestricted access to every account on the platform, and how the attack escalated from stealing OG usernames to hijacking the accounts of world leaders. The New York Department of Financial Services investigated and found five specific security controls that would have prevented the breach — all of which existed, were documented, and were available. None were deployed.Based on the NY DFS Report (October 14, 2020), United States v. Graham Ivan Clark, and Twitter's own incident disclosures. 📄 Free technical breakdown PDF: zerodaylogs.com0:00 — Introduction0:50 — The Phone Call2:33 — Real-Time Credential Relay3:59 — Why MFA Failed6:04 — Agent Tools: The God Mode Panel7:06 — Inside the Admin System9:23 — Three Phases of the Attack12:22 — The Cascade: World Leaders Hijacked14:34 — Twitter Breaks Its Own Platform17:02 — The Damage Report17:47 — The Deeper Harm: Private Messages19:23 — Tracing the Attackers21:44 — Arrests and Sentencing24:38 — No CISO25:16 — Five Missing Controls28:44 — Why Security Controls Go Undeployed29:01 — Should Platforms Be Stress Tested?30:30 — What Twitter Changed After the Breach31:39 — The Pattern Repeats: MGM 202332:33 — The Question That Remains #cybersecurity #twitter #databreach #infosec #zerodaylogs 

  7. -5

    SolarWinds: The Update That Wasn't

    In the spring of 2020, up to 18,000 organizations installed a software update from a trusted vendor. It was signed. It was verified. Every security check said it was clean. Every one of those checks was correct. What they couldn't verify was what was inside the package before the seal was applied.This is the full story of SUNBURST — how Russia's SVR compromised SolarWinds' build pipeline, turned a routine software update into a backdoor, and spent nine months reading emails inside the U.S. Treasury, the Department of Homeland Security, the State Department, and dozens of Fortune 500 companies. How FireEye discovered it by investigating their own breach, burned their own toolkit to stop it, and exposed one of the largest intelligence operations in history — in a single day.Zero Day Logs is an investigative audio documentary built entirely from the public record: official security advisories, customer post-incident reports, court documents, and verified forensic findings. Every breach. One episode. Real consequences.Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.____________________CHAPTERS00:00 Cold Open — In 2020, They Were Invited00:41 The Routine Update01:14 18,000 Organizations02:07 What Orion Could See03:58 Inside the Treasury05:46 Why Every Security Scan Passed09:16 The Build Pipeline10:10 Code Signing: The Wax Seal11:31 The Printing Press Analogy12:16 Inside the Build Pipeline14:51 Sunburst Activates16:52 The DNS Covert Channel19:36 100 Out of 18,00019:57 Hands-On Access25:54 Nine Months of Access28:03 FireEye's Response28:44 Pulling the Thread29:53 December 13, 202034:09 Attribution and Sanctions36:53 The solarwinds123 Password39:18 The Three Missing Controls42:32 Defense in Depth43:08 The Cost of Remediation48:49 Trust and Verification54:24 Technical Breakdown + Resources54:41 Next on Zero Day Logs

  8. -6

    The Support Ticket That Opened Every Door

    In 2022, a teenager posted screenshots from inside the company that controls the login page for 18,000 organisations — not by breaking through a firewall, but through a contractor's compromised laptop. Twenty months later, it happened again. This time through a diagnostic file uploaded to a support ticket.This is the full story of both Okta breaches — how a contractor's laptop, a credential saved to a personal Google account via Chrome's password sync, and a file format most people have never heard of gave attackers a window into Cloudflare, 1Password, BeyondTrust, and thousands of others. And how one company was told something was wrong — and stayed silent for 18 days.Zero Day Logs is an investigative audio documentary built entirely from the public record: official security advisories, customer post-incident reports, court documents, and verified forensic findings. Every breach. One episode. Real consequences.Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.____________________________CHAPTERS00:00 Cold Open — Screenshots on Telegram03:52 The Invisible Gatekeeper06:07 Lapsus$ — Not a Nation State07:52 What Actually Happened in 202208:03 How Authentication Actually Works11:43 The Contractor's Laptop19:53 Twenty Months Later23:13 The 2023 Breach24:17 The HAR File — A Flight Data Recorder25:03 Session Cookies and Stolen Wristbands27:55 The November 29th Disclosure30:03 Cloudflare, 1Password, BeyondTrust34:15 The Supply Chain Problem36:38 Zero Trust and Assume Breach40:31 Eighteen Days of Silence41:43 The Three Missing Controls43:23 The Credential That Left the Building47:06 What Changed After48:20 The Chain of Trust53:09 Outro53:35 Next: SolarWinds____________________________SOURCES & FURTHER READING- Okta Security Advisory — October 2023- Okta Expanded Disclosure — November 29, 2023- Okta Security Advisory — March 2022- Cloudflare blog: "How Cloudflare mitigated yet another Okta compromise"- 1Password Security Incident Report (2023)- BeyondTrust Incident Disclosure (2023)- CISA Identity Security Guidance- Lapsus$ public reporting / Arion Kurtaj UK conviction (2023)

  9. -7

    How One Phone Call Cost MGM $100 Million

    In September 2023, one of the largest casino and hospitality companies on Earth was brought to a standstill — not by malware, not by a state-sponsored strike, but by a single phone call to an IT help desk.This is the full story of how Scattered Spider exploited the gap between trust and verification — from a LinkedIn search to a rogue Identity Provider inside MGM's Azure AD tenant — and how a $100M containment decision brought the casino floor dark.Zero Day Logs is an investigative audio documentary built entirely from the public record: SEC filings, court documents, government advisories, and verified forensic findings. Every breach. One episode. Real consequences.Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━CHAPTERS 00:00 Cold Open — Las Vegas Goes Dark 00:19 The Casino Floor Stops 01:38 The Help Desk: Where It All Started 03:42 OSINT — They Opened LinkedIn 04:43 Vishing: The Phone Call 05:47 Inside Okta — The MFA Reset 06:12 How Multi-Factor Authentication Works 09:49 Lateral Movement — Mapping the Network 11:53 Federated Identity Explained 16:10 SAML Assertion Forgery 18:25 The ESXi Architecture 20:08 MGM Pulls the Plug 20:48 What One MFA Reset Actually Cost━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━SOURCES & FURTHER READINGOkta Security Advisory (2023)CISA Advisory AA23-320AMGM SEC 8-K filing, September 2023Microsoft DART case study

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Welcome to Zero Day Logs, the podcast that dissects the most consequential cybersecurity breaches of our time. We go beyond the headlines to reconstruct exactly how the world's most heavily defended networks are actually dismantled—focusing not just on the technical exploits, but the structural flaws, human errors, and critical executive decisions that determine who survives and who pays.From billion-dollar hospitality empires brought to a standstill by a single, well-researched phone call to an IT help desk , to global identity gatekeepers compromised by contractor laptops and standard diagnostic files, each episode maps the attack path step-by-step. We break down the underlying enterprise architecture—explaining concepts like multi-factor authentication, federated identity, and zero-trust frameworks—so you understand the mechanics of the collapse.Whether you are a security professional defending a network, or simply someone trying to unde

HOSTED BY

ZDL

Frequently Asked Questions

How many episodes does Zero Day Logs have?

Zero Day Logs currently has 9 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Zero Day Logs about?

Welcome to Zero Day Logs, the podcast that dissects the most consequential cybersecurity breaches of our time. We go beyond the headlines to reconstruct exactly how the world's most heavily defended networks are actually dismantled—focusing not just on the technical exploits, but the structural...

How often does Zero Day Logs release new episodes?

Zero Day Logs has 9 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Zero Day Logs?

You can listen to Zero Day Logs on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Zero Day Logs?

Zero Day Logs is created and hosted by ZDL.
URL copied to clipboard!