Episode 01: The MGM Resorts Breach — Technical Breakdown
How a ten-minute phone call dismantled one of the largest casino operations on Earth
This is the companion technical breakdown for Zero Day Logs Episode 01.
In September 2023, a group of attackers brought MGM Resorts to a standstill. No software vulnerability was exploited. No sophisticated malware was deployed. The public record shows a single phone call to an IT help desk.
The full technical breakdown covers the complete attack timeline, the step-by-step attack chain from LinkedIn reconnaissance through SAML token forgery to ESXi ransomware deployment, the three missing controls that would each have independently broken the chain, and what the post-breach remediation confirms about what was absent.
Written for two audiences: security practitioners who want the precise technical record, and everyone else who wants to understand what this breach means for them personally.
