DLL Search Order Hijacking, Windows Management Instrumentation Event Subscription, Spearphishing via Service, SSH Hijacking, Command- Line Interface, Indicator Removal on Host, Security Software Discovery, Query Registry, Application Shimming, Credentials in Registry, Launch Agent, Multilayer Encryption, Hardware Additions, Kernel Modules and Extensions, Process Discovery, Code Signing, System Service Discovery, Exploitation for Credential Access, Automated Collection, AppleScript, Remote File Copy, Indicator Blocking, System Owner/User Discovery, Sudo Caching, Data from Information Repositories, Remote Desktop Protocol, Service Execution, Pass the Ticket, Browser Extensions, Exfiltration Over Alternative Protocol, Timestomp, Shared Webroot, Data Compressed, Local Job Scheduling, Process Hollowing, Shortcut Modification, Scripting, Multi- Stage Channels, Launchctl, Standard Application Layer Protocol, External Remote Services, LC_MAIN Hijacking, Space after Filename, Hidden Window, File and Directory Discovery, Scheduled Task, Rc.common, Authentication Package, Remote Access Tools, Password Policy Discovery, Commonly Used Port, Create Account, Hidden Files and Directories, Network Service Scanning, Source, Signed Script Proxy Execution, Modify Existing Service, Video Capture, Screensaver, Account Manipulation, Trusted Relationship, Indirect Command Execution, Netsh Helper DLL, Permission Groups Discovery, Exfiltration Over Other Network Medium, SIP and Trust Provider Hijacking, NTFS File Attributes, Indicator Removal from Tools, Custom Cryptographic Protocol, Regsvr32, Logon Scripts, Mshta, Redundant Access, User Execution, Control Panel Items, Startup Items, Password Filter DLL, Plist Modification, Install Root Certificate, Disabling Security Tools, System Firmware, Two-Factor Authentication Interception, System Network Configuration Discovery, Winlogon Helper DLL, Data Encoding, Bypass User Account Control, LLMNR/NBT- NS Poisoning, Standard Non- Application Layer Protocol, DLL Side- Loading, AppInit DLLs, Spearphishing Link, Data Transfer Size Limits, Data from Network Shared Drive, Execution through API, Clipboard Data, Web Shell, AppCert DLLs, HISTCONTROL, Dylib Hijacking, Bash History, LSASS Driver, File Deletion, Dynamic Data Exchange, Fallback Channels, Re-opened Applications, .bash_profile and .bashrc, Hidden Users, Network Sniffing, Bootkit, Component Object Model Hijacking, DCShadow, Process Injection, Signed Binary Proxy Execution, Clear Command History, Data Staged, Service Registry Permissions Weakness, Distributed Component Object Model, Custom Command and Control Protocol, Exploitation for Defense Evasion, Credential Dumping, Brute Force, Private Keys, Multiband Communication, System Information Discovery, System Network Connections Discovery, Communication Through Removable Media, Sudo, Process Doppelgänging, System Time Discovery, Peripheral Device Discovery, Windows Remote Management, Data from Removable Media, Trusted Developer Utilities, Rundll32, Trap, Masquerading, Time Providers, SID- History Injection, Software Packing, Data from Local System, Scheduled Transfer, Security Support Provider, Image File Execution Options Injection, Setuid and Setgid, Account Discovery, Standard Cryptographic Protocol, Exploitation of Remote Services, Path Interception, File System Permissions Weakness, Taint Shared Content, Multi- hop Proxy, Obfuscated Files or Information, Domain Fronting, Login Item, Exfiltration Over Command and Control Channel, Exploitation for Client Execution, Change Default File Association, Port Monitors, Exfiltration Over Physical Medium, Binary Padding, Drive-by Compromise, Securityd Memory, Accessibility Features, Forced Authentication, Network Share Connection Removal, BITS Jobs, Audio Capture, Graphical User Interface, Modify Registry, Data Encrypted, Browser Bookmark Discovery, Connection Proxy, Windows Admin Shares, LC_LOAD_DYLIB Addition, Keychain, Credentials in Files, Remote Services, Application Window Discovery, New Service, Network Share Discovery, Deobfuscate/Decode Files or Information, Launch Daemon, Rootkit, PowerShell, Pass the Hash, Hypervisor, Office Application Startup, Windows Management Instrumentation, Input Capture, Regsvcs/Regasm, Registry Run Keys / Start Folder, Supply Chain Compromise, Data Obfuscation, Exploit Public- Facing Application, Uncommonly Used Port, Input Prompt, Email Collection, Exploitation for Privilege Escalation, File System Logical Offsets, CMSTP, Execution through Module Load, Kerberoasting, Replication Through Removable Media, Automated Exfiltration, Application Deployment Software, Spearphishing Attachment, Hooking, Component Firmware, Remote System Discovery, Extra Window Memory Injection, Port Knocking, Access Token Manipulation, Screen Capture, Gatekeeper Bypass, Third- party Software, Valid Accounts, Web Service, Man in the Browser, InstallUtil, DLL Search Order Hijacking, Windows Management Instrumentation Event Subscription, Spearphishing via Service, SSH Hijacking, Command- Line Interface, Indicator Removal on Host, Security Software Discovery, Query Registry, Application Shimming, Credentials in Registry, Launch Agent, Multilayer Encryption, Hardware Additions, Kernel Modules and Extensions, Process Discovery, Code Signing, System Service Discovery, Exploitation for Credential Access, Automated Collection, AppleScript, Remote File Copy, Indicator Blocking, System Owner/User Discovery, Sudo Caching, Data from Information Repositories, Remote Desktop Protocol, Service Execution, Pass the Ticket, Browser Extensions, Exfiltration Over Alternative Protocol, Timestomp, Shared Webroot, Data Compressed, Local Job Scheduling, Process Hollowing, Shortcut Modification, Scripting, Multi- Stage Channels, Launchctl, Standard Application Layer Protocol, External Remote Services, LC_MAIN Hijacking, Space after Filename, Hidden Window, File and Directory Discovery, Scheduled Task, Rc.common, Authentication Package, Remote Access Tools, Password Policy Discovery, Commonly Used Port, Create Account, Hidden Files and Directories, Network Service Scanning, Source, Signed Script Proxy Execution, Modify Existing Service, Video Capture, Screensaver, Account Manipulation, Trusted Relationship, Indirect Command Execution, Netsh Helper DLL, Permission Groups Discovery, Exfiltration Over Other Network Medium, SIP and Trust Provider Hijacking, NTFS File Attributes, Indicator Removal from Tools, Custom Cryptographic Protocol, Regsvr32, Logon Scripts, Mshta, Redundant Access, User Execution, Control Panel Items, Startup Items, Password Filter DLL, Plist Modification, Install Root Certificate, Disabling Security Tools, System Firmware, Two-Factor Authentication Interception, System Network Configuration Discovery, Winlogon Helper DLL, Data Encoding, Bypass User Account Control, LLMNR/NBT- NS Poisoning, Standard Non- Application Layer Protocol, DLL Side- Loading, AppInit DLLs, Spearphishing Link, Data Transfer Size Limits, Data from Network Shared Drive, Execution through API, Clipboard Data, Web Shell, AppCert DLLs, HISTCONTROL, Dylib Hijacking, Bash History, LSASS Driver, File Deletion, Dynamic Data Exchange, Fallback Channels, Re-opened Applications, .bash_profile and .bashrc, Hidden Users, Network Sniffing, Bootkit, Component Object Model Hijacking, DCShadow, Process Injection, Signed Binary Proxy Execution, Clear Command History, Data Staged, Service Registry Permissions Weakness, Distributed Component Object Model, Custom Command and Control Protocol, Exploitation for Defense Evasion, Credential Dumping, Brute Force, Private Keys, Multiband Communication, System Information Discovery, System Network Connections Discovery, Communication Through Removable Media, Sudo, Process Doppelgänging, System Time Discovery, Peripheral Device Discovery, Windows Remote Management, Data from Removable Media, Trusted Developer Utilities, Rundll32, Trap, Masquerading, Time Providers, SID- History Injection, Software Packing, Data from Local System, Scheduled Transfer, Security Support Provider, Image File Execution Options Injection, Setuid and Setgid, Account Discovery, Standard Cryptographic Protocol, Exploitation of Remote Services, Path Interception, File System Permissions Weakness, Taint Shared Content, Multi- hop Proxy, Obfuscated Files or Information, Domain Fronting, Login Item, Exfiltration Over Command and Control Channel, Exploitation for Client Execution, Change Default File Association, Port Monitors, Exfiltration Over Physical Medium, Binary Padding, Drive-by Compromise, Securityd Memory, Accessibility Features, Forced Authentication, Network Share Connection Removal, BITS Jobs, Audio Capture, Graphical User Interface, Modify Registry, Data Encrypted, Browser Bookmark Discovery, Connection Proxy, Windows Admin Shares, LC_LOAD_DYLIB Addition, Keychain, Credentials in Files, Remote Services, Application Window Discovery, New Service, Network Share Discovery, Deobfuscate/Decode Files or Information, Launch Daemon, Rootkit, PowerShell, Pass the Hash, Hypervisor, Office Application Startup, Windows Management Instrumentation, Input Capture, Regsvcs/Regasm, Registry Run Keys / Start Folder, Supply Chain Compromise, Data Obfuscation, Exploit Public- Facing Application, Uncommonly Used Port, Input Prompt, Email Collection, Exploitation for Privilege Escalation, File System Logical Offsets, CMSTP, Execution through Module Load, Kerberoasting, Replication Through Removable Media, Automated Exfiltration, Application Deployment Software, Spearphishing Attachment, Hooking, Component Firmware, Remote System Discovery, Extra Window Memory Injection, Port Knocking, Access Token Manipulation, Screen Capture, Gatekeeper Bypass, Third- party Software, Valid Accounts, Web Service, Man in the Browser, InstallUtil,
(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.
DLL Search Order Hijacking,
Windows Management Instrumentation Event Subscription,
Spearphishing via Service,
SSH Hijacking,
Command-Line Interface,
Indicator Removal on Host,
Security Software Discovery,
Query Registry,
Application Shimming,
Credentials in Registry,
Launch Agent,
Multilayer Encryption,
Hardware Additions,
Kernel Modules and Extensions,
Process Discovery,
Code Signing,
System Service Discovery,
Exploitation for Credential Access,
Automated Collection,
AppleScript,
Remote File Copy,
Indicator Blocking,
System Owner/User Discovery,
Sudo Caching,
Data from Information Repositories,
Remote Desktop Protocol,
Service Execution,
Pass the Ticket,
Browser Extensions,
Exfiltration Over Alternative Protocol,
Timestomp,
Shared Webroot,
Data Compressed,
Local Job Scheduling,
Process Hollowing,
Shortcut Modification,
Scripting,
Multi-Stage Channels,
Launchctl,
Standard Application Layer Protocol,
External Remote Services,
LC_MAIN Hijacking,
Space after Filename,
Hidden Window,
File and Directory Discovery,
Scheduled Task,
Rc.common,
Authentication Package,
Remote Access Tools,
Password Policy Discovery,
Commonly Used Port,
Create Account,
Hidden Files and Directories,
Network Service Scanning,
Source,
Signed Script Proxy Execution,
Modify Existing Service,
Video Capture,
Screensaver,
Account Manipulation,
Trusted Relationship,
Indirect Command Execution,
Netsh Helper DLL,
Permission Groups Discovery,
Exfiltration Over Other Network Medium,
SIP and Trust Provider Hijacking,
NTFS File Attributes,
Indicator Removal from Tools,
Custom Cryptographic Protocol,
Regsvr32,
Logon Scripts,
Mshta,
Redundant Access,
User Execution,
Control Panel Items,
Startup Items,
Password Filter DLL,
Plist Modification,
Install Root Certificate,
Disabling Security Tools,
System Firmware,
Two-Factor Authentication Interception,
System Network Configuration Discovery,
Winlogon Helper DLL,
Data Encoding,
Bypass User Account Control,
LLMNR/NBT-NS Poisoning,
Standard Non-Application Layer Protocol,
DLL Side-Loading,
AppInit DLLs,
Spearphishing Link,
Data Transfer Size Limits,
Data from Network Shared Drive,
Execution through API,
Clipboard Data,
Web Shell,
AppCert DLLs,
HISTCONTROL,
Dylib Hijacking,
Bash History,
LSASS Driver,
File Deletion,
Dynamic Data Exchange,
Fallback Channels,
Re-opened Applications,
.bash_profile and .bashrc,
Hidden Users,
Network Sniffing,
Bootkit,
Component Object Model Hijacking,
DCShadow,
Process Injection,
Signed Binary Proxy Execution,
Clear Command History,
Data Staged,
Service Registry Permissions Weakness,
Distributed Component Object Model,
Custom Command and Control Protocol,
Exploitation for Defense Evasion,
Credential Dumping,
Brute Force,
Private Keys,
Multiband Communication,
System Information Discovery,
System Network Connections Discovery,
Communication Through Removable Media,
Sudo,
Process Doppelgänging,
System Time Discovery,
Peripheral Device Discovery,
Windows Remote Management,
Data from Removable Media,
Trusted Developer Utilities,
Rundll32,
Trap,
Masquerading,
Time Providers,
SID-History Injection,
Software Packing,
Data from Local System,
Scheduled Transfer,
Security Support Provider,
Image File Execution Options Injection,
Setuid and Setgid,
Account Discovery,
Standard Cryptographic Protocol,
Exploitation of Remote Services,
Path Interception,
File System Permissions Weakness,
Taint Shared Content,
Multi-hop Proxy,
Obfuscated Files or Information,
Domain Fronting,
Login Item,
Exfiltration Over Command and Control Channel,
Exploitation for Client Execution,
Change Default File Association,
Port Monitors,
Exfiltration Over Physical Medium,
Binary Padding,
Drive-by Compromise,
Securityd Memory,
Accessibility Features,
Forced Authentication,
Network Share Connection Removal,
BITS Jobs,
Audio Capture,
Graphical User Interface,
Modify Registry,
Data Encrypted,
Browser Bookmark Discovery,
Connection Proxy,
Windows Admin Shares,
LC_LOAD_DYLIB Addition,
Keychain,
Credentials in Files,
Remote Services,
Application Window Discovery,
New Service,
Network Share Discovery,
Deobfuscate/Decode Files or Information,
Launch Daemon,
Rootkit,
PowerShell,
Pass the Hash,
Hypervisor,
Office Application Startup,
Windows Management Instrumentation,
Input Capture,
Regsvcs/Regasm,
Registry Run Keys / Start Folder,
Supply Chain Compromise,
Data Obfuscation,
Exploit Public-Facing Application,
Uncommonly Used Port,
Input Prompt,
Email Collection,
Exploitation for Privilege Escalation,
File System Logical Offsets,
CMSTP,
Execution through Module Load,
Kerberoasting,
Replication Through Removable Media,
Automated Exfiltration,
Application Deployment Software,
Spearphishing Attachment,
Hooking,
Component Firmware,
Remote System Discovery,
Extra Window Memory Injection,
Port Knocking,
Access Token Manipulation,
Screen Capture,
Gatekeeper Bypass,
Third-party Software,
Valid Accounts,
Web Service,
Man in the Browser,
InstallUtil,