PPIDspoofingDirectSyscallsBreakingprocess-childrelationshipDynamicAPIresolvingAPC injection/AtombombingEncryptionProcessMitigationPolicyEncodingStringconcatenationVM-basedcodeexecutionCompressionKernelcallbacksRun-timebinarymodificationHooking/UnhookingPackingP/Invoke&D/InvokeCodesigningbypassDLLinjectionUncommonprogramminglanguageETWTiPatchingHookInjectionPEinjectionAMSIPatchingProcessInjectionPPIDspoofingDirectSyscallsBreakingprocess-childrelationshipDynamicAPIresolvingAPC injection/AtombombingEncryptionProcessMitigationPolicyEncodingStringconcatenationVM-basedcodeexecutionCompressionKernelcallbacksRun-timebinarymodificationHooking/UnhookingPackingP/Invoke&D/InvokeCodesigningbypassDLLinjectionUncommonprogramminglanguageETWTiPatchingHookInjectionPEinjectionAMSIPatchingProcessInjection

Bypassing AV/EDR bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. PPID spoofing
  2. Direct Syscalls
  3. Breaking process-child relationship
  4. Dynamic API resolving
  5. APC injection / Atombombing
  6. Encryption
  7. Process Mitigation Policy
  8. Encoding
  9. String concatenation
  10. VM-based code execution
  11. Compression
  12. Kernel callbacks
  13. Run-time binary modification
  14. Hooking/ Unhooking
  15. Packing
  16. P/Invoke & D/Invoke
  17. Code signing bypass
  18. DLL injection
  19. Uncommon programming language
  20. ETWTi Patching
  21. Hook Injection
  22. PE injection
  23. AMSI Patching
  24. Process Injection