PackingKernelcallbacksDynamicAPIresolvingPPIDspoofingProcessMitigationPolicyUncommonprogramminglanguageCodesigningbypassP/Invoke&D/InvokeDLLinjectionETWTiPatchingAPC injection/AtombombingPEinjectionAMSIPatchingDirectSyscallsEncodingVM-basedcodeexecutionEncryptionHooking/UnhookingCompressionHookInjectionRun-timebinarymodificationStringconcatenationProcessInjectionBreakingprocess-childrelationshipPackingKernelcallbacksDynamicAPIresolvingPPIDspoofingProcessMitigationPolicyUncommonprogramminglanguageCodesigningbypassP/Invoke&D/InvokeDLLinjectionETWTiPatchingAPC injection/AtombombingPEinjectionAMSIPatchingDirectSyscallsEncodingVM-basedcodeexecutionEncryptionHooking/UnhookingCompressionHookInjectionRun-timebinarymodificationStringconcatenationProcessInjectionBreakingprocess-childrelationship

Bypassing AV/EDR bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Packing
  2. Kernel callbacks
  3. Dynamic API resolving
  4. PPID spoofing
  5. Process Mitigation Policy
  6. Uncommon programming language
  7. Code signing bypass
  8. P/Invoke & D/Invoke
  9. DLL injection
  10. ETWTi Patching
  11. APC injection / Atombombing
  12. PE injection
  13. AMSI Patching
  14. Direct Syscalls
  15. Encoding
  16. VM-based code execution
  17. Encryption
  18. Hooking/ Unhooking
  19. Compression
  20. Hook Injection
  21. Run-time binary modification
  22. String concatenation
  23. Process Injection
  24. Breaking process-child relationship