PackingHooking/UnhookingRun-timebinarymodificationAPC injection/AtombombingStringconcatenationPEinjectionDLLinjectionKernelcallbacksBreakingprocess-childrelationshipAMSIPatchingDirectSyscallsPPIDspoofingDynamicAPIresolvingUncommonprogramminglanguageETWTiPatchingHookInjectionEncodingProcessMitigationPolicyCompressionProcessInjectionP/Invoke&D/InvokeEncryptionVM-basedcodeexecutionCodesigningbypassPackingHooking/UnhookingRun-timebinarymodificationAPC injection/AtombombingStringconcatenationPEinjectionDLLinjectionKernelcallbacksBreakingprocess-childrelationshipAMSIPatchingDirectSyscallsPPIDspoofingDynamicAPIresolvingUncommonprogramminglanguageETWTiPatchingHookInjectionEncodingProcessMitigationPolicyCompressionProcessInjectionP/Invoke&D/InvokeEncryptionVM-basedcodeexecutionCodesigningbypass

Bypassing AV/EDR bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Packing
  2. Hooking/ Unhooking
  3. Run-time binary modification
  4. APC injection / Atombombing
  5. String concatenation
  6. PE injection
  7. DLL injection
  8. Kernel callbacks
  9. Breaking process-child relationship
  10. AMSI Patching
  11. Direct Syscalls
  12. PPID spoofing
  13. Dynamic API resolving
  14. Uncommon programming language
  15. ETWTi Patching
  16. Hook Injection
  17. Encoding
  18. Process Mitigation Policy
  19. Compression
  20. Process Injection
  21. P/Invoke & D/Invoke
  22. Encryption
  23. VM-based code execution
  24. Code signing bypass