CompressionProcessMitigationPolicyDirectSyscallsEncryptionStringconcatenationDynamicAPIresolvingBreakingprocess-childrelationshipETWTiPatchingHookInjectionRun-timebinarymodificationCodesigningbypassDLLinjectionHooking/UnhookingAMSIPatchingPPIDspoofingEncodingPackingAPC injection/AtombombingProcessInjectionVM-basedcodeexecutionKernelcallbacksUncommonprogramminglanguagePEinjectionP/Invoke&D/InvokeCompressionProcessMitigationPolicyDirectSyscallsEncryptionStringconcatenationDynamicAPIresolvingBreakingprocess-childrelationshipETWTiPatchingHookInjectionRun-timebinarymodificationCodesigningbypassDLLinjectionHooking/UnhookingAMSIPatchingPPIDspoofingEncodingPackingAPC injection/AtombombingProcessInjectionVM-basedcodeexecutionKernelcallbacksUncommonprogramminglanguagePEinjectionP/Invoke&D/Invoke

Bypassing AV/EDR bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Compression
  2. Process Mitigation Policy
  3. Direct Syscalls
  4. Encryption
  5. String concatenation
  6. Dynamic API resolving
  7. Breaking process-child relationship
  8. ETWTi Patching
  9. Hook Injection
  10. Run-time binary modification
  11. Code signing bypass
  12. DLL injection
  13. Hooking/ Unhooking
  14. AMSI Patching
  15. PPID spoofing
  16. Encoding
  17. Packing
  18. APC injection / Atombombing
  19. Process Injection
  20. VM-based code execution
  21. Kernel callbacks
  22. Uncommon programming language
  23. PE injection
  24. P/Invoke & D/Invoke