ProcessInjectionUncommonprogramminglanguageHookInjectionProcessMitigationPolicyPPIDspoofingDLLinjectionETWTiPatchingCodesigningbypassEncodingPEinjectionAPC injection/AtombombingDynamicAPIresolvingPackingEncryptionCompressionStringconcatenationHooking/UnhookingKernelcallbacksDirectSyscallsBreakingprocess-childrelationshipVM-basedcodeexecutionRun-timebinarymodificationAMSIPatchingP/Invoke&D/InvokeProcessInjectionUncommonprogramminglanguageHookInjectionProcessMitigationPolicyPPIDspoofingDLLinjectionETWTiPatchingCodesigningbypassEncodingPEinjectionAPC injection/AtombombingDynamicAPIresolvingPackingEncryptionCompressionStringconcatenationHooking/UnhookingKernelcallbacksDirectSyscallsBreakingprocess-childrelationshipVM-basedcodeexecutionRun-timebinarymodificationAMSIPatchingP/Invoke&D/Invoke

Bypassing AV/EDR bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Process Injection
  2. Uncommon programming language
  3. Hook Injection
  4. Process Mitigation Policy
  5. PPID spoofing
  6. DLL injection
  7. ETWTi Patching
  8. Code signing bypass
  9. Encoding
  10. PE injection
  11. APC injection / Atombombing
  12. Dynamic API resolving
  13. Packing
  14. Encryption
  15. Compression
  16. String concatenation
  17. Hooking/ Unhooking
  18. Kernel callbacks
  19. Direct Syscalls
  20. Breaking process-child relationship
  21. VM-based code execution
  22. Run-time binary modification
  23. AMSI Patching
  24. P/Invoke & D/Invoke