WinlogoncachedefaultvalueDefaultadmincredentialscomplianceviolationNo driveencryptionGPO withinsecuresettingsWindows7EDRMissingonendpointIndividualuserpermissionsin sharesSMBsigningnotenableduntrainedclickersApplicationwith > 1000vulnerabilitiesLLMNRenabledUnpatchedExchangeVMwithoutautostartunencryptedbackupsWindowsServer2003/2008unauthenticatedmail relayComputersnotjoined toAD (or AAD)roguedeviceTelnetNo DMZ(whereappropriate)No MFAon365Adminpasswordcomplexitynotenforcedpasswordspreadsheetminpasswordlength < 12charactersunencryptedwebmanagementinterfacecpasswordInappropriteFirewallrules (notRDP)LMHash onadminBypassusersin DUOSegmentationwithout ACLsinsecurezonetransferscriticallyout-of-datefirmwareAdobeFlashPlain textpassworddiscoveredin sharelegacyconfigurationnot removed>20%phishclick rateStaleusersolder than1yearGuestSSID butno guestisolationNoDKIM /DMARCUnlicensedhardwareor softwareUsersare localadminsEnd userPasswordsthat neverexpireNoSPFrecordWindowsXPDNSloggingnotenabledNoGeo-IPblocking"DomainUsers" groupas localadministratorTeamviewer/ VNCWhitelisteddomains inemail filterDefaultSNMPWritevalueInsecureshare withPII/PHINobackupfailurealertsWirelessPSK olderthan 2yearsNIPSdisabled/unconfiguredVPN withweakencryptionNoredundantISPNobotnetfilterPCIviolationinappropriateunconstraineddelegation inActiveDirectoryWinlogoncachedefaultvalueDefaultadmincredentialscomplianceviolationNo driveencryptionGPO withinsecuresettingsWindows7EDRMissingonendpointIndividualuserpermissionsin sharesSMBsigningnotenableduntrainedclickersApplicationwith > 1000vulnerabilitiesLLMNRenabledUnpatchedExchangeVMwithoutautostartunencryptedbackupsWindowsServer2003/2008unauthenticatedmail relayComputersnotjoined toAD (or AAD)roguedeviceTelnetNo DMZ(whereappropriate)No MFAon365Adminpasswordcomplexitynotenforcedpasswordspreadsheetminpasswordlength < 12charactersunencryptedwebmanagementinterfacecpasswordInappropriteFirewallrules (notRDP)LMHash onadminBypassusersin DUOSegmentationwithout ACLsinsecurezonetransferscriticallyout-of-datefirmwareAdobeFlashPlain textpassworddiscoveredin sharelegacyconfigurationnot removed>20%phishclick rateStaleusersolder than1yearGuestSSID butno guestisolationNoDKIM /DMARCUnlicensedhardwareor softwareUsersare localadminsEnd userPasswordsthat neverexpireNoSPFrecordWindowsXPDNSloggingnotenabledNoGeo-IPblocking"DomainUsers" groupas localadministratorTeamviewer/ VNCWhitelisteddomains inemail filterDefaultSNMPWritevalueInsecureshare withPII/PHINobackupfailurealertsWirelessPSK olderthan 2yearsNIPSdisabled/unconfiguredVPN withweakencryptionNoredundantISPNobotnetfilterPCIviolationinappropriateunconstraineddelegation inActiveDirectory

Risk Assessment BINGO - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  1. Winlogon cache default value
  2. Default admin credentials
  3. compliance violation
  4. No drive encryption
  5. GPO with insecure settings
  6. Windows 7
  7. EDR Missing on endpoint
  8. Individual user permissions in shares
  9. SMB signing not enabled
  10. untrained clickers
  11. Application with > 1000 vulnerabilities
  12. LLMNR enabled
  13. Unpatched Exchange
  14. VM without autostart
  15. unencrypted backups
  16. Windows Server 2003/2008
  17. unauthenticated mail relay
  18. Computers not joined to AD (or AAD)
  19. rogue device
  20. Telnet
  21. No DMZ (where appropriate)
  22. No MFA on 365 Admin
  23. password complexity not enforced
  24. password spreadsheet
  25. min password length < 12 characters
  26. unencrypted web management interface
  27. cpassword
  28. Inapproprite Firewall rules (not RDP)
  29. LM Hash on admin
  30. Bypass users in DUO
  31. Segmentation without ACLs
  32. insecure zone transfers
  33. critically out-of-date firmware
  34. Adobe Flash
  35. Plain text password discovered in share
  36. legacy configuration not removed
  37. >20% phish click rate
  38. Stale users older than 1year
  39. Guest SSID but no guest isolation
  40. No DKIM / DMARC
  41. Unlicensed hardware or software
  42. Users are local admins
  43. End user Passwords that never expire
  44. No SPF record
  45. Windows XP
  46. DNS logging not enabled
  47. No Geo-IP blocking
  48. "Domain Users" group as local administrator
  49. Teamviewer / VNC
  50. Whitelisted domains in email filter
  51. Default SNMP Write value
  52. Insecure share with PII/PHI
  53. No backup failure alerts
  54. Wireless PSK older than 2 years
  55. NIPS disabled /unconfigured
  56. VPN with weak encryption
  57. No redundant ISP
  58. No botnet filter
  59. PCI violation
  60. inappropriate unconstrained delegation in Active Directory