complianceviolationLMHash onadminPCIviolationNobotnetfilterminpasswordlength < 12charactersNo driveencryptionSMBsigningnotenabledDefaultadmincredentialsuntrainedclickersNIPSdisabled/unconfiguredinsecurezonetransfersNoDKIM /DMARCSegmentationwithout ACLsNobackupfailurealertsApplicationwith > 1000vulnerabilitiesGPO withinsecuresettingsWindowsXPIndividualuserpermissionsin sharesWindowsServer2003/2008LLMNRenabledGuestSSID butno guestisolationTeamviewer/ VNCunencryptedbackupsUnpatchedExchangeBypassusersin DUOInsecureshare withPII/PHIWhitelisteddomains inemail filterNoSPFrecordPlain textpassworddiscoveredin share>20%phishclick rate"DomainUsers" groupas localadministratorWinlogoncachedefaultvalueUnlicensedhardwareor softwareTelnetunencryptedwebmanagementinterfaceroguedeviceUsersare localadminslegacyconfigurationnot removedDNSloggingnotenabledComputersnotjoined toAD (or AAD)criticallyout-of-datefirmwareVPN withweakencryptionEnd userPasswordsthat neverexpireNo MFAon365AdminStaleusersolder than1yearEDRMissingonendpointinappropriateunconstraineddelegation inActiveDirectoryNoredundantISPAdobeFlashpasswordspreadsheetVMwithoutautostartWindows7No DMZ(whereappropriate)cpasswordNoGeo-IPblockingpasswordcomplexitynotenforcedunauthenticatedmail relayInappropriteFirewallrules (notRDP)DefaultSNMPWritevalueWirelessPSK olderthan 2yearscomplianceviolationLMHash onadminPCIviolationNobotnetfilterminpasswordlength < 12charactersNo driveencryptionSMBsigningnotenabledDefaultadmincredentialsuntrainedclickersNIPSdisabled/unconfiguredinsecurezonetransfersNoDKIM /DMARCSegmentationwithout ACLsNobackupfailurealertsApplicationwith > 1000vulnerabilitiesGPO withinsecuresettingsWindowsXPIndividualuserpermissionsin sharesWindowsServer2003/2008LLMNRenabledGuestSSID butno guestisolationTeamviewer/ VNCunencryptedbackupsUnpatchedExchangeBypassusersin DUOInsecureshare withPII/PHIWhitelisteddomains inemail filterNoSPFrecordPlain textpassworddiscoveredin share>20%phishclick rate"DomainUsers" groupas localadministratorWinlogoncachedefaultvalueUnlicensedhardwareor softwareTelnetunencryptedwebmanagementinterfaceroguedeviceUsersare localadminslegacyconfigurationnot removedDNSloggingnotenabledComputersnotjoined toAD (or AAD)criticallyout-of-datefirmwareVPN withweakencryptionEnd userPasswordsthat neverexpireNo MFAon365AdminStaleusersolder than1yearEDRMissingonendpointinappropriateunconstraineddelegation inActiveDirectoryNoredundantISPAdobeFlashpasswordspreadsheetVMwithoutautostartWindows7No DMZ(whereappropriate)cpasswordNoGeo-IPblockingpasswordcomplexitynotenforcedunauthenticatedmail relayInappropriteFirewallrules (notRDP)DefaultSNMPWritevalueWirelessPSK olderthan 2years

Risk Assessment BINGO - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  1. compliance violation
  2. LM Hash on admin
  3. PCI violation
  4. No botnet filter
  5. min password length < 12 characters
  6. No drive encryption
  7. SMB signing not enabled
  8. Default admin credentials
  9. untrained clickers
  10. NIPS disabled /unconfigured
  11. insecure zone transfers
  12. No DKIM / DMARC
  13. Segmentation without ACLs
  14. No backup failure alerts
  15. Application with > 1000 vulnerabilities
  16. GPO with insecure settings
  17. Windows XP
  18. Individual user permissions in shares
  19. Windows Server 2003/2008
  20. LLMNR enabled
  21. Guest SSID but no guest isolation
  22. Teamviewer / VNC
  23. unencrypted backups
  24. Unpatched Exchange
  25. Bypass users in DUO
  26. Insecure share with PII/PHI
  27. Whitelisted domains in email filter
  28. No SPF record
  29. Plain text password discovered in share
  30. >20% phish click rate
  31. "Domain Users" group as local administrator
  32. Winlogon cache default value
  33. Unlicensed hardware or software
  34. Telnet
  35. unencrypted web management interface
  36. rogue device
  37. Users are local admins
  38. legacy configuration not removed
  39. DNS logging not enabled
  40. Computers not joined to AD (or AAD)
  41. critically out-of-date firmware
  42. VPN with weak encryption
  43. End user Passwords that never expire
  44. No MFA on 365 Admin
  45. Stale users older than 1year
  46. EDR Missing on endpoint
  47. inappropriate unconstrained delegation in Active Directory
  48. No redundant ISP
  49. Adobe Flash
  50. password spreadsheet
  51. VM without autostart
  52. Windows 7
  53. No DMZ (where appropriate)
  54. cpassword
  55. No Geo-IP blocking
  56. password complexity not enforced
  57. unauthenticated mail relay
  58. Inapproprite Firewall rules (not RDP)
  59. Default SNMP Write value
  60. Wireless PSK older than 2 years