unencryptedbackupsNobackupfailurealertsinappropriateunconstraineddelegation inActiveDirectoryIndividualuserpermissionsin sharesNo MFAon365AdminSMBsigningnotenabledNo driveencryptionInappropriteFirewallrules (notRDP)DefaultSNMPWritevaluecpasswordBypassusersin DUOinsecurezonetransferspasswordcomplexitynotenforcedInsecureshare withPII/PHIComputersnotjoined toAD (or AAD)Defaultadmincredentialsminpasswordlength < 12charactersuntrainedclickersAdobeFlashLLMNRenabledSegmentationwithout ACLsNoSPFrecord>20%phishclick rateunauthenticatedmail relayUsersare localadminsTelnetPlain textpassworddiscoveredin shareunencryptedwebmanagementinterfaceVMwithoutautostartWindows7complianceviolationPCIviolationEDRMissingonendpointUnpatchedExchangeroguedeviceVPN withweakencryptionNoredundantISPWhitelisteddomains inemail filterpasswordspreadsheetWinlogoncachedefaultvalue"DomainUsers" groupas localadministratorWindowsServer2003/2008criticallyout-of-datefirmwareLMHash onadminNIPSdisabled/unconfiguredWindowsXPStaleusersolder than1yearTeamviewer/ VNCNobotnetfilterApplicationwith > 1000vulnerabilitiesNoDKIM /DMARCDNSloggingnotenabledNoGeo-IPblockingWirelessPSK olderthan 2yearsUnlicensedhardwareor softwareNo DMZ(whereappropriate)GuestSSID butno guestisolationEnd userPasswordsthat neverexpireGPO withinsecuresettingslegacyconfigurationnot removedunencryptedbackupsNobackupfailurealertsinappropriateunconstraineddelegation inActiveDirectoryIndividualuserpermissionsin sharesNo MFAon365AdminSMBsigningnotenabledNo driveencryptionInappropriteFirewallrules (notRDP)DefaultSNMPWritevaluecpasswordBypassusersin DUOinsecurezonetransferspasswordcomplexitynotenforcedInsecureshare withPII/PHIComputersnotjoined toAD (or AAD)Defaultadmincredentialsminpasswordlength < 12charactersuntrainedclickersAdobeFlashLLMNRenabledSegmentationwithout ACLsNoSPFrecord>20%phishclick rateunauthenticatedmail relayUsersare localadminsTelnetPlain textpassworddiscoveredin shareunencryptedwebmanagementinterfaceVMwithoutautostartWindows7complianceviolationPCIviolationEDRMissingonendpointUnpatchedExchangeroguedeviceVPN withweakencryptionNoredundantISPWhitelisteddomains inemail filterpasswordspreadsheetWinlogoncachedefaultvalue"DomainUsers" groupas localadministratorWindowsServer2003/2008criticallyout-of-datefirmwareLMHash onadminNIPSdisabled/unconfiguredWindowsXPStaleusersolder than1yearTeamviewer/ VNCNobotnetfilterApplicationwith > 1000vulnerabilitiesNoDKIM /DMARCDNSloggingnotenabledNoGeo-IPblockingWirelessPSK olderthan 2yearsUnlicensedhardwareor softwareNo DMZ(whereappropriate)GuestSSID butno guestisolationEnd userPasswordsthat neverexpireGPO withinsecuresettingslegacyconfigurationnot removed

Risk Assessment BINGO - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  1. unencrypted backups
  2. No backup failure alerts
  3. inappropriate unconstrained delegation in Active Directory
  4. Individual user permissions in shares
  5. No MFA on 365 Admin
  6. SMB signing not enabled
  7. No drive encryption
  8. Inapproprite Firewall rules (not RDP)
  9. Default SNMP Write value
  10. cpassword
  11. Bypass users in DUO
  12. insecure zone transfers
  13. password complexity not enforced
  14. Insecure share with PII/PHI
  15. Computers not joined to AD (or AAD)
  16. Default admin credentials
  17. min password length < 12 characters
  18. untrained clickers
  19. Adobe Flash
  20. LLMNR enabled
  21. Segmentation without ACLs
  22. No SPF record
  23. >20% phish click rate
  24. unauthenticated mail relay
  25. Users are local admins
  26. Telnet
  27. Plain text password discovered in share
  28. unencrypted web management interface
  29. VM without autostart
  30. Windows 7
  31. compliance violation
  32. PCI violation
  33. EDR Missing on endpoint
  34. Unpatched Exchange
  35. rogue device
  36. VPN with weak encryption
  37. No redundant ISP
  38. Whitelisted domains in email filter
  39. password spreadsheet
  40. Winlogon cache default value
  41. "Domain Users" group as local administrator
  42. Windows Server 2003/2008
  43. critically out-of-date firmware
  44. LM Hash on admin
  45. NIPS disabled /unconfigured
  46. Windows XP
  47. Stale users older than 1year
  48. Teamviewer / VNC
  49. No botnet filter
  50. Application with > 1000 vulnerabilities
  51. No DKIM / DMARC
  52. DNS logging not enabled
  53. No Geo-IP blocking
  54. Wireless PSK older than 2 years
  55. Unlicensed hardware or software
  56. No DMZ (where appropriate)
  57. Guest SSID but no guest isolation
  58. End user Passwords that never expire
  59. GPO with insecure settings
  60. legacy configuration not removed