(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
critically out-of-date firmware
compliance violation
No DMZ
(where appropriate)
GPO with insecure settings
LM Hash on admin
Adobe Flash
Guest SSID but no guest isolation
DNS logging not enabled
VPN with weak encryption
>20% phish click rate
Users are local admins
untrained clickers
Plain text password discovered in share
Teamviewer / VNC
SMB signing
not enabled
Windows 7
Windows Server 2003/2008
Unlicensed
hardware or software
No MFA on
365 Admin
insecure zone transfers
password complexity not enforced
VM without autostart
Application
with > 1000 vulnerabilities
LLMNR enabled
No redundant ISP
Bypass users in DUO
Wireless PSK older than 2 years
Segmentation without ACLs
NIPS
disabled
/unconfigured
No Geo-IP blocking
End user
Passwords that never expire
No backup
failure alerts
unauthenticated
mail relay
rogue device
No botnet
filter
cpassword
EDR
Missing on endpoint
legacy configuration
not removed
Insecure share with PII/PHI
"Domain Users" group as local administrator
Default admin credentials
Unpatched Exchange
Telnet
unencrypted web management interface
No drive encryption
password spreadsheet
Winlogon cache default value
Whitelisted domains in email filter
No DKIM / DMARC
Default SNMP Write value
Stale users older than 1year
No SPF record
Windows XP
Computers
not
joined to
AD (or AAD)
PCI violation
Inapproprite Firewall rules (not RDP)
Individual user permissions in shares
inappropriate unconstrained delegation in Active Directory
