WirelessPSK olderthan 2yearsVPN withweakencryptionminpasswordlength < 12charactersDNSloggingnotenabledunauthenticatedmail relayNoredundantISPNobackupfailurealertsStaleusersolder than1yearDefaultSNMPWritevalueUsersare localadminsroguedeviceSegmentationwithout ACLsNIPSdisabled/unconfiguredNoDKIM /DMARCNo DMZ(whereappropriate)passwordcomplexitynotenforcedcriticallyout-of-datefirmwareNobotnetfilterGuestSSID butno guestisolationUnpatchedExchangeBypassusersin DUO>20%phishclick rateinsecurezonetransfersNoSPFrecordAdobeFlashVMwithoutautostartWinlogoncachedefaultvalue"DomainUsers" groupas localadministratorGPO withinsecuresettingsApplicationwith > 1000vulnerabilitiesPCIviolationWindowsXPWindows7Whitelisteddomains inemail filterinappropriateunconstraineddelegation inActiveDirectorycomplianceviolationNo MFAon365AdminInsecureshare withPII/PHISMBsigningnotenabledLLMNRenabledcpasswordlegacyconfigurationnot removeduntrainedclickersComputersnotjoined toAD (or AAD)TelnetIndividualuserpermissionsin sharesEDRMissingonendpointpasswordspreadsheetunencryptedbackupsLMHash onadminUnlicensedhardwareor softwareunencryptedwebmanagementinterfaceNo driveencryptionNoGeo-IPblockingDefaultadmincredentialsTeamviewer/ VNCWindowsServer2003/2008End userPasswordsthat neverexpireInappropriteFirewallrules (notRDP)Plain textpassworddiscoveredin shareWirelessPSK olderthan 2yearsVPN withweakencryptionminpasswordlength < 12charactersDNSloggingnotenabledunauthenticatedmail relayNoredundantISPNobackupfailurealertsStaleusersolder than1yearDefaultSNMPWritevalueUsersare localadminsroguedeviceSegmentationwithout ACLsNIPSdisabled/unconfiguredNoDKIM /DMARCNo DMZ(whereappropriate)passwordcomplexitynotenforcedcriticallyout-of-datefirmwareNobotnetfilterGuestSSID butno guestisolationUnpatchedExchangeBypassusersin DUO>20%phishclick rateinsecurezonetransfersNoSPFrecordAdobeFlashVMwithoutautostartWinlogoncachedefaultvalue"DomainUsers" groupas localadministratorGPO withinsecuresettingsApplicationwith > 1000vulnerabilitiesPCIviolationWindowsXPWindows7Whitelisteddomains inemail filterinappropriateunconstraineddelegation inActiveDirectorycomplianceviolationNo MFAon365AdminInsecureshare withPII/PHISMBsigningnotenabledLLMNRenabledcpasswordlegacyconfigurationnot removeduntrainedclickersComputersnotjoined toAD (or AAD)TelnetIndividualuserpermissionsin sharesEDRMissingonendpointpasswordspreadsheetunencryptedbackupsLMHash onadminUnlicensedhardwareor softwareunencryptedwebmanagementinterfaceNo driveencryptionNoGeo-IPblockingDefaultadmincredentialsTeamviewer/ VNCWindowsServer2003/2008End userPasswordsthat neverexpireInappropriteFirewallrules (notRDP)Plain textpassworddiscoveredin share

Risk Assessment BINGO - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  1. Wireless PSK older than 2 years
  2. VPN with weak encryption
  3. min password length < 12 characters
  4. DNS logging not enabled
  5. unauthenticated mail relay
  6. No redundant ISP
  7. No backup failure alerts
  8. Stale users older than 1year
  9. Default SNMP Write value
  10. Users are local admins
  11. rogue device
  12. Segmentation without ACLs
  13. NIPS disabled /unconfigured
  14. No DKIM / DMARC
  15. No DMZ (where appropriate)
  16. password complexity not enforced
  17. critically out-of-date firmware
  18. No botnet filter
  19. Guest SSID but no guest isolation
  20. Unpatched Exchange
  21. Bypass users in DUO
  22. >20% phish click rate
  23. insecure zone transfers
  24. No SPF record
  25. Adobe Flash
  26. VM without autostart
  27. Winlogon cache default value
  28. "Domain Users" group as local administrator
  29. GPO with insecure settings
  30. Application with > 1000 vulnerabilities
  31. PCI violation
  32. Windows XP
  33. Windows 7
  34. Whitelisted domains in email filter
  35. inappropriate unconstrained delegation in Active Directory
  36. compliance violation
  37. No MFA on 365 Admin
  38. Insecure share with PII/PHI
  39. SMB signing not enabled
  40. LLMNR enabled
  41. cpassword
  42. legacy configuration not removed
  43. untrained clickers
  44. Computers not joined to AD (or AAD)
  45. Telnet
  46. Individual user permissions in shares
  47. EDR Missing on endpoint
  48. password spreadsheet
  49. unencrypted backups
  50. LM Hash on admin
  51. Unlicensed hardware or software
  52. unencrypted web management interface
  53. No drive encryption
  54. No Geo-IP blocking
  55. Default admin credentials
  56. Teamviewer / VNC
  57. Windows Server 2003/2008
  58. End user Passwords that never expire
  59. Inapproprite Firewall rules (not RDP)
  60. Plain text password discovered in share