NobotnetfilterDefaultSNMPWritevalueSMBsigningnotenabledBypassusersin DUOUsersare localadminsIndividualuserpermissionsin sharesunencryptedwebmanagementinterfaceunencryptedbackupsTeamviewer/ VNCVMwithoutautostartLLMNRenabledcriticallyout-of-datefirmwareGuestSSID butno guestisolationNoDKIM /DMARClegacyconfigurationnot removedTelnetNo driveencryptionLMHash onadminEnd userPasswordsthat neverexpireSegmentationwithout ACLsinsecurezonetransferspasswordspreadsheetNIPSdisabled/unconfiguredNobackupfailurealertsWindows7VPN withweakencryptionAdobeFlashWindowsXPNo DMZ(whereappropriate)Applicationwith > 1000vulnerabilitiespasswordcomplexitynotenforcedminpasswordlength < 12characterscpasswordStaleusersolder than1yearcomplianceviolationGPO withinsecuresettingsWinlogoncachedefaultvalueNoredundantISPWirelessPSK olderthan 2yearsunauthenticatedmail relayInsecureshare withPII/PHIDNSloggingnotenabledInappropriteFirewallrules (notRDP)EDRMissingonendpoint"DomainUsers" groupas localadministratorUnlicensedhardwareor softwarePlain textpassworddiscoveredin shareUnpatchedExchangeNoGeo-IPblockingPCIviolationComputersnotjoined toAD (or AAD)Whitelisteddomains inemail filterNoSPFrecordinappropriateunconstraineddelegation inActiveDirectoryNo MFAon365AdminuntrainedclickersWindowsServer2003/2008>20%phishclick rateroguedeviceDefaultadmincredentialsNobotnetfilterDefaultSNMPWritevalueSMBsigningnotenabledBypassusersin DUOUsersare localadminsIndividualuserpermissionsin sharesunencryptedwebmanagementinterfaceunencryptedbackupsTeamviewer/ VNCVMwithoutautostartLLMNRenabledcriticallyout-of-datefirmwareGuestSSID butno guestisolationNoDKIM /DMARClegacyconfigurationnot removedTelnetNo driveencryptionLMHash onadminEnd userPasswordsthat neverexpireSegmentationwithout ACLsinsecurezonetransferspasswordspreadsheetNIPSdisabled/unconfiguredNobackupfailurealertsWindows7VPN withweakencryptionAdobeFlashWindowsXPNo DMZ(whereappropriate)Applicationwith > 1000vulnerabilitiespasswordcomplexitynotenforcedminpasswordlength < 12characterscpasswordStaleusersolder than1yearcomplianceviolationGPO withinsecuresettingsWinlogoncachedefaultvalueNoredundantISPWirelessPSK olderthan 2yearsunauthenticatedmail relayInsecureshare withPII/PHIDNSloggingnotenabledInappropriteFirewallrules (notRDP)EDRMissingonendpoint"DomainUsers" groupas localadministratorUnlicensedhardwareor softwarePlain textpassworddiscoveredin shareUnpatchedExchangeNoGeo-IPblockingPCIviolationComputersnotjoined toAD (or AAD)Whitelisteddomains inemail filterNoSPFrecordinappropriateunconstraineddelegation inActiveDirectoryNo MFAon365AdminuntrainedclickersWindowsServer2003/2008>20%phishclick rateroguedeviceDefaultadmincredentials

Risk Assessment BINGO - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  1. No botnet filter
  2. Default SNMP Write value
  3. SMB signing not enabled
  4. Bypass users in DUO
  5. Users are local admins
  6. Individual user permissions in shares
  7. unencrypted web management interface
  8. unencrypted backups
  9. Teamviewer / VNC
  10. VM without autostart
  11. LLMNR enabled
  12. critically out-of-date firmware
  13. Guest SSID but no guest isolation
  14. No DKIM / DMARC
  15. legacy configuration not removed
  16. Telnet
  17. No drive encryption
  18. LM Hash on admin
  19. End user Passwords that never expire
  20. Segmentation without ACLs
  21. insecure zone transfers
  22. password spreadsheet
  23. NIPS disabled /unconfigured
  24. No backup failure alerts
  25. Windows 7
  26. VPN with weak encryption
  27. Adobe Flash
  28. Windows XP
  29. No DMZ (where appropriate)
  30. Application with > 1000 vulnerabilities
  31. password complexity not enforced
  32. min password length < 12 characters
  33. cpassword
  34. Stale users older than 1year
  35. compliance violation
  36. GPO with insecure settings
  37. Winlogon cache default value
  38. No redundant ISP
  39. Wireless PSK older than 2 years
  40. unauthenticated mail relay
  41. Insecure share with PII/PHI
  42. DNS logging not enabled
  43. Inapproprite Firewall rules (not RDP)
  44. EDR Missing on endpoint
  45. "Domain Users" group as local administrator
  46. Unlicensed hardware or software
  47. Plain text password discovered in share
  48. Unpatched Exchange
  49. No Geo-IP blocking
  50. PCI violation
  51. Computers not joined to AD (or AAD)
  52. Whitelisted domains in email filter
  53. No SPF record
  54. inappropriate unconstrained delegation in Active Directory
  55. No MFA on 365 Admin
  56. untrained clickers
  57. Windows Server 2003/2008
  58. >20% phish click rate
  59. rogue device
  60. Default admin credentials