Segmentationwithout ACLsunencryptedbackupsNo DMZ(whereappropriate)Insecureshare withPII/PHIcomplianceviolationunauthenticatedmail relayuntrainedclickersWhitelisteddomains inemail filterroguedeviceVMwithoutautostartNoredundantISPTelnetStaleusersolder than1yearWindowsServer2003/2008No driveencryptionlegacyconfigurationnot removedLLMNRenabledpasswordspreadsheetunencryptedwebmanagementinterfacePlain textpassworddiscoveredin shareGuestSSID butno guestisolationBypassusersin DUOGPO withinsecuresettingsPCIviolationEDRMissingonendpointinsecurezonetransfersNo MFAon365AdminEnd userPasswordsthat neverexpireTeamviewer/ VNCNobackupfailurealertsIndividualuserpermissionsin sharesWindows7NoGeo-IPblockingNobotnetfilterUnlicensedhardwareor softwareinappropriateunconstraineddelegation inActiveDirectory"DomainUsers" groupas localadministratorSMBsigningnotenabledcpasswordDNSloggingnotenabledNIPSdisabled/unconfiguredInappropriteFirewallrules (notRDP)WinlogoncachedefaultvalueNoSPFrecordUnpatchedExchangeDefaultSNMPWritevalueUsersare localadminsWirelessPSK olderthan 2yearsminpasswordlength < 12charactersWindowsXPDefaultadmincredentialsApplicationwith > 1000vulnerabilitiespasswordcomplexitynotenforcedcriticallyout-of-datefirmware>20%phishclick rateVPN withweakencryptionNoDKIM /DMARCLMHash onadminComputersnotjoined toAD (or AAD)AdobeFlashSegmentationwithout ACLsunencryptedbackupsNo DMZ(whereappropriate)Insecureshare withPII/PHIcomplianceviolationunauthenticatedmail relayuntrainedclickersWhitelisteddomains inemail filterroguedeviceVMwithoutautostartNoredundantISPTelnetStaleusersolder than1yearWindowsServer2003/2008No driveencryptionlegacyconfigurationnot removedLLMNRenabledpasswordspreadsheetunencryptedwebmanagementinterfacePlain textpassworddiscoveredin shareGuestSSID butno guestisolationBypassusersin DUOGPO withinsecuresettingsPCIviolationEDRMissingonendpointinsecurezonetransfersNo MFAon365AdminEnd userPasswordsthat neverexpireTeamviewer/ VNCNobackupfailurealertsIndividualuserpermissionsin sharesWindows7NoGeo-IPblockingNobotnetfilterUnlicensedhardwareor softwareinappropriateunconstraineddelegation inActiveDirectory"DomainUsers" groupas localadministratorSMBsigningnotenabledcpasswordDNSloggingnotenabledNIPSdisabled/unconfiguredInappropriteFirewallrules (notRDP)WinlogoncachedefaultvalueNoSPFrecordUnpatchedExchangeDefaultSNMPWritevalueUsersare localadminsWirelessPSK olderthan 2yearsminpasswordlength < 12charactersWindowsXPDefaultadmincredentialsApplicationwith > 1000vulnerabilitiespasswordcomplexitynotenforcedcriticallyout-of-datefirmware>20%phishclick rateVPN withweakencryptionNoDKIM /DMARCLMHash onadminComputersnotjoined toAD (or AAD)AdobeFlash

Risk Assessment BINGO - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  1. Segmentation without ACLs
  2. unencrypted backups
  3. No DMZ (where appropriate)
  4. Insecure share with PII/PHI
  5. compliance violation
  6. unauthenticated mail relay
  7. untrained clickers
  8. Whitelisted domains in email filter
  9. rogue device
  10. VM without autostart
  11. No redundant ISP
  12. Telnet
  13. Stale users older than 1year
  14. Windows Server 2003/2008
  15. No drive encryption
  16. legacy configuration not removed
  17. LLMNR enabled
  18. password spreadsheet
  19. unencrypted web management interface
  20. Plain text password discovered in share
  21. Guest SSID but no guest isolation
  22. Bypass users in DUO
  23. GPO with insecure settings
  24. PCI violation
  25. EDR Missing on endpoint
  26. insecure zone transfers
  27. No MFA on 365 Admin
  28. End user Passwords that never expire
  29. Teamviewer / VNC
  30. No backup failure alerts
  31. Individual user permissions in shares
  32. Windows 7
  33. No Geo-IP blocking
  34. No botnet filter
  35. Unlicensed hardware or software
  36. inappropriate unconstrained delegation in Active Directory
  37. "Domain Users" group as local administrator
  38. SMB signing not enabled
  39. cpassword
  40. DNS logging not enabled
  41. NIPS disabled /unconfigured
  42. Inapproprite Firewall rules (not RDP)
  43. Winlogon cache default value
  44. No SPF record
  45. Unpatched Exchange
  46. Default SNMP Write value
  47. Users are local admins
  48. Wireless PSK older than 2 years
  49. min password length < 12 characters
  50. Windows XP
  51. Default admin credentials
  52. Application with > 1000 vulnerabilities
  53. password complexity not enforced
  54. critically out-of-date firmware
  55. >20% phish click rate
  56. VPN with weak encryption
  57. No DKIM / DMARC
  58. LM Hash on admin
  59. Computers not joined to AD (or AAD)
  60. Adobe Flash