No DMZ(whereappropriate)NobackupfailurealertsVMwithoutautostartGPO withinsecuresettingsuntrainedclickersroguedeviceTeamviewer/ VNCUnlicensedhardwareor softwareLMHash onadminWirelessPSK olderthan 2yearscpassword>20%phishclick rateInsecureshare withPII/PHIWindowsServer2003/2008insecurezonetransfersApplicationwith > 1000vulnerabilitiesSMBsigningnotenabledWhitelisteddomains inemail filterNoSPFrecordunencryptedwebmanagementinterfaceminpasswordlength < 12charactersWindows7Usersare localadminsBypassusersin DUONoGeo-IPblockingNIPSdisabled/unconfiguredNobotnetfiltercriticallyout-of-datefirmwareSegmentationwithout ACLsGuestSSID butno guestisolationNo MFAon365AdminInappropriteFirewallrules (notRDP)passwordspreadsheetpasswordcomplexitynotenforcedDefaultadmincredentialsAdobeFlashNoDKIM /DMARCcomplianceviolationinappropriateunconstraineddelegation inActiveDirectoryWindowsXPDNSloggingnotenabledStaleusersolder than1yearNo driveencryptionTelnetDefaultSNMPWritevalue"DomainUsers" groupas localadministratorlegacyconfigurationnot removedunauthenticatedmail relayunencryptedbackupsNoredundantISPLLMNRenabledWinlogoncachedefaultvalueEDRMissingonendpointUnpatchedExchangeIndividualuserpermissionsin sharesComputersnotjoined toAD (or AAD)VPN withweakencryptionEnd userPasswordsthat neverexpirePlain textpassworddiscoveredin sharePCIviolationNo DMZ(whereappropriate)NobackupfailurealertsVMwithoutautostartGPO withinsecuresettingsuntrainedclickersroguedeviceTeamviewer/ VNCUnlicensedhardwareor softwareLMHash onadminWirelessPSK olderthan 2yearscpassword>20%phishclick rateInsecureshare withPII/PHIWindowsServer2003/2008insecurezonetransfersApplicationwith > 1000vulnerabilitiesSMBsigningnotenabledWhitelisteddomains inemail filterNoSPFrecordunencryptedwebmanagementinterfaceminpasswordlength < 12charactersWindows7Usersare localadminsBypassusersin DUONoGeo-IPblockingNIPSdisabled/unconfiguredNobotnetfiltercriticallyout-of-datefirmwareSegmentationwithout ACLsGuestSSID butno guestisolationNo MFAon365AdminInappropriteFirewallrules (notRDP)passwordspreadsheetpasswordcomplexitynotenforcedDefaultadmincredentialsAdobeFlashNoDKIM /DMARCcomplianceviolationinappropriateunconstraineddelegation inActiveDirectoryWindowsXPDNSloggingnotenabledStaleusersolder than1yearNo driveencryptionTelnetDefaultSNMPWritevalue"DomainUsers" groupas localadministratorlegacyconfigurationnot removedunauthenticatedmail relayunencryptedbackupsNoredundantISPLLMNRenabledWinlogoncachedefaultvalueEDRMissingonendpointUnpatchedExchangeIndividualuserpermissionsin sharesComputersnotjoined toAD (or AAD)VPN withweakencryptionEnd userPasswordsthat neverexpirePlain textpassworddiscoveredin sharePCIviolation

Risk Assessment BINGO - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  1. No DMZ (where appropriate)
  2. No backup failure alerts
  3. VM without autostart
  4. GPO with insecure settings
  5. untrained clickers
  6. rogue device
  7. Teamviewer / VNC
  8. Unlicensed hardware or software
  9. LM Hash on admin
  10. Wireless PSK older than 2 years
  11. cpassword
  12. >20% phish click rate
  13. Insecure share with PII/PHI
  14. Windows Server 2003/2008
  15. insecure zone transfers
  16. Application with > 1000 vulnerabilities
  17. SMB signing not enabled
  18. Whitelisted domains in email filter
  19. No SPF record
  20. unencrypted web management interface
  21. min password length < 12 characters
  22. Windows 7
  23. Users are local admins
  24. Bypass users in DUO
  25. No Geo-IP blocking
  26. NIPS disabled /unconfigured
  27. No botnet filter
  28. critically out-of-date firmware
  29. Segmentation without ACLs
  30. Guest SSID but no guest isolation
  31. No MFA on 365 Admin
  32. Inapproprite Firewall rules (not RDP)
  33. password spreadsheet
  34. password complexity not enforced
  35. Default admin credentials
  36. Adobe Flash
  37. No DKIM / DMARC
  38. compliance violation
  39. inappropriate unconstrained delegation in Active Directory
  40. Windows XP
  41. DNS logging not enabled
  42. Stale users older than 1year
  43. No drive encryption
  44. Telnet
  45. Default SNMP Write value
  46. "Domain Users" group as local administrator
  47. legacy configuration not removed
  48. unauthenticated mail relay
  49. unencrypted backups
  50. No redundant ISP
  51. LLMNR enabled
  52. Winlogon cache default value
  53. EDR Missing on endpoint
  54. Unpatched Exchange
  55. Individual user permissions in shares
  56. Computers not joined to AD (or AAD)
  57. VPN with weak encryption
  58. End user Passwords that never expire
  59. Plain text password discovered in share
  60. PCI violation