Crea il tuo assistente AI con lo Stregatto (open source python framework)
ATT&CK BINGO
1. MITRE ATT&CKcon BINGO Card
Standard
Application
Layer Protocol
SIP and Trust
Provider
Hijacking
Component
Object Model
Hijacking
SID-History
Injection
Peripheral
Device
Discovery
Trusted
Relationship
Execution
through API
Data Transfer
Size Limits
Network
Service
Scanning
Source
Multi-hop
Proxy
Launch Agent Powershell Port Knocking New Service
Redundant
Access
Audio Capture
Password
Filter DLL
Hidden Files
and Directories
Application
Window
Discovery
Software
Packing
Data
Obfuscation
DCShadow
System Time
Discovery
Windows
Remote
Management
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
2. MITRE ATT&CKcon BINGO Card
Indicator
Removal on
Host
Login Item Rundll32
Shortcut
Modification
Local Job
Scheduling
Screen
Capture
Rc.common
Exploitation for
Client
Execution
AppCert DLLs Source
Hardware
Additions
Commonly
Used Port
Powershell
NTFS File
Attributes
Indicator
Removal from
Tools
Web Shell
Permission
Groups
Discovery
Process
Discovery
Drive-by
Compromise
Network
Service
Scanning
Exploitation for
Defense
Evasion
Trusted
Relationship
Standard
Cryptographic
Protocol
Keychain Sudo Caching
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
3. MITRE ATT&CKcon BINGO Card
Bash History
Netsh Helper
DLL
Video Capture
Hardware
Additions
Third-party
Software
Keychain Bootkit AppCert DLLs Sudo Caching Clipboard Data
AppInit DLLs
Security
Software
Discovery
Powershell
Hidden
Window
Trap
Authentication
Package
Component
Firmware
Password
Filter DLL
Image File
Execution
Options
Injection
Windows
Remote
Management
Account
Manipulation
Man in the
Browser
Regsvr32
Communication
Through
Removable
Media
Data from
Local System
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
4. MITRE ATT&CKcon BINGO Card
Windows
Admin Shares
Hidden Files
and Directories
Setuid and
Setgid
Process
Hollowing
Component
Firmware
Data from
Information
Repositories
Data
Compressed
Taint Shared
Content
Man in the
Browser
LSASS Driver
Clear
Command
History
BITS Jobs Powershell Port Monitors
Command-
Line Interface
AppCert DLLs Code Signing
Standard
Application
Layer Protocol
Windows
Management
Instrumentation
Event
Subscription
Dynamic Data
Exchange
Control Panel
Items
Spearphishing
via Service
Rootkit
Application
Deployment
Software
Bootkit
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
5. MITRE ATT&CKcon BINGO Card
Two-Factor
Authentication
Interception
Component
Object Model
Hijacking
Bypass User
Account
Control
Rc.common LSASS Driver
Keychain
Indirect
Command
Execution
Indicator
Removal from
Tools
Windows
Management
Instrumentation
Custom
Command and
Control
Protocol
Kernel
Modules and
Extensions
Port Knocking Powershell
Multi-hop
Proxy
Spearphishing
via Service
Data
Encrypted
Fallback
Channels
Trap
Accessibility
Features
Spearphishing
Attachment
Signed Binary
Proxy
Execution
Indicator
Removal on
Host
Logon Scripts
Permission
Groups
Discovery
Remote
Services
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
6. MITRE ATT&CKcon BINGO Card
Regsvr32
Windows
Remote
Management
New Service
NTFS File
Attributes
Drive-by
Compromise
Scripting
Data from
Information
Repositories
CMSTP
Standard
Cryptographic
Protocol
Trap
Valid Accounts
Multi-hop
Proxy
Powershell
DLL Side-
Loading
Remote
System
Discovery
.bash_profile
and .bashrc
Security
Software
Discovery
Pass the Hash
File System
Permissions
Weakness
Hypervisor
Custom
Command and
Control
Protocol
Automated
Collection
Domain
Fronting
Plist
Modification
Time Providers
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
7. MITRE ATT&CKcon BINGO Card
Launch
Daemon
Bash History
Taint Shared
Content
Windows
Management
Instrumentation
Event
Subscription
Access Token
Manipulation
Securityd
Memory
Video Capture
Create
Account
Data Staged
Commonly
Used Port
Keychain
Trusted
Developer
Utilities
Powershell
Exfiltration
Over Other
Network
Medium
AppInit DLLs
Exploitation of
Remote
Services
Spearphishing
via Service
Spearphishing
Attachment
Masquerading
Graphical User
Interface
Security
Support
Provider
Automated
Exfiltration
System Time
Discovery
Hypervisor
Windows
Management
Instrumentation
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
8. MITRE ATT&CKcon BINGO Card
Bash History
Kernel
Modules and
Extensions
Process
Doppelgänging
Audio Capture Valid Accounts
Taint Shared
Content
Domain
Fronting
Video Capture
Modify
Registry
Signed Binary
Proxy
Execution
Screen
Capture
Network Share
Connection
Removal
Powershell Input Capture Sudo
Third-party
Software
Data from
Information
Repositories
Rundll32
User
Execution
System Time
Discovery
Automated
Exfiltration
Exfiltration
Over Physical
Medium
New Service
Clear
Command
History
Change
Default File
Association
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
9. MITRE ATT&CKcon BINGO Card
Commonly
Used Port
Hooking New Service
Exfiltration
Over
Alternative
Protocol
Netsh Helper
DLL
Exfiltration
Over Physical
Medium
Rc.common
Indicator
Removal from
Tools
Shortcut
Modification
Sudo Caching
Third-party
Software
Registry Run
Keys / Start
Folder
Powershell
SIP and Trust
Provider
Hijacking
Spearphishing
Attachment
Input Capture
Remote
System
Discovery
Remote
Desktop
Protocol
Masquerading
Binary
Padding
Network
Sniffing
Distributed
Component
Object Model
Standard
Cryptographic
Protocol
Signed Binary
Proxy
Execution
File System
Permissions
Weakness
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
10. MITRE ATT&CKcon BINGO Card
Standard Non-
Application
Layer Protocol
Exfiltration
Over Other
Network
Medium
DCShadow InstallUtil Timestomp
File System
Logical Offsets
Service
Execution
Rootkit Port Knocking Mshta
Graphical User
Interface
Extra Window
Memory
Injection
Powershell
Indirect
Command
Execution
Multilayer
Encryption
File Deletion
Remote
Desktop
Protocol
Execution
through
Module Load
Data from
Local System
Data from
Removable
Media
SSH Hijacking
System
Firmware
Valid Accounts
Spearphishing
via Service
Access Token
Manipulation
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
11. MITRE ATT&CKcon BINGO Card
Data Encoding
Exfiltration
Over
Command and
Control
Channel
Password
Policy
Discovery
Scripting
Supply Chain
Compromise
Scheduled
Transfer
Login Item
Network Share
Connection
Removal
Dynamic Data
Exchange
Binary
Padding
Permission
Groups
Discovery
Remote
System
Discovery
Powershell
Application
Window
Discovery
LSASS Driver
System
Information
Discovery
Service
Execution
Gatekeeper
Bypass
System
Network
Configuration
Discovery
SIP and Trust
Provider
Hijacking
Source
Data from
Information
Repositories
Web Shell Rootkit
Control Panel
Items
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
12. MITRE ATT&CKcon BINGO Card
Regsvr32 Kerberoasting
Custom
Command and
Control
Protocol
Automated
Collection
Keychain
Multi-hop
Proxy
Port Knocking
Extra Window
Memory
Injection
NTFS File
Attributes
Sudo
Browser
Extensions
Windows
Management
Instrumentation
Event
Subscription
Powershell Login Item
Trusted
Developer
Utilities
Control Panel
Items
Custom
Cryptographic
Protocol
Process
Hollowing
Rootkit
Execution
through API
System
Service
Discovery
Time Providers
Application
Shimming
User
Execution
Access Token
Manipulation
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
13. MITRE ATT&CKcon BINGO Card
Disabling
Security Tools
Launch Agent
Exfiltration
Over Physical
Medium
Process
Doppelgänging
Peripheral
Device
Discovery
Kernel
Modules and
Extensions
Automated
Collection
Exploit Public-
Facing
Application
Data from
Removable
Media
Indicator
Blocking
Network Share
Discovery
File System
Logical Offsets
Powershell Private Keys
Authentication
Package
Multi-hop
Proxy
Account
Discovery
Domain
Fronting
Signed Script
Proxy
Execution
Software
Packing
Two-Factor
Authentication
Interception
Remote File
Copy
File Deletion
Component
Firmware
Dynamic Data
Exchange
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
14. MITRE ATT&CKcon BINGO Card
Taint Shared
Content
Scheduled
Transfer
Spearphishing
via Service
Source
User
Execution
Install Root
Certificate
Data from
Information
Repositories
External
Remote
Services
Standard
Cryptographic
Protocol
Control Panel
Items
Exploitation for
Defense
Evasion
Winlogon
Helper DLL
Powershell
Multi-Stage
Channels
Supply Chain
Compromise
Launch Agent
Exploitation for
Client
Execution
Security
Support
Provider
Hardware
Additions
Data from
Network
Shared Drive
Exfiltration
Over
Command and
Control
Channel
Sudo InstallUtil
Forced
Authentication
Netsh Helper
DLL
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
15. MITRE ATT&CKcon BINGO Card
Network
Sniffing
Standard
Cryptographic
Protocol
Multi-Stage
Channels
Security
Support
Provider
Time Providers
Valid Accounts
Office
Application
Startup
New Service
Forced
Authentication
Control Panel
Items
Kerberoasting Bootkit Powershell
Credentials in
Registry
System
Network
Connections
Discovery
User
Execution
Brute Force Launch Agent
Exfiltration
Over Physical
Medium
Code Signing
SIP and Trust
Provider
Hijacking
Application
Deployment
Software
Source Pass the Hash CMSTP
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
16. MITRE ATT&CKcon BINGO Card
Exploitation for
Credential
Access
Process
Hollowing
Indirect
Command
Execution
Spearphishing
via Service
Network Share
Connection
Removal
Process
Doppelgänging
Brute Force Web Shell
Disabling
Security Tools
Pass the Hash
Security
Software
Discovery
Fallback
Channels
Powershell Bootkit
Install Root
Certificate
Network Share
Discovery
Application
Deployment
Software
Peripheral
Device
Discovery
Data Encoding CMSTP
Query Registry
Data from
Removable
Media
Netsh Helper
DLL
Process
Injection
Exfiltration
Over
Alternative
Protocol
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
17. MITRE ATT&CKcon BINGO Card
Access Token
Manipulation
Time Providers
Bypass User
Account
Control
Data
Encrypted
Sudo
Valid Accounts AppInit DLLs
Indirect
Command
Execution
DCShadow Launchctl
Hidden Users Kerberoasting Powershell Keychain
SIP and Trust
Provider
Hijacking
Brute Force
Data from
Network
Shared Drive
Source Query Registry
Gatekeeper
Bypass
Forced
Authentication
Securityd
Memory
SID-History
Injection
Uncommonly
Used Port
Regsvr32
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
18. MITRE ATT&CKcon BINGO Card
Data Encoding
Launch
Daemon
Remote
Desktop
Protocol
Trap
System
Owner/User
Discovery
Standard
Application
Layer Protocol
Exploit Public-
Facing
Application
Indicator
Removal on
Host
Web Service DCShadow
File and
Directory
Discovery
Standard
Cryptographic
Protocol
Powershell Audio Capture
Windows
Management
Instrumentation
Event
Subscription
Sudo
Dynamic Data
Exchange
Windows
Remote
Management
Process
Discovery
Launch Agent
Multi-Stage
Channels
Network
Sniffing
System Time
Discovery
Remote
Access Tools
Hypervisor
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
19. MITRE ATT&CKcon BINGO Card
Multilayer
Encryption
Application
Deployment
Software
Service
Execution
SID-History
Injection
Credential
Dumping
Process
Hollowing
Private Keys Audio Capture
Extra Window
Memory
Injection
Data from
Network
Shared Drive
Component
Firmware
Trusted
Developer
Utilities
Powershell Sudo Caching Web Service
.bash_profile
and .bashrc
Plist
Modification
Rootkit Mshta
System
Firmware
Uncommonly
Used Port
DCShadow
Drive-by
Compromise
Execution
through
Module Load
Two-Factor
Authentication
Interception
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
20. MITRE ATT&CKcon BINGO Card
Service
Execution
DLL Side-
Loading
Data from
Removable
Media
New Service
Install Root
Certificate
Mshta
Remote
Access Tools
Pass the
Ticket
Exfiltration
Over Physical
Medium
Graphical User
Interface
AppCert DLLs Port Knocking Powershell
Exfiltration
Over
Alternative
Protocol
Data
Encrypted
Custom
Cryptographic
Protocol
Winlogon
Helper DLL
Exfiltration
Over Other
Network
Medium
Uncommonly
Used Port
Network Share
Discovery
Process
Discovery
Replication
Through
Removable
Media
AppInit DLLs
Credentials in
Registry
Process
Doppelgänging
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
21. MITRE ATT&CKcon BINGO Card
Mshta
Application
Shimming
System
Owner/User
Discovery
Data from
Removable
Media
Exfiltration
Over Other
Network
Medium
Exploitation for
Client
Execution
DLL Side-
Loading
Dylib Hijacking
Component
Firmware
Email
Collection
Control Panel
Items
Network
Sniffing
Powershell
Commonly
Used Port
Modify
Registry
Remote
Desktop
Protocol
Man in the
Browser
Hidden
Window
Clipboard Data Kerberoasting
Account
Discovery
Launch
Daemon
Rundll32 Rootkit Login Item
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
22. MITRE ATT&CKcon BINGO Card
Input Capture Port Knocking SSH Hijacking Kerberoasting
Windows
Admin Shares
Distributed
Component
Object Model
Hidden Users Source
Software
Packing
Obfuscated
Files or
Information
Account
Manipulation
Launch Agent Powershell Data Encoding
Network
Service
Scanning
Shortcut
Modification
Communication
Through
Removable
Media
External
Remote
Services
Security
Software
Discovery
Data
Compressed
Keychain Time Providers Sudo Caching
Windows
Remote
Management
DCShadow
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
23. MITRE ATT&CKcon BINGO Card
System
Network
Connections
Discovery
Change
Default File
Association
Exploitation for
Privilege
Escalation
Brute Force
Data from
Removable
Media
Winlogon
Helper DLL
Remote
System
Discovery
Uncommonly
Used Port
Office
Application
Startup
AppCert DLLs
Exploitation for
Credential
Access
Data from
Information
Repositories
Powershell
Install Root
Certificate
Scheduled
Transfer
Multilayer
Encryption
Multiband
Communication
Login Item Launch Agent
Network
Sniffing
Create
Account
AppleScript
Standard
Cryptographic
Protocol
Valid Accounts Time Providers
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
24. MITRE ATT&CKcon BINGO Card
Domain
Fronting
Query Registry
Application
Window
Discovery
Account
Discovery
Supply Chain
Compromise
Fallback
Channels
Data Staged
Credentials in
Files
Data Transfer
Size Limits
System
Owner/User
Discovery
Obfuscated
Files or
Information
Launch
Daemon
Powershell
Accessibility
Features
Automated
Exfiltration
AppCert DLLs
Uncommonly
Used Port
Trusted
Developer
Utilities
Signed Script
Proxy
Execution
Network
Sniffing
Launchctl
Extra Window
Memory
Injection
Exploitation for
Credential
Access
Clipboard Data
Multiband
Communication
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
25. MITRE ATT&CKcon BINGO Card
Process
Discovery
Hidden Files
and Directories
Signed Script
Proxy
Execution
File Deletion
Netsh Helper
DLL
Input Capture Startup Items Source
DLL Search
Order
Hijacking
Re-opened
Applications
Standard
Application
Layer Protocol
Redundant
Access
Powershell
Local Job
Scheduling
CMSTP
Process
Injection
Process
Doppelgänging
Screensaver
Custom
Command and
Control
Protocol
Taint Shared
Content
Clear
Command
History
Modify
Registry
Shared
Webroot
Video Capture Bootkit
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
26. MITRE ATT&CKcon BINGO Card
Browser
Bookmark
Discovery
AppleScript Startup Items
Network
Service
Scanning
Password
Filter DLL
Securityd
Memory
Source Mshta
User
Execution
Redundant
Access
Indicator
Removal on
Host
Process
Discovery
Powershell
Indicator
Removal from
Tools
Rootkit
Dynamic Data
Exchange
Spearphishing
Link
Multiband
Communication
Security
Software
Discovery
Port Monitors
Exploit Public-
Facing
Application
Re-opened
Applications
Change
Default File
Association
System Time
Discovery
DLL Side-
Loading
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.