###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/5/12 ~ 2025/5/16 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet 發布多個產品的安全公告 https://www.fortiguard.com/psirt/FG-IR-25-254 https://nvd.nist.gov/vuln/detail/CVE-2025-32756 Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems https://thehackernews.com/2025/05/fortinet-patches-cve-2025-32756-zero.html Fortinet針對防火牆、網頁安全閘道、網路設備管理系統發布更新，修補重大層級TACACS+身分驗證繞過漏洞 https://securityonline.info/fortinet-patches-critical-tacacs-authentication-bypass-cve-2025-22252-in-fortios-and-fortiproxy/ Fortinet修補已遭利用的企業電話系統FortiVoice零時差漏洞 https://www.ithome.com.tw/news/168952 針對雲端WAF爆出過濾機制被繞過的資安弱點，Radware表示已於兩年前完成修補 https://www.ithome.com.tw/news/168924 Radware雲端WAF存在弱點，攻擊者可利用特製請求繞過過濾機制 https://securityonline.info/radware-cloud-waf-vulnerable-to-filter-bypass-via-crafted-requests/ 思科修補JWT寫死的令牌漏洞，防止IOS XE控制器被遠端操控 https://www.ithome.com.tw/news/168873 Cisco IOS XE 無線控制器軟體任意檔案上傳漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC https://www.ithome.com.tw/news/168873 Cisco Adaptive Security Appliance (ASA) Software https://nvd.nist.gov/vuln/detail/CVE-2025-20182 Cisco Catalyst SD-WAN Manager https://nvd.nist.gov/vuln/detail/CVE-2025-20122 Cisco Digital Network Architecture Center (DNA Center) https://nvd.nist.gov/vuln/detail/CVE-2025-20210 Cisco IOS XE Software https://nvd.nist.gov/vuln/detail/CVE-2025-20188 https://nvd.nist.gov/vuln/detail/CVE-2025-20162 https://nvd.nist.gov/vuln/detail/CVE-2025-20186 https://nvd.nist.gov/vuln/detail/CVE-2025-20140 https://nvd.nist.gov/vuln/detail/CVE-2025-20189 https://nvd.nist.gov/vuln/detail/CVE-2025-20192 https://nvd.nist.gov/vuln/detail/CVE-2025-20154 https://nvd.nist.gov/vuln/detail/CVE-2025-20191 F5 BIG-IP https://nvd.nist.gov/vuln/detail/CVE-2025-31644 https://nvd.nist.gov/vuln/detail/CVE-2025-35995 https://nvd.nist.gov/vuln/detail/CVE-2025-36504 https://nvd.nist.gov/vuln/detail/CVE-2025-36557 https://nvd.nist.gov/vuln/detail/CVE-2025-41399 https://nvd.nist.gov/vuln/detail/CVE-2025-41414 https://nvd.nist.gov/vuln/detail/CVE-2025-41431 https://nvd.nist.gov/vuln/detail/CVE-2025-41433 F5 F5OS - Appliance https://nvd.nist.gov/vuln/detail/CVE-2025-36546 https://nvd.nist.gov/vuln/detail/CVE-2025-46265 微軟發佈5月份安全性公告 https://msrc.microsoft.com/update-guide/releaseNote/2025-May https://www.ithome.com.tw/news/168932 https://www.cisa.gov/news-events/alerts/2025/05/13/cisa-adds-five-known-exploited-vulnerabilities-catalog 微軟發布5月例行更新，修補5項已被用於攻擊的零時差漏洞 https://www.ithome.com.tw/news/168932 微軟修補Azure DevOps滿分重大漏洞，攻擊者恐挾持Token存取特定專案 https://www.ithome.com.tw/news/168905 微軟修補Azure DevOps滿分重大漏洞，攻擊者恐挾持Token https://securityonline.info/microsoft-patches-four-critical-azure-and-power-apps-vulnerabilities-including-cvss-10-privilege-escalation/ Windows部署服務曝DoS漏洞，有機會被用於遠端發動零點擊攻擊 https://www.ithome.com.tw/news/168885 Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7233394 華碩 DriverHub 驚爆遠端程式碼執行漏洞 攻擊者可透過惡意網站一鍵入侵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11886 華碩主機板存在遠端程式碼執行漏洞 https://www.ithome.com.tw/news/168906 ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html Ivanti修補兩個已遭利用零時差漏洞，問題出在EPMM採用的開源程式庫 https://www.ithome.com.tw/news/168936 Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks https://thehackernews.com/2025/05/ivanti-patches-epmm-vulnerabilities.html China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html Google發布Chrome 136緊急更新，修補已遭利用的零時差漏洞 https://www.ithome.com.tw/news/168977 New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html Intel、AMD、Arm發布5月例行更新，緩解可被用於發動Spectre-BTI攻擊的弱點 https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-arm-respond-to-new-cpu-attacks/ Adobe發布5月更新，呼籲IT人員優先處理ColdFusion資安漏洞 https://www.ithome.com.tw/news/168958 Mitel網路電話存在重大漏洞，恐被用於命令注入攻擊 https://www.ithome.com.tw/news/168908 2.銀行/金融/保險/證券/金融監理 新聞及資安 New Finance Scam Discovered Abusing Niche X/Twitter Advertising Loophole https://www.silentpush.com/blog/x-twitter-ad-scam 逾40個日本金融服務遭網釣套件鎖定，中國駭客發起Oriental Gudgeon攻擊行動 https://securityonline.info/oriental-gudgeon-sophisticated-phishing-campaign-targets-japanese-companies/ 合庫人壽獲F-ISAC情資分享與ISO資訊安全雙肯定 https://money.udn.com/money/story/5636/8741571 富邦人壽榮獲金管會頒發F-ISAC特優殊榮 展現資安治理實力 https://www.storm.mg/articles/1031331 永豐金證券資安長趙長宏 談情資分享「聯防降風險」獲獎 https://udn.com/news/story/7239/8713298 全國農業金庫母子公司推動資安有成 同獲情資分享特優機構殊榮 https://www.bo6s.com.tw/news_detail.php?NewsID=96358 台新銀行完成多雲災備POC，靠演練驗證應用上雲能力並培養IT團隊實作技能 https://www.ithome.com.tw/news/168964 異常帳戶別想跑！士檢與國泰銀行設預警平台　24hrs緊盯金流 https://www.ettoday.net/news/20250515/2961225.htm 台新銀行攜手臺灣高等檢察署簽署防詐合作備忘錄 https://today.line.me/tw/v2/article/LX3gZYn 3.信用卡/電子支付/行動支付/pay/支付系統/資安 凌晨睡覺信用卡遭盜刷20萬元！APP「卡片安全鎖」是防護關鍵 https://reurl.cc/M3GqNm 系統當機無法行動支付…多客人沒點餐就離開 店員嘆：好像變窮鬼 https://udn.com/news/story/120912/8741734 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data https://thehackernews.com/2025/05/germany-shuts-down-exch-over-19b.html Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html 美國加密貨幣交易平臺Coinbase部分客戶資料外洩，疑內賊所為 https://www.ithome.com.tw/news/168972 與中國有關聯公司宣布將大舉買入「川普幣」 https://cn.nytimes.com/usa/20250514/trump-crypto-purchase/zh-hant/ 三重商工開發金融科技區塊鏈與加密貨幣課程 https://reurl.cc/Z4zp1V 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意程式載入工具TransferLoader被用於散布勒索軟體 https://www.zscaler.com/blogs/security-research/technical-analysis-transferloader 學生參與平臺iClicker遭入侵，駭客試圖對師生散布惡意軟體 https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/ 惡意軟體Noodlophile佯裝AI工具散布，透過臉書鎖定逾6萬用戶 https://thehackernews.com/2025/05/fake-ai-tools-used-to-spread.html SEO中毒攻擊鎖定Azure管理員而來，意圖左右HPC及AI工作負載 https://hackread.com/seo-poisoning-campaign-hit-it-admins-with-malware/ 殭屍網路HTTPBot鎖定Windows裝置而來，綁架玩家電腦從事DDoS攻擊 https://nsfocusglobal.com/high-risk-warning-for-windows-ecosystem-new-botnet-family-httpbot-is-expanding/ 竊資軟體DarkCloud透過RAR壓縮檔散布，濫用AutoIT指令碼從事攻擊 https://unit42.paloaltonetworks.com/darkcloud-stealer-and-obfuscated-autoit-scripting/ IIS惡意軟體攻擊韓國網頁伺服器，疑中國駭客所為 https://securityonline.info/sophisticated-iis-malware-targets-south-korean-web-servers/ Inside the DPRK: Spotting Malicious Remote IT Applicants https://www.dtexsystems.com/resources/i3-threat-advisory-inside-the-dprk/ Threat Brief: CVE-2025-31324 https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/ Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures https://thehackernews.com/2025/05/fake-ai-tools-used-to-spread.html Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency https://thehackernews.com/2025/05/moldovan-police-arrest-suspect-in-45m.html Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers https://thehackernews.com/2025/05/turkiye-hackers-exploited-output.html 5 BCDR Essentials for Effective Ransomware Defense https://thehackernews.com/2025/05/top-5-bcdr-capabilities-for-ransomware-defense.html Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks https://thehackernews.com/2025/05/fileless-remcos-rat-delivered-via-lnk.html NPM套件rand-user-agent遭供應鏈攻擊，植入木馬遠端監控用戶系統 https://www.ithome.com.tw/news/168884 惡意NPM套件鎖定IDE工具Cursor用戶，在macOS平臺植入後門 https://securityonline.info/backdoor-by-design-malicious-npm-packages-hijack-cursor-ide-on-macos/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Bluetooth 6.1 正式發布，強化隱私保護與省電能力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11887 蘋果針對行動裝置、電腦、穿戴裝置、Apple TV發布更新 https://www.securityweek.com/apple-patches-major-security-flaws-in-ios-macos-platforms/ 快檢查！65款App違法蒐集個資 愛奇藝、愛剪輯平台全被點名 https://news.pchome.com.tw/science/enews/20250514/index-74721450433550339005.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 歐盟漏洞資料庫專案EUVD正式登場 https://www.ithome.com.tw/news/168951 遠雄發生系統異常的資安事故，出現郵件發送給外部無關人員的狀況 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=182159&SPOKE_DATE=20250512&COMPANY_ID=5522 接連攻擊英國零售業者的Scattered Spider轉移目標，恐將對美國企業下手 https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/ 土耳其駭客鎖定伊拉克軍隊，利用Output Messenger零時差漏洞發動攻擊 https://securityonline.info/turkiye-linked-hackers-exploit-output-messenger-zero-day-cve-2025-27920-in-espionage-campaign/ 英國發布軟體安全實務守則，重塑軟體開發標準 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11888 中國駭客、勒索軟體駭客加入利用SAP NetWeaver滿分漏洞的行列 https://www.ithome.com.tw/news/168966 中國駭客鎖定SAP NetWeaver滿分漏洞，企圖部署後門SuperShell https://www.ithome.com.tw/news/168892 近期NetWeaver遭利用零時差漏洞不只一個，SAP月度安全更新再修補另一個 https://www.ithome.com.tw/news/168935 China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures Disruption of Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan https://www.trendmicro.com/en_us/research/25/e/earth-ammit.html New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms https://www.morphisec.com/blog/new-noodlophile-stealer-fake-ai-video-generation-platforms/ Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns https://thehackernews.com/2025/05/earth-ammit-breached-drone-supply.html North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress https://thehackernews.com/2025/05/north-korean-konni-apt-targets-ukraine.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 8,900萬Steam用戶帳號資料疑外洩，母公司否認系統遭駭 https://www.ithome.com.tw/news/168950 北韓駭客APT37偽冒國安論壇邀請信從事網釣，執行RoKRAT間諜攻擊 https://www.ithome.com.tw/news/168917 時尚品牌迪奧傳出中國分公司資料外洩，向客戶發送簡訊通知此事 https://securityonline.info/dior-china-discloses-customer-data-breach-after-unauthorized-access/ Blob URI遭到濫用，駭客用於向受害者顯示冒牌登入網頁 https://hackread.com/phishing-attack-blob-uri-fake-login-pages-browser/ Google將自動把桌機、手機用戶密碼升級為通行密鑰 https://www.ithome.com.tw/news/168879 勒索軟體LockBit傳出遭駭，內部資料外流 https://www.ithome.com.tw/news/168886 教育內容出版商Pearson遭網攻外洩客戶資料、程式原始碼 https://www.ithome.com.tw/news/168860 微軟逐步終止Authenticator儲存密碼功能，將以Edge內建功能為主 https://www.ithome.com.tw/news/168758 APT28利用郵件系統漏洞從事網路間諜活動，鎖定政府機關竊取重要資料 https://www.ithome.com.tw/news/168993 Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html 駭客試圖對Linux用戶發動ClickFix網釣攻擊 https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/ 俄羅斯駭客ColdRiver從事ClickFix網釣，意圖散布惡意軟體Lostkeys https://securityonline.info/google-uncovers-lostkeys-malware-used-by-russian-coldriver-for-cyber-espionage/ OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities https://thehackernews.com/2025/05/ottercookie-v4-adds-vm-detection-and.html Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials https://thehackernews.com/2025/05/initial-access-brokers-target-brazil.html Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails https://thehackernews.com/2025/05/horabot-malware-targets-6-latin.html E.研究報告/工具 The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That https://thehackernews.com/2025/05/the-persistence-problem-why-exposed.html Deepfake Defense in the Age of AI https://thehackernews.com/2025/05/deepfake-defense-in-age-of-ai.html The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That https://thehackernews.com/2025/05/the-persistence-problem-why-exposed.html Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team https://thehackernews.com/2025/05/learning-how-to-hack-why-offensive.html Pen Testing for Compliance Only? It's Time to Change Your Approach https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html Top 10 Best Practices for Effective Data Protection https://thehackernews.com/2025/05/top-10-best-practices-for-effective.html Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks https://thehackernews.com/2025/05/researchers-expose-new-intel-cpu-flaws.html F.商業 HPE擴展零信任網路與私有雲營運解決方案，重新定義雲端安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11882 Akamai推Firewall for AI為企業AI應用建立全方位資安防線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11880 Palo Alto Networks推Prisma AIRS 專為保護整個AI生態系統而設計 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11878 為防止敏感資訊外流，微軟替Teams加入新功能，防止視訊畫面遭擷圖 https://www.ithome.com.tw/news/168880 為避免用戶遭到詐騙，Google在Chrome及搜尋中導入AI https://www.ithome.com.tw/news/168858 Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business https://thehackernews.com/2025/05/deploying-ai-agents-learn-to-secure.html Eliminating Public IPs: The Case for Zero Trust https://thehackernews.com/expert-insights/2025/05/eliminating-public-ips-case-for-zero.html Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html Pen Testing for Compliance Only? It's Time to Change Your Approach https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html G.政府 第七期國家資通安全發展方案出爐！政府攜手產業建構數位信賴社會 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11885 AI 數位發展快速變化 蕭美琴：機會大於迷惘 https://udn.com/news/story/7240/8742807 審計部：縣市政府餘38系統未導入核心資通系統 https://www.epochtimes.com/b5/25/5/9/n14503153.htm 資安院擬建全國資安人才需求平台3策略縮小人才缺口 https://www.cna.com.tw/news/ait/202505100029.aspx 資安院培訓課程導入桌上演練 強化實戰應變 https://reurl.cc/7KW5p9 資安院擬建全國資安人才需求平台 一站式掌握現況 https://reurl.cc/dQv6W2 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 中國駭客Earth Ammit持續攻擊臺灣無人機製造商，去年之前還有另一波更隱密的攻擊行動 https://www.ithome.com.tw/news/168944 BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html 三星修補顯示器內容管理系統MagicINFO重大漏洞，攻擊者有機會寫入系統層級檔案 https://securityonline.info/critical-cve-2025-4632-flaw-in-samsung-magicinfo-puts-global-signage-networks-at-risk/ Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html 西門子修補OZW網頁伺服器滿分命令注入漏洞，若不處理攻擊者恐藉此得到root權限 https://securityonline.info/cvss-10-0-flaws-in-siemens-ozw-web-servers-enable-unauthenticated-rce-and-admin-access/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Digital Rogue Meetup #08 2025/5/19 https://www.meetup.com/taiwan-digital-rogue/events/307397895/ 智慧 ITSM 時代！Jira ITSM 自動化 2025/5/21 https://www.meetup.com/taipei-atlassian-community-events/events/307355629/ 數位資產與企業創新 2025/5/22 https://www.accupass.com/event/2504100336192273049230 前輩領航計畫｜破解中小企業轉型困境 2025/5/22 https://www.accupass.com/event/2504110857316439952740 How to Build AI Skills For Your Career 2025/5/22 https://www.meetup.com/techtalks-ph-manila/events/307352456/ Taipei dbt Meetup #37 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2025/5/23 https://www.meetup.com/taipei-dbt-meetup/events/307317858/ The No Hype Guide to Online Business Success 2025/5/23 https://www.meetup.com/internet-entrepreneurs-network-thailand/events/307318369/ 臺灣的下一步-國安青年論壇 2025/5/24 https://www.accupass.com/event/2504200843571170341738 【財訊資安論壇】AI時代的資安新解方 2025/5/26 https://www.accupass.com/event/2504150825081036102809 Elastic 資安 AI 實戰 — 攻擊偵測 & 威脅狩獵全攻略 2025/5/28 https://www.accupass.com/event/2504110633451794495661 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160