資安事件新聞週報 2024/1/1 ~ 2024/1/5

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/1/1 ~ 2024/1/5 1.重大弱點漏洞/後門/Exploit/Zero Day CVE-2017-11882 To Deliver Agent Tesla https://www.zscaler.com/blogs/security-research/threat-actors-exploit-cve-2017-11882-deliver-agent-tesla Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html WordPress 近日發布更新以解決遠端程式碼執行 (RCE) 安全性弱點 https://www.bleepingcomputer.com/news/security/50k-wordpress-sites-exposed-to-rce-attacks-by-critical-bug-in-backup-plugin/ Google發布2024年首波Chrome更新，修補4個高風險漏洞 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html 2.銀行/金融/保險/證券/金融監理新聞及資安台灣大獲准與富邦產險試辦「創新型保險」 https://www.idn.com.tw/news/news_content.aspx?catid=3&catsid=1&catdid=0&artid=20240102zz0958001 期貨公會：樂見總統候選人支持金融產業發展 https://www.cna.com.tw/news/afe/202401020236.aspx 遠傳退出開放銀行第二階段金管會：尊重業者意願 https://today.line.me/tw/v2/article/605mp91 3.信用卡/電子支付/行動支付/pay/支付系統/資安專攻「VISA做不到的事」！台日跨境支付關鍵隊友，如何靠無痛掃碼創造3贏 https://reurl.cc/qr5X5p 即日起開放電子支付帳戶得為證券商交割約定帳戶 https://wantrich.chinatimes.com/news/20240105900931-420101 Apple pay災情！狂跳「信用卡將到期」無法付款 https://reurl.cc/37omYO 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks https://thehackernews.com/2023/12/beware-scam-as-service-aiding.html Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners https://thehackernews.com/2024/01/beware-3-malicious-pypi-packages-found.html 資安業者Mandiant的X帳號被盜，駭客將其用於加密貨幣詐騙 https://www.bleepingcomputer.com/news/security/mandiants-account-on-x-hacked-to-push-cryptocurrency-scam/ https://twitter.com/malwrhunterteam/status/1742650248529616901 https://twitter.com/malwrhunterteam/status/1742655256733859909 https://twitter.com/phantom/status/1742306764324839790 https://twitter.com/Mandiant/status/1742986799419740260 Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html 慢霧首席資訊安全官：Orbit_chain攻擊手法像是朝鮮駭客 https://news.cnyes.com/news/id/5422576 安全機構：Gamma駭客開始將竊取的165萬美元資金存入Tornado Cash https://www.panewslab.com/zh_hk/sqarticledetails/svnpri0vFt.html 駭客組織Angel Drainer鎖定加密貨幣領域發動網釣攻擊，意圖榨乾加密貨幣錢包 https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 瑞典食品零售供應商Coop傳出遭勒索軟體駭客組織Cactus攻擊 https://securityaffairs.com/156709/cyber-crime/cactus-ransomware-coop-sweden.html 勒索軟體駭客組織NoName針對芬蘭、立陶宛發動DDoS攻擊 https://thecyberexpress.com/noname-cyberattacks-on-finland/ https://thecyberexpress.com/ddos-attacks-on-lithuanian-websites/ 勒索軟體Zeppelin2遭到破解，駭客在地下論壇散布原始碼、建置工具 https://thecyberexpress.com/zeppelin2-ransomware/ 竊資軟體Meduza攻擊範圍廣泛，能挖掘超過一百種瀏覽器與加密貨幣錢包資料 https://www.resecurity.com/blog/article/new-version-of-medusa-stealer-released-in-dark-web 網路博物館系統供應商Gallery Systems遭勒索軟體攻擊，為防堵受害範圍擴大暫停部分服務 https://www.bleepingcomputer.com/news/security/online-museum-collections-down-after-cyberattack-on-service-provider/ 惡意程式載入工具Rugmi每天感染數百臺電腦 https://thehackernews.com/2023/12/new-rugmi-malware-loader-surges-with.html 研究人員找到能復原遭勒索軟體Black Basta破壞的檔案的方法 https://www.bleepingcomputer.com/news/security/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files/ 多組駭客濫用微軟市集App的URI協定，散布惡意軟體 https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/ APT43 https://www.virustotal.com/gui/collection/fa039f49cb8d8b0962fc75e9f4e2ae1462000b317be9cc57874f992c4cd30683 https://malpedia.caad.fkie.fraunhofer.de/actor/kimsuky https://socradar.io/apt-profile-kimsuky/ https://attack.mitre.org/groups/G0094/ https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report Pure Logs Stealer Fails to Impress https://russianpanda.com/2023/12/26/Pure-Logs-Stealer-Malware-Analysis/ A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government - Netskope https://www.netskope.com/blog/a-look-at-the-nim-based-campaign-using-microsoft-word-docs-to-impersonate-the-nepali-government CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks https://thehackernews.com/2023/12/microsoft-disables-msix-app-installer.html New JinxLoader Targeting Users with Formbook and XLoader Malware https://thehackernews.com/2024/01/new-jinxloader-targeting-users-with.html Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html New Bandook RAT Variant Resurfaces, Targeting Windows Machines https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊安卓用戶快刪除！13款App 暗藏新型惡意軟體、拖累手機效能竊個資 https://today.line.me/tw/v2/article/3NrPjak 手刀刪除！33款App內藏惡意程式　監控手機竊個資 https://www.ettoday.net/news/20240101/2655096.htm 33萬用戶受害！13款APP遭入侵「星座運勢」恐害個資外洩 https://reurl.cc/G4xQ0d 後門程式Xamalicious透過25款安卓App散布，逾32萬裝置受害 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/ Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation https://thehackernews.com/2024/01/doj-slams-xcast-with-10-million-fine.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力烏克蘭住宅區網路攝影機遭駭，俄羅斯將其用於軍事行動偵察 https://kyivindependent.com/sbu-blocks-surveillance-cameras-hacked-by-russians-to-spy-on-targets-in-kyiv/ https://securityaffairs.com/156812/intelligence/russia-hacked-surveillance-cameras-ukraine.html https://therecord.media/ukraine-says-russia-hacked-web-cameras-to-spy-on-kyiv-targets NPM套件everything拉取逾3千個相依性套件，恐癱瘓開發者電腦 https://checkmarx.com/blog/when-everything-goes-wrong-npm-dependency-hell-campaign-2024-edition/ 垃圾訊息太多，Google Groups將終止支援元老討論區Usenet https://www.ithome.com.tw/news/160642 西班牙大型網路服務供應商Orange Spain遭網路攻擊，資料庫被破壞 https://www.theregister.com/2024/01/04/orange_spain_outage_breach/ 涉毒酒店女稱遭「駭客」恐嚇警研判與敲詐李善均者為同一人 https://udn.com/news/story/6809/7686324 針對 ChatGPT 的 DDoS 攻擊引發了對編碼和生產力中斷的擔憂 https://blog.twnic.tw/2024/01/03/29391/ 烏克蘭官方證實俄國駭客猛攻電信巨頭 https://reurl.cc/77DnOd 巴勒斯坦駭客Cyber Toufan攻陷超過100個以色列企業組織，三分之一資料遭破壞而無法復原 https://doublepulsar.com/cyber-toufan-goes-oprah-mode-with-free-linux-system-wipes-of-over-100-organisations-eaf249b042dc 伊朗23家保險業者、外送平臺Snappfood傳出遭到網路攻擊 https://www.infostealers.com/article/mysterious-hacker-strikes-iran-with-major-cyberattacks-against-industry-leading-companies/ 美國猶他州出現鎖定外國交換生的網路綁架事故 https://www.abc4.com/news/northern-utah/missing-riverdale-foreign-exchange-student-found-near-brigham-city-in-case-of-cyber-kidnapping/ 烏克蘭政府機關遭俄羅斯駭客APT28鎖定，散布惡意程式Masepie https://cert.gov.ua/article/6276894 北韓駭客Kimsuky部署AppleSeed、Meterpreter、TinyNuke控制受害電腦 https://asec.ahnlab.com/en/60054/ Albanian Parliament and One Albania Telecom Hit by Cyber Attacks https://thehackernews.com/2023/12/albanian-parliament-and-one-albania.html Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks https://thehackernews.com/2023/12/kimsuky-hackers-deploying-appleseed.html Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html 資安技術工程師 https://www.104.com.tw/job/82475 資訊安全人員 https://www.104.com.tw/job/81h0e 技術工程類-資訊安全工程師 https://www.1111.com.tw/job/113082110/ 113年度研發替代役資訊安全中心21 https://www.1111.com.tw/job/113090440/ 資安維運工程師 https://www.yourator.co/companies/irentcar/jobs/33748 工研院資通所_資安研發工程師(F301)(地點：新竹) https://www.1111.com.tw/job/113091197/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service https://thehackernews.com/2023/12/google-cloud-resolves-privilege.html Google在瀏覽器無痕模式追蹤使用者，提出以50億美元尋求和解 https://www.courtlistener.com/docket/17216783/1090/brown-v-google-llc/ Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html 駭客組織UAC-0050透過網路釣魚散布木馬程式Remcos RAT，利用罕見手法繞過防毒軟體偵測 https://www.uptycs.com/blog/remcos-rat-uac-0500-pipe-method UAC-0050 Remcos RAT: Pipe Method Used for Evasion in Ukraine Attack https://www.uptycs.com/blog/remcos-rat-uac-0500-pipe-method UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html 出國小心！專家曝登機證兩大常見錯誤　拍照上傳恐毀掉旅程 https://today.line.me/tw/v2/article/BE06z7n 中華電信用戶繳費資料疑似外洩 https://www.kocpc.com.tw/archives/527592 日本手遊開發商Google Drive錯誤設定　導致100萬用戶資料或外洩 https://reurl.cc/QeLmk0 駭客利用Google OAuth端點刼持帳號，即使用戶變更密碼或登出仍舊會受害 https://www.ithome.com.tw/news/160629 主管勒令「密碼改複雜16碼」！員工怕忘記全寫便簽貼桌上　資安反而大幅惡化 https://www.ettoday.net/dalemon/post/69554 健保署：重申口罩實名制資料於疫情期間均有嚴格資安保護未曾外洩疫情結束後已全數銷毀並無保留 https://www.rmim.com.tw/news-detail-40408 駭客強奪Google帳號改密碼也沒救　官方曝自保新招 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=191576 「LINE龍年紅包」搶到888元？　事實查核中心：詐騙連結 https://www.mirrormedia.mg/story/20240103edi042 小心！X充斥MetaMask假空投釣魚，社群罵爆：馬斯克放任詐騙肆虐 https://www.blocktempo.com/a-large-number-of-phishing-ads-appear-on-x/ 首日出包！勞動部「一站移工網」 400筆個資全露 https://reurl.cc/WRryle 勞動部移工聘僱居留整合服務正式上線，逾400筆個資外洩 https://www.cna.com.tw/news/ahel/202401040319.aspx https://udn.com/news/story/7269/7686822 https://news.tvbs.com.tw/life/2357231 盜取政府數據暗網販售 24歲駭客聖誕節被捕 https://reurl.cc/j31axZ 臉書「追回詐騙款項」駭客機構，官網卻說並無提供這項服務…小心求助卻遇上二次詐騙 https://vocus.cc/article/65967698fd89780001b3b709 駭客組織GXC Team藉由人工智慧技術從事發票詐欺 https://www.resecurity.com/blog/article/cybercriminals-implemented-artificial-intelligence-ai-for-invoice-fraud 澳洲法院傳出遭駭客入侵，聽證會錄音恐外流 https://www.bleepingcomputer.com/news/security/victoria-court-recordings-exposed-in-reported-ransomware-attack/ http://courts.vic.gov.au/news/court-services-victoria-cyber-incident http://www.abc.net.au/news/2024-01-02/victoria-court-system-targeted-in-cyber-attack-russian-hackers/103272118 全錄證實美國分公司遭遇網路攻擊，部分個資外洩 https://www.bleepingcomputer.com/news/security/xerox-says-subsidiary-xbs-us-breached-after-ransomware-gang-leaks-data/ https://twitter.com/omvapt/status/1741249569789284615 https://www.news.xerox.com/news/xerox-releases-statement-regarding-cybersecurity-incident-affecting-xbs-subsidiary 社群網站X金色標章帳號遭到外流與冒用，相關資訊並在暗網流傳 https://assets-global.website-files.com/635e632477408d12d1811a64/6594e99c2daf492ccb1af7e7_gold_rush_on_the_dark_web-_twitter_gold.pdf 英國核廢料服務業者遭遇網釣攻擊，駭客透過LinkedIn對其出手 https://www.theguardian.com/business/2023/dec/31/cyber-hackers-target-uk-nuclear-waste-company-rwm 集運業者美買的前合夥人串通委外工程師攻擊網站、竊取客戶資料，提供競爭對手運用 https://www.cib.npa.gov.tw/ch/app/news/view?module=news&id=1885&serno=97c224ad-c1f2-4bf9-beea-85ab9c0a0cd9 https://www.cib.npa.gov.tw/ch/app/news/view?module=news&id=1885&serno=97c224ad-c1f2-4bf9-beea-85ab9c0a0cd9 多組駭客在平安夜發起Free Leaksmas攻擊行動，洩露全球各地逾5千萬筆個資 https://www.resecurity.com/blog/article/cybercriminals-launched-leaksmas-event-in-the-dark-web-exposing-massive-volumes-of-leaked-pii-and-compromised-data E.研究報告資安封包實戰：了解各種網路攻擊的特徵，課程料多味美 https://www.ithome.com.tw/pr/160621 無線簡報筆之資安威脅 https://www.airitilibrary.com/Article/Detail/P20200109001-201912-202001090021-202001090021-824-829 近1,100萬臺SSH伺服器可透過Terrapin手法攻擊 https://www.ithome.com.tw/news/160694 新型態DLL搜尋順序挾持手法可繞過Windows 10及11的防護措施 https://www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout 路由器频段与带宽的关系是什么 https://mp.weixin.qq.com/s?__biz=MzIxNTM3NDE2Nw==&mid=2247489907&idx=1&sn=d7a997fb28ef88c0a4ddbd8529637d85 APP渗透测试之USB调试抓包-gnirehtet https://mp.weixin.qq.com/s?__biz=Mzg5OTYxMjk0Mw==&mid=2247489391&idx=1&sn=340c19297a0e7fe1a1cefe910f56f2de 独家：俄罗斯黑客潜伏于乌克兰电信巨头Kyivstar长达数月 https://mp.weixin.qq.com/s?__biz=MzkyMzAwMDEyNg==&mid=2247541757&idx=3&sn=3d23857f7823efb6c0934d1153062320 某设备由黑到白 https://mp.weixin.qq.com/s?__biz=Mzg5NjU3NzE3OQ==&mid=2247488797&idx=2&sn=333e76dd043785df1e555fc30306c95c Trend Analysis on Kimsuky Group’s Attacks Using AppleSeed https://asec.ahnlab.com/en/60054/ New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security https://thehackernews.com/2024/01/new-terrapin-flaw-could-let-attackers.html New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html 5 Ways to Reduce SaaS Security Risks https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html 新型態SMTP挾持手法可繞過資安系統寄送惡意郵件 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails https://thehackernews.com/2024/01/smtp-smuggling-new-threat-enables.html Three Ways To Supercharge Your Software Supply Chain Security https://thehackernews.com/2024/01/three-ways-to-supercharge-your-software.html Exposed Secrets are Everywhere. Here's How to Tackle Them https://thehackernews.com/2024/01/exposed-secrets-are-everywhere-heres.html F.商業新世代資安指揮中心來了！提供更強大洞察力與執行力 https://www.issdu.com.tw/news_detail.php?id=28&csrt=7049816242063059909 Splunk 資安可觀測性業務分析，助益營運韌性 https://www.cio.com.tw/splunk-security-observable-business-analytics-to-help-operational-resilience/ G.政府軍校生偷帶手機被退學贏行政訴訟提國賠討薪水…被法官狠打臉 https://udn.com/news/story/7321/7678729?from=udn-catelistnews_ch2 蕭美琴：確保個資及資安下推遠距投票與政府E化 https://today.line.me/tw/v2/article/2Dmq9oX 數位部：協同相關部會持續強化關鍵基礎設施資安 https://www.cna.com.tw/news/afe/202401010245.aspx 法務部調查局與臺灣港務公司簽署資通安全合作備忘錄 https://news.owlting.com/articles/125366 警察要有資安長科技偵查速立法 https://udn.com/news/amp/story/7321/7682141 提升政府資安韌性數位部今年擴大民生關鍵系統數位健檢 https://reurl.cc/pr1XWe H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Unveiling the Mirai: Insights into Recent DShield Honeypot Activity https://isc.sans.edu/diary/rss/30514 實事求是的工業物聯網資安— TXOne Networks https://www.netadmin.com.tw/netadmin/zh-tw/video/562A0BE9D28942D4B64052C494B7A9BC#google_vignette TPM全面防護IoT裝置連線安全 https://reurl.cc/QeLmQ2 嵌入式IoT安全防護與零信任網路架構 — Check Point Software https://reurl.cc/80ozmM 中國大陸工业和信息化部国家标准化管理委员会关于印发《工业领域数据安全标准体系建设指南（2023版）》 https://mp.weixin.qq.com/s?__biz=MzI2MDk2NDA0OA==&mid=2247525788&idx=1&sn=85d6e20386d8e34c7ea8b905379d0f22 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/1/6 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygccbjb/ WordPress - 桃園午茶小聚 Linner Meetup #32 2024/1/6 https://www.meetup.com/taoyuan-wordpress-meetup/events/298052588/ ISO/IEC 27001:2022資訊安全管理系統 CQI & IRCA主導稽核員訓練課程 2024/1/8 ~ 2024/1/12 https://www.caa.org.tw/coursedetail-36580.html 36th Annual FIRST Conference 2024/1/9 ~ 2024/1/14 https://www.first.org/conference/2024/ AWS re:Inforce 2024/1/10 ~ 2024/1/12 https://reinforce.awsevents.com/ SyntaxError 2024/1/10 https://www.meetup.com/pythonhug/events/pqnsctygccbnb/ ISO/IEC 27001:2022 資訊安全管理系統主導稽核員轉版訓練課程 2024/1/10 ~ 2024/1/11 https://www.caa.org.tw/coursedetail-36566.html 國家高速網路與計算中心教育訓練大型語言模型LLMs課程教學-跟你組織內的知識庫對話 Talk To Your Internal Knowledge Base 2024/1/10 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4084&from_course_list_url=homepage Taipei DevOps User Group 4th Event, supported by Wankuma Alliance 2024/1/12 https://www.meetup.com/taipei-devops-user-group/events/297826906/ 2024年第一次會員研討會 - ISC2 資安之旅：Security Congress心得、得獎專案，以及資安反思 2024/1/16 https://isc2taipei.kktix.cc/events/isc2webinar1th Elixir Taiwan monthly meetup 2024/1/16 https://www.meetup.com/elixirtw-taipei/events/297578852/ SyntaxError 2024/1/17 https://www.meetup.com/pythonhug/events/pqnsctygccbwb/ 國家高速網路與計算中心教育訓練大型語言模型LLMs課程教學-跟你組織內的知識庫對話 Talk To Your Internal Knowledge Base 2024/1/17 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4085&from_course_list_url=homepage 【Monosparta ②⓪②④ 第一梯次軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401 2024年資安新手實戰培訓課程說明會 2024/1/19 https://acsiacad.kktix.cc/events/acadnewhire 2024 Global NF Conference 2024/1/20 ~ 2024/1/25 https://www.ctf.org/events/2024-joint-global-nf-conference# 獲利究竟被誰偷走了－Excel樞紐分析編製各式報表與查核 2024/1/24 https://www.caa.org.tw/coursedetail-36599.html Cyber Range in 2024 2024/1/24 ~ 2024/1/25 https://www.wwt.com/event/64e4ebafc176b30347f0568a SyntaxError 2024/1/24 https://www.meetup.com/pythonhug/events/pqnsctygccbgc/ SANS Cyber Threat Intelligence Summit & Training 2024 2024/1/29 - 2024/2/5 https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2024/ SyntaxError 2024/1/31 https://www.meetup.com/pythonhug/events/pqnsctygccbpc/ 第七屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2024/2/6 https://www.accupass.com/event/2311160625102022535520 【安碁學苑】IPAS 資訊安全工程師中級證照培訓班 2024/2/20-2024/2/3/5 https://www.accupass.com/event/2312151022301066488466