資安事件新聞週報 2024/11/25 ~ 2024/11/29

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/11/25 ~ 2024/11/29 1.重大弱點漏洞/後門/Exploit/Zero Day 網路流量監控系統Zabbix存在重大層級漏洞，恐被用於SQL注入、RCE攻擊 https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/ 網路流量監控系統LibreNMS存在重大漏洞，攻擊者有機會執行作業系統層級命令 https://securityonline.info/librenms-vulnerability-cve-2024-51092-mitigating-the-risk-of-server-compromise/ 美國證實Array Networks旗下SSL VPN系統重大漏洞已出現攻擊行動 https://www.ithome.com.tw/news/166225 Array Networks、Fortinet SSL VPN漏洞被用於散布後門程式，臺灣、日本有企業受害 https://www.ithome.com.tw/news/166218 Palo Alto Networks、SonicWall旗下SSL VPN系統存在新型態漏洞NachoVPN，攻擊者有機會為用戶端安裝惡意更新 https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/ Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats https://thehackernews.com/2024/11/intruder-launches-intel-free.html 俄羅斯駭客RomCom利用Firefox、Windows零時差漏洞發動攻擊 https://www.ithome.com.tw/news/166215 RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html WordPress網站防護外掛存在重大漏洞，逾20萬網站曝險 https://www.securityweek.com/critical-vulnerabilities-found-in-anti-spam-plugin-used-by-200000-wordpress-sites/ WordPress寄信外掛FluentSMTP存在重大漏洞，恐導致網站遭挾持 https://securityonline.info/cve-2024-9511-cvss-9-8-critical-flaw-in-fluentsmtp-plugin-exposes-over-300000-wordpress-sites-to-potential-takeover/ Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html PHP修補重大層級的記憶體越界寫入漏洞 https://www.ithome.com.tw/news/166230 PHP修補重大層級的記憶體越界存取、緩衝區過度讀取漏洞 https://securityonline.info/php-patches-multi-flaws-including-cve-2024-8932-cvss-9-8-urges-immediate-update/ 檔案共享伺服器ProjectSend存在重大漏洞，已被用於實際攻擊行動 https://www.ithome.com.tw/news/166258 Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html 2.銀行/金融/保險/證券/金融監理新聞及資安 2024金融白皮書打詐護資安 https://www.ctee.com.tw/news/20241126700076-439901 金融建言白皮書打詐護資安 https://www.cdns.com.tw/articles/1125242 全球人壽攜手奧義智慧，提升資安永續，落實社會責任實現 https://www.cio.com.tw/global-life-join-together-to-smart-promote-security-and-implement-social-responsibility/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安特店APP、第三方身分驗證明年上路 https://news.housefun.com.tw/news/article/133533445793.html A3A PayTech Limited 利用 AWS 雲端技術革新支付領域 https://today.line.me/hk/v2/article/2DnZgz6 引狼入室！馬籍女員工偷換店內「收款條碼」 2個月盜走109萬 https://reurl.cc/p9xvRe PayMe銀聯虛擬卡懶人包！開通方法、如何付款/綁到銀聯雲閃付、限時優惠著數一覽 https://reurl.cc/5D2dN6 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 5銀行欲試辦虛幣保管業務 2025年可望見首案 https://www.rti.org.tw/news/view/id/2229579 金管會推動「虛擬資產保管業務」試辦！明年元旦起受理申請、 5 家銀行有意願 https://blockcast.it/2024/11/29/taiwan-to-launch-crypto-custody-pilot-for-local-banks-in-2025/ 台灣洗防新規11/30上路，未登記不得提供虛擬資產服務 https://www.blocktempo.com/taiwans-new-aml-law-effective-nov-30-exchanges-and-crypto-traders-must-register/ 加密貨幣課稅新政應如何實施？立委黃珊珊強調「先管理、再課稅」 https://reurl.cc/ZZjVd6 北韓駭客冒充創投、HR、IT 人員，竊取數價值十億美元的加密貨幣 https://technews.tw/2024/11/29/north-korean-hackers/ 加密新希望？川普團隊考慮將加密貨幣監管權交給 CFTC https://abmedia.io/cftc-may-lead-digital-asset-regulation 1000倍山寨幣季即將來臨—聖誕行情最佳加密貨幣選擇 https://m.cnyes.com/news/id/5794228 10萬美元是個坎！比特幣近期暴漲是一種虛假的安全感 https://hk.investing.com/news/economic-indicators/article-721064 香港計劃擴大稅收豁免範圍，避險基金、超級富豪投資加密幣獲利擬免稅 https://blockcast.it/2024/11/28/hong-kong-proposes-tax-free-crypto-profits-for-hedge-funds-private-equity-and-wealthy-investors/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 中國及越南遭到CleverSoar惡意部署工具鎖定，攻擊者意圖散布Winos 4.0、Nidhogg https://www.ithome.com.tw/news/166273 中國駭客組織鎖定 Linux 系統，部署新型後門程式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11406 惡意程式GodLoader迴避偵測出現新手法，駭客濫用遊戲引擎感染1.7萬臺電腦 https://www.ithome.com.tw/news/166280 趨勢科技揭露Salt Typhoon攻擊電信業者的惡意程式GhostSpider https://www.ithome.com.tw/news/166197 出現命名意圖與兩大AI平臺混淆的可疑開發套件，目的是散播竊資軟體JarkaStealer https://www.ithome.com.tw/news/166188 北韓駭客Lazarus鎖定macOS用戶，意圖散布木馬程式RustyAttr https://securityonline.info/lazarus-group-exploits-xattr-with-rustyattr-to-evade-detection/ 俄羅斯駭客鎖定歐洲、亞洲，散布惡意軟體HatVibe、CherrySpy https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html 南亞駭客組織APT-K-47以伊斯蘭教朝聖活動為誘餌，散布惡意軟體Asyncshell https://thehackernews.com/2024/11/apt-k-47-uses-hajj-themed-lures-to.html 對抗資安人員駭客出奇招，惡意軟體Raspberry Robin在測試環境會部署誘餌擾亂調查 https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and 越南駭客透過企業臉書帳號散布竊資軟體VietCredCare、DuckTail https://www.group-ib.com/blog/tracing-the-path-of-vietcredcare-and-ducktail/ 研究人員揭露名為Bootkitty的惡意UEFI Bootkit，專門鎖定Linux主機而來 https://www.ithome.com.tw/news/166255 軟體供應鏈Blue Yonder遭勒索軟體攻擊，波及星巴克等業者 https://www.ithome.com.tw/news/166196 兆勤證實防火牆漏洞遭到勒索軟體利用的情況 https://www.ithome.com.tw/news/166220 防毒軟體Avast的驅動程式元件遭到濫用，駭客企圖停用受害電腦防護機制 https://www.ithome.com.tw/news/166200 竊資軟體NodeStealer透過臉書廣告散布，利用Windows公用程式竊取瀏覽器資料 https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html 以色列企業組織遭伊朗駭客鎖定，被散布惡意軟體WezRat https://thehackernews.com/2024/11/iranian-hackers-deploy-wezrat-malware.html 北韓駭客鎖定開發人員而來，藉由NPM套件散布惡意程式BeaverTail、InvisibleFerret https://securityonline.info/cyber-espionage-campaign-north-korean-actors-deploy-beavertail-and-invisibleferret/ 哈馬斯駭客Wirte鎖定以色列企業組織，散布資料破壞軟體SameCoin https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware https://thehackernews.com/2024/11/apt-k-47-uses-hajj-themed-lures-to.html Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html 駭客組織APT-C-60鎖定StatCounter、Bitbucket伺服器，意圖散布惡意軟體SpyGlace https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html 日本遭APT-C-60網釣攻擊，濫用StatCounter、Bitbucket並意圖散布SpyGlace後門 https://www.ithome.com.tw/news/166278 APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner https://thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊中國駭客組織利用 SIGTRAN、GSM 協定入侵南亞、非洲電信網路 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11400 Google's New Restore Credentials Tool Simplifies App Login After Android Migration https://thehackernews.com/2024/11/googles-new-restore-credentials-tool.html PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot https://thehackernews.com/2024/11/pypi-python-library-aiocpa-found.html 針對遭遇中國駭客Salt Typhoon入侵的事故，T-Mobile公布最新調查結果 https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-t-mobiles-routers-to-scope-out-network/ U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider https://thehackernews.com/2024/11/us-telecom-giant-t-mobile-detects.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力北韓駭客半年內竊取逾1千萬美元加密貨幣、針對衛星與軍事系統從事網釣攻擊 https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/ 俄羅斯駭客APT28發動Nearest Neighbor攻擊，目的是收集烏克蘭情報 https://www.ithome.com.tw/news/166183 中國駭客Earth Kasha發起LodeInfo攻擊，將範圍從日本延伸到臺灣、印度 https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html 國際執法單位與非洲刑警組織聯手，逮捕上千名參與網路犯罪的嫌犯 https://www.ithome.com.tw/news/166222 INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled https://thehackernews.com/2024/11/interpol-busts-african-cybercrime-1006.html Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks https://thehackernews.com/2024/11/microsoft-meta-and-doj-disrupt-global.html Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites https://thehackernews.com/2024/11/google-exposes-glassbridge-pro-china.html 圖博新聞媒體、大學網站遭中國駭客TAG-112攻擊，用網站漏洞與紅隊測試工具進行滲透 https://www.ithome.com.tw/news/166202 China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign https://thehackernews.com/2024/11/china-linked-tag-112-targets-tibetan.html Latest Multi-Stage Attack Scenarios with Real-World Examples https://thehackernews.com/2024/11/latest-multi-stage-attack-scenarios.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全因不滿成為OpenAI宣傳影片生成器Sora的工具，受邀測試的藝術家洩露存取權限 https://www.ithome.com.tw/news/166221 中國駭客Earth Kasha從事網釣攻擊，意圖對日本企業散布後門程式Anel https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html 逾四分之三黑色星期五垃圾信涉及詐騙 https://www.infosecurity-magazine.com/news/black-friday-spam-emails-scams/ 中國Storm-2077架設影響力網路GlassBridge，意圖對美國政府機關、非政府組織散布假新聞 https://thehackernews.com/2024/11/google-exposes-glassbridge-pro-china.html Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html E.研究報告/工具 MITRE 2024 年最危險軟體弱點排名：跨站腳本攻擊（XSS）居首位 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11407 「零信任博士」的實踐觀察，揭示零信任挑戰與應用未來 https://www.ithome.com.tw/news/166187 Flying Under the Radar - Security Evasion Techniques https://thehackernews.com/2024/11/flying-under-radar-security-evasion.html Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data https://thehackernews.com/2024/11/the-importance-of%20having-a-google-workspace-backup-solution.html Defensible Security Architecture and Engineering: Designing and Building Defenses for the Future https://thehackernews.com/expert-insights/2024/11/defensible-security-architecture-and.html The Future of Serverless Security in 2025: From Logs to Runtime Protection https://thehackernews.com/2024/11/the-future-of-serverless-security-in.html F.商業微軟推出首款加強資料安全的自製晶片 Azure Integrated HSM https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11403 Akamai 將微分段技術擴展至 Amazon Web Services https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11401 2024上市櫃高科技製造業資安論壇：AI資安技術 x ESG資安治理實踐數位韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11396 AWS與Rust基金會攜手，驗證Rust標準函式庫的安全性 https://www.ithome.com.tw/news/166158 展望2025國際治理趨勢，BSI揭露董事會「義務」成新主軸 https://www.ithome.com.tw/news/166133 資安新創Wiz買下雲端安全業者Dazz https://www.ithome.com.tw/news/166164 G.政府資安院攜手產業提升資安韌性，跨域協作聯防成就資安共好 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11405 行政院推打詐策略行動綱領2.0，提高產業防詐監管力度、AI科技防詐是關鍵 https://www.ithome.com.tw/news/166264 重塑對企業資安聯防的溝通模式，TWCERT/CC將逐步從傳統事件通報提升到關鍵情資共享 https://www.ithome.com.tw/news/166249 北捷AI客服遭網友測試發現可代寫程式碼，北捷緊急斷開Azure Open AI回應功能 https://www.ithome.com.tw/news/166191 影城放《國有器官》接恐嚇郵件國安局：中共對台長臂管轄 https://news.pts.org.tw/article/726123 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html 已終止維護的D-Link數據機存在重大漏洞，近6萬臺設備曝險 https://www.ithome.com.tw/news/166245 威聯通修補路由器OS與NAS加值軟體重大漏洞 https://www.ithome.com.tw/news/166195 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 金融反詐 X AI深偽：資安實務專題講座（中部場）2024/12/16 https://isipevent.kktix.cc/events/m165isip Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/