資安事件新聞週報 2025/4/28 ~ 2025/5/2

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/4/28 ~ 2025/5/2 1.重大弱點漏洞/後門/Exploit/Zero Day SSL.com 驗證漏洞：攻擊者可輕易取得重要網域憑證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11849 SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html 駭客2024年使用近百個零時差漏洞，逾半數被用於間諜軟體攻擊 https://www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/ FastCGI程式庫存在重大漏洞，恐使嵌入式裝置遭遠端執行任意程式碼 https://www.ithome.com.tw/news/168661 遠端桌面軟體ScreenConnect存在重大漏洞可導致遠端程式碼執行攻擊 https://www.ithome.com.tw/news/168627 Netscout修補nGeniusONE多項資安漏洞 https://securityonline.info/multiple-vulnerabilities-in-netscout-ngeniusone-threaten-infrastructure-visibility-platforms/ SAP 發布 NetWeaver的安全公告 https://www.ithome.com.tw/news/168625 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html SAP NetWeaver關鍵漏洞遭駭客利用植入惡意網頁命令執行介面 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11858 SAP緊急修補允許非法上傳檔案的Netweaver安全漏洞，傳出已遭利用 https://www.ithome.com.tw/news/168625 1千多臺SAP NetWeaver伺服器可能遭入侵，駭客利用風險值滿分漏洞得逞 https://www.ithome.com.tw/news/168653 New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html Commvault修補備份管理平臺，緩解遠端執行程式碼重大漏洞 https://www.ithome.com.tw/news/168623 American Megatrends (AMI) 發布 BMC (基板管理控制器) 的安全更新 https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf https://nvd.nist.gov/vuln/detail/CVE-2024-54085 https://www.ithome.com.tw/news/168581 華碩發布修補程式解決可能導致伺服器損壞的 AMI 漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11853 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7231915 Windows更新產生的Inetpub資料夾恐遭濫用，攻擊者能阻止修補其他弱點 https://www.ithome.com.tw/news/168633 Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-24h2-updates-fail-with-0x80240069-errors/ 攻擊者藉Ivanti SSL VPN零時差漏洞，植入DslogdRAT滲透日本組織 https://www.ithome.com.tw/news/168624 Linux核心介面io_uring存在弱點，恐讓Rootkit在繞過資安系統偵測的情況下活動 https://www.bleepingcomputer.com/news/security/linux-io-uring-security-blindspot-allows-stealthy-rootkit-attacks/ 內容管理系統Craft CMS存在零時差漏洞，已有駭客用來從事攻擊 https://www.bleepingcomputer.com/news/security/craft-cms-rce-exploit-chain-used-in-zero-day-attacks-to-steal-data/ 思科確認部分產品受到10分Erlang/OTP重大漏洞影響 https://www.securityweek.com/cisco-confirms-some-products-impacted-by-critical-erlang-otp-flaw/ Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised https://thehackernews.com/2025/04/hackers-exploit-critical-craft-cms.html CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database https://thehackernews.com/2025/04/cisa-adds-actively-exploited-broadcom.html Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html GitLab EE/CE CVE-2025-1908 https://nvd.nist.gov/vuln/detail/CVE-2025-1908 Samba https://nvd.nist.gov/vuln/detail/CVE-2024-58250 Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html Chrome 136修補存在長達20年的隱私弱點 https://cybersecuritynews.com/chrome-136-released/ macOS版Docker存在漏洞，攻擊者有機會透過任意機碼繞過身分驗證 https://gbhackers.com/docker-registry-vulnerability/ 2.銀行/金融/保險/證券/金融監理新聞及資安數發部與玉山金控聯手成立防詐實驗室，以跨業合作試驗防詐聯防技術 https://www.ithome.com.tw/news/168684 中信銀首揭金融資安韌性三大對策：建立縱深防禦工程、落實穿透測試、確認資安作業有效性 https://www.ithome.com.tw/news/168732 API資安威脅成挑戰，富邦金建立六項機制管控API安全 https://www.ithome.com.tw/news/168669 公私協力啟動防詐實驗室　強化金融資安韌性 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/8874EAD14CE94CC8A5591F733D853478#google_vignette 持續推動零信任架構，金管會著手發展金融雲端資安監控基準 https://www.ithome.com.tw/news/168570 永豐金證蟬聯 F-ISAC「資安情資分享」首獎連二年奪冠 https://udn.com/news/story/7239/8701893 假貸款真詐騙偷個資銀行關閉自然人憑證開戶 https://www.cardu.com.tw/news/detail.php?56763 詐團冒「自然人憑證」狂開數存戶　民眾無辜淪人頭戶！7銀行急喊停 https://today.line.me/tw/v2/article/PGJavMR 詐團盯上數位帳戶 8銀行急喊卡自然人憑證開戶！金管會：擬半年內解封 https://reurl.cc/VYWK3b 台灣2銀行「關閉10間分行」！裁撤一排店　金管會證實了 https://news.tvbs.com.tw/life/2855110 房屋稅2.0今開徵出狀況！北市5萬份稅單異常　財政部：延繳至6/30 https://tw.nextapple.com/finance/20250501/B052F3817AA1555F9817BCED81EB1EED 3.信用卡/電子支付/行動支付/pay/支付系統/資安紐約將告別地鐵卡改推行動支付 https://money.udn.com/money/story/122381/8656466 遊南韓icash Pay變支付神器！開通「韓國跨境支付」最高回饋30% https://tech.udn.com/tech/story/124457/8708097?form=udn_ch2_common3_cate 統一超icash Pay宣布 5月1日起可韓國跨境支付 https://reurl.cc/RYkxZ6 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安幣圈重磅！亞利桑那州通過比特幣儲備法案全美首例 https://reurl.cc/YY3yaX 重磅！美亞利桑那州通過比特幣儲備法案：最高10%公資金投資BTC，就差州長簽署 https://www.blocktempo.com/arizona-bitcoin-reserve-bill-advances/ OSL集團推出OSL Pay - 全新機構級數字資產法幣通道 https://news.pchome.com.tw/internation/xpm/20250429/index-17459131809322560011.html 英國公布加密貨幣立法草案！宣告與美國合作加強支持加密產業 https://blockcast.it/2025/04/30/uk-government-reveals-draft-crypto-laws-in-effort-to-drive-growth/ CZ：不丹在加密貨幣戰略儲備方面走在前列 https://www.binance.com/zh-TC/square/post/04-30-2025-cz-23613360427857 支付巨頭 Mastercard 官方：推出全球點對點穩定幣支付方案，進一步整合加密貨幣產業 https://abmedia.io/mastercard-announcement 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 殭屍網路Dota將Linux電腦用於挖礦，利用弱SSH帳密入侵受害主機 https://securelist.com/outlaw-botnet/116444/ 竊資軟體Hannibal Stealer能繞過Chrome最新Cookie防護，竊取加密貨幣錢包、FTP用戶端資料 https://www.cyfirma.com/research/hannibal-stealer-a-rebranded-threat-born-from-sharp-and-tx-lineage/ Hitachi Vantara傳出遭遇勒索軟體Akira攻擊，伺服器離線因應 https://www.ithome.com.tw/news/168657 惡意NPM套件濫用Gmail及WebSocket挾持開發者電腦 https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-abuse-gmail-websockets-to-hijack-systems/ 勒索軟體VerdaCrypt廣泛針對超過100種檔案下手，並企圖透過USB裝置入侵隔離環境 https://medium.com/@smith_brendan/verdacrypt-the-powershell-ransomware-that-thinks-its-a-philosophy-professor-40c41fed0fbe 中國駭客組織IronHusky更新MysterySnail RAT，滲透蒙古與俄羅斯政府 https://www.ithome.com.tw/news/168622 吉隆坡國際機場3月遭遇攻擊，勒索軟體Qilin聲稱是他們所為 https://www.ithome.com.tw/news/168720 勒索軟體DragonForce東山再起，提供打手租用牟利 https://www.bleepingcomputer.com/news/security/dragonforce-expands-ransomware-model-with-white-label-branding-scheme/ 惡意軟體佯裝資安工具入侵WordPress網站 https://www.bleepingcomputer.com/news/security/wordpress-plugin-disguised-as-a-security-tool-injects-backdoor/ 初始入侵管道掮客ToyMaker部署後門程式Lagtoy，為勒索軟體Cactus鋪路 https://securityonline.info/toymakers-playbook-cisco-talos-exposes-iab-tactics-leading-to-cactus-ransomware/ ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion https://thehackernews.com/2025/04/toymaker-uses-lagtoy-to-sell-access-to.html DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors https://thehackernews.com/2025/04/woocommerce-users-targeted-by-fake.html Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools https://thehackernews.com/2025/04/earth-kurma-targets-southeast-asia-with.html Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool https://thehackernews.com/2025/04/malware-attack-targets-world-uyghur.html RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control https://thehackernews.com/2025/04/ransomhub-went-dark-april-1-affiliates.html FHS - Daixin Ransomware IOCs https://otx.alienvault.com/pulse/635777c908e489b484ed5209 DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html Updates to TTPs in Latest Campaign Targeting Taiwan and Japan https://www.trendmicro.com/en_us/research/25/d/earth-kasha-updates-ttps.html https://documents.trendmicro.com/images/TEx/Earth-Kasha-Blog-IoCshFxTmpo.txt Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html https://documents.trendmicro.com/assets/txt/EarthKurma-IOCssVJ3RcK.txt Malicious PyPI packages abuse Gmail, websockets to hijack systems https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-abuse-gmail-websockets-to-hijack-systems/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊安卓惡意軟體埋藏於地圖App，鎖定俄羅斯軍隊而來 https://www.ithome.com.tw/news/168626 研究人員揭露眾多蘋果AirPlay安全漏洞 https://www.ithome.com.tw/news/168680 蘋果警告超過100個國家的iPhone用戶已遭間諜軟體鎖定 https://www.ithome.com.tw/news/168724 蘋果違反法院的反托拉斯裁決，恐面臨刑事調查 https://www.ithome.com.tw/news/168727 WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy https://thehackernews.com/2025/04/whatsapp-launches-private-processing-to.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力駭客論壇BreachForums因使用舊版軟體元件遭駭 https://www.ithome.com.tw/news/168714 MITRE ATT&CK 發布17.0版，新增 ESXi 攻擊戰術技術與程序 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11854 鎖定資安領域再出發，前台積人花三年獲取專業能力，揭露轉職過程的第一手經驗 https://www.ithome.com.tw/news/168572 如何靠考取資安證照提升競爭力，並將專業能力對齊臺灣法規與資安環境 https://www.ithome.com.tw/news/168658 衛星科技快速崛起，從美國衛星安全CTF競賽看太空中的資安威脅 https://ithome.com.tw/news/168662 駭客論壇BreachForums傳出遭零時差漏洞攻擊被迫停機，管理者表示將捲土重來 https://hackread.com/breachforums-displays-message-shutdown-mybb-0day-flaw/ 教育機構Azure租戶遭到鎖定，駭客濫用AzureChecker從事挖礦活動 https://www.ithome.com.tw/news/168659 Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers https://thehackernews.com/2025/04/storm-1977-hits-education-clouds-with.html SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients https://thehackernews.com/2025/04/sentinelone-uncovers-chinese-espionage.html 法國指控APT28對當地政府機關、企業組織發起網路攻擊 https://www.ithome.com.tw/news/168676 Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations https://documents.trendmicro.com/assets/txt/IOCs_VoidDokkaebi_2t9ScKI5.txt https://www.trendmicro.com/en_us/research/25/d/russian-infrastructure-north-korean-cybercrime.html North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html 中國駭客濫用IPv6發動對手中間人攻擊，挾持軟體更新散布惡意程式 https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool https://thehackernews.com/2025/04/chinese-hackers-abuse-ipv6-slaac-for.html Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全韓國大型電信業者SKT驚傳遭駭，客戶資料遭竊，該公司決定為2,500萬用戶免費換發SIM卡 https://www.ithome.com.tw/news/168675 網釣工具包Darcula結合生成式AI，大幅降低駭客使用門檻 https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html 巴基斯坦駭客APT36假借恐怖攻擊為誘餌，對印度國防單位從事網釣 https://medium.com/@d09r/apt36-uses-pahalgam-terror-attack-lure-in-targeted-phishing-against-indian-defense-personnel-4b407f09b9a0 執法單位圍剿網釣工具包JokerOTP，逮捕2名嫌犯 https://hackread.com/jokerotp-dismantled-28000-phishing-attacks-2-arrested/ Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About https://thehackernews.com/2025/04/customer-account-takeovers-multi.html MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks https://thehackernews.com/2025/05/mintsloader-drops-ghostweaver-via.html Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html E.研究報告/工具資安託管業者如何應對AI安全盲點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11851 Why NHIs Are Security's Most Dangerous Blind Spot https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html How Breaches Start: Breaking Down 5 Real Vulns https://thehackernews.com/2025/04/how-breaches-start-breaking-down-5-real.html Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations https://thehackernews.com/2025/04/indian-court-orders-action-to-block.html Why top SOC teams are shifting to Network Detection and Response https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html How to Automate CVE and Vulnerability Advisory Response with Tines https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html Why top SOC teams are shifting to Network Detection and Response https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html New Research Reveals: 95% of AppSec Fixes Don't Reduce Risk https://thehackernews.com/2025/05/new-research-reveals-95-of-appsec-fixes.html F.商業資安格局重塑：Mandiant 揭露2025年五大關鍵網路威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11855 Sophos：「數位殘餘」讓企業暴露於網路邊緣設備攻擊風險中 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11856 Google在RSAC 2025推出新款AI資安代理，推進Agentic SOC https://www.ithome.com.tw/news/168645 Palo Alto Networks買下新創公司Protect AI，推出AI安全管理平臺 https://www.ithome.com.tw/news/168652 Cisco釋出首款開放權重資安大語言模型，助力AI資安維運與防護 https://www.ithome.com.tw/news/168696 Meta推出獨立AI程式Meta AI https://www.ithome.com.tw/news/168674 Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code https://thehackernews.com/2025/04/meta-launches-llamafirewall-framework.html 阿里巴巴開源Qwen3模型家族 https://www.ithome.com.tw/news/168655 Nvidia推DOCA Argus強化AI資料中心即時威脅偵測 https://www.ithome.com.tw/news/168654 韓國第一品牌AhnLab首度參展台灣Cybersec 攜手湛揚科技展現OT資安與防勒索解決方案 https://ithome.com.tw/pr/168609 Redis放棄SSPL授權回歸開源，釋出Redis 8整合核心與Stack功能 https://www.ithome.com.tw/news/168726 G.政府資安院公布產品資安3大策略，重視安全軟體開發與檢測人才，推動PSIRT、臺灣ICT產品漏洞獵捕計畫 https://www.ithome.com.tw/news/168673 產品資安成國際法規必考題，也攸關國家安全，資安院專家呼籲臺灣ICT製造商需正視CVE與CWE風險 https://www.ithome.com.tw/news/168672 從呼叫器爆炸案談產品資安：資安院龔副院長分析供應鏈攻擊與電子產品的資安挑戰 https://www.nics.nat.gov.tw/latest_news/announcements/Latest_Announcement/6a18e56c-d2c6-4a83-882f-c6eacd677988/ 探索資安院！從互動遊戲到桌上推演，一覽資安院參與CYBERSEC 2025現場亮點 https://www.nics.nat.gov.tw/latest_news/announcements/Latest_Announcement/983ecbe2-ccf5-4c43-ae63-edcd09aaca08/ 張淵翔洩個資助罷團！謝國樑強調「立即導正」：公務員涉案絕非微罪 https://tw.nextapple.com/local/20250501/F3C62F8E3E9D3E75068A19E01BB7131E H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Viasat衛星數據機存在高風險漏洞，未經授權的攻擊者可遠端執行任意程式碼 https://gbhackers.com/viasat-modems-zero-day-vulnerabilities/ IT與OT協作新時代：智慧防禦×韌性共存 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11833 智慧IoT效能重要一環　新平台推動邊緣AI革命 https://www.eettaiwan.com/20250430nt31-new-platform-driving-the-edge-ai-revolution/ Zyxel USG FLEX H series uOS firmware CVE-2025-1731 https://nvd.nist.gov/vuln/detail/CVE-2025-1731 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會【資安課程諮詢】物聯網資訊安全實務 2025/5/3 https://www.accupass.com/event/2412260750552102835426 【課程諮詢】物聯網邊緣運算與資安實戰 2025/5/3 https://www.accupass.com/event/2412260751154280345070 WordPress 彩虹小聚：線上課程是門好生意 2025/5/6 https://www.meetup.com/taipei-wordpress/events/307432972/ Revolutionizing Business Growth: The Monthly Website Acquisitions Forum 2025/5/6 https://www.meetup.com/nomads-entrepreneurs-community/events/305968898/ ONLINE ⭐️ Programming for Everybody - Free 3-week course for beginne rs2025/5/6 https://www.meetup.com/le-wagon-tokyo-coding-station/events/307281023/ [ITSMF Thailand] Webinar 2025/5/6 https://www.meetup.com/itsmbkk/events/307209513/ TEAMPROS Taipei 2025 2025/5/7 https://www.accupass.com/event/2504100341229539531870 T-box 工作坊：「掌握跨境電商新機遇：有效風險管理策略」 2025/5/7 https://www.meetup.com/meetups-hk-science-park/events/307226026/ Flutter Tokyo #7 2025/5/7 https://www.meetup.com/flutter-meetup-tokyo/events/307116530/ Stand & Deliver: Preparing for Submissions and Demo Day 2025/5/9 https://www.meetup.com/sui-network-korea/events/307395902/ DQS Taiwan: 國際資安研討會：TISAX® 車載資安解析 2025/5/9 https://www.accupass.com/event/2504070731307831173200 Startup Teaming (Online) 2025/5/10 https://www.meetup.com/startup-agile-group-thanh-pho-ho-chi-minh/events/307437032/ ONLINE COURSE 🚀 Data Science & AI foundations for beginners 2025/5/10 https://www.meetup.com/le-wagon-tokyo-coding-station/events/307332883/ Microcontroller (ESP32) Discussion @ Gongguan MRT Exit 3 2025/5/10 https://www.meetup.com/electronics-workshop/events/307361975/ Taipei dbt Meetup #36 Bitter Lessons from data Freelancing (Hybrid 👫 + 🧑‍💻) 2025/5/12 https://www.meetup.com/taipei-dbt-meetup/events/307160339/ 被世界低估的「資安」人才缺口：變動世代的隱藏主線 2025/5/14 https://www.accupass.com/event/2504170215051522930322 ONLINE 🌟 Intro to Geospatial Analysis workshop 2025/5/14 https://www.meetup.com/le-wagon-tokyo-coding-station/events/307396626/ Masterclass: Warren Redlich: Tesla, AI & the Future of Innovation 2025/5/15 https://www.meetup.com/workoptional-ai-future-of-work/events/306870563/ 從工地到雲端！e秒簽助攻營造業管理 2025/5/15 https://www.accupass.com/event/2504240851162098989769 AI 時代的資安新挑戰：如何讓開發更快速、更安全 2025/5/15 https://www.accupass.com/event/2503170831057559152230 一鍵保護SaaS資料！實測Keepit快速備份與還原 2025/5/16 https://www.accupass.com/event/2504160409167319207120 Digital Rogue Meetup #08 2025/5/19 https://www.meetup.com/taiwan-digital-rogue/events/307397895/ 智慧 ITSM 時代！Jira ITSM 自動化 2025/5/21 https://www.meetup.com/taipei-atlassian-community-events/events/307355629/ 數位資產與企業創新 2025/5/22 https://www.accupass.com/event/2504100336192273049230 前輩領航計畫｜破解中小企業轉型困境 2025/5/22 https://www.accupass.com/event/2504110857316439952740 How to Build AI Skills For Your Career 2025/5/22 https://www.meetup.com/techtalks-ph-manila/events/307352456/ Taipei dbt Meetup #37 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2025/5/23 https://www.meetup.com/taipei-dbt-meetup/events/307317858/ The No Hype Guide to Online Business Success 2025/5/23 https://www.meetup.com/internet-entrepreneurs-network-thailand/events/307318369/ 臺灣的下一步-國安青年論壇 2025/5/24 https://www.accupass.com/event/2504200843571170341738 【財訊資安論壇】AI時代的資安新解方 2025/5/26 https://www.accupass.com/event/2504150825081036102809 Elastic 資安 AI 實戰 — 攻擊偵測 & 威脅狩獵全攻略 2025/5/28 https://www.accupass.com/event/2504110633451794495661 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160