###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/1/13 ~ 2025/1/17 1.重大弱點漏洞/後門/Exploit/Zero Day Juniper Networks Junos OS 和 Junos OS Evolved https://nvd.nist.gov/vuln/detail/CVE-2025-21598 https://nvd.nist.gov/vuln/detail/CVE-2025-21599 Fortinet 發布FortiOS和FortiProxy的安全公告 https://www.fortiguard.com/psirt/FG-IR-24-535 Fortinet防火牆傳出遭到零時差漏洞攻擊，多組人馬透過能從網際網路存取的管理介面入侵防火牆 https://www.ithome.com.tw/news/166969 駭客公布1.5萬臺Fortinet防火牆VPN帳密資料，疑為透過2022年零時差漏洞取得 https://ithome.com.tw/news/167027 Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html Palo Alto、SonicWall與Aviatrix修補多個重大安全漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11536 Aviatrix Controller重大層級RCE漏洞被用於攻擊行動，駭客用於部署後門及挖礦軟體 https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/ SonicWALL SSL-VPN/SonicOS https://nvd.nist.gov/vuln/detail/CVE-2024-12802 https://nvd.nist.gov/vuln/detail/CVE-2024-12803 https://nvd.nist.gov/vuln/detail/CVE-2024-12805 https://nvd.nist.gov/vuln/detail/CVE-2024-40762 https://nvd.nist.gov/vuln/detail/CVE-2024-40765 https://nvd.nist.gov/vuln/detail/CVE-2024-53704 https://nvd.nist.gov/vuln/detail/CVE-2024-12806 https://nvd.nist.gov/vuln/detail/CVE-2024-53705 微軟發佈1月份安全性公告 https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan https://www.cisa.gov/news-events/alerts/2025/01/14/microsoft-releases-january-2025-security-updates 微軟發布1月例行更新，修補8項零時差漏洞，其中3項Hyper-V漏洞已被用於攻擊 https://www.ithome.com.tw/news/166966 部分工作站電腦、伺服器無法套用微軟1月例行更新，疑為Citrix資安控管軟體造成 https://www.ithome.com.tw/news/166992 Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html 微軟通報macOS系統完整性保護元件漏洞，攻擊者可乘機植入核心層級惡意驅動程式 https://www.ithome.com.tw/news/166951 Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html SAP修補兩項重大層級漏洞，影響NetWeaver AS for ABAP、ABAP平臺 https://ithome.com.tw/news/167016 Apache Airflow Fab Provider https://nvd.nist.gov/vuln/detail/CVE-2024-45033 Apache OpenMeetings https://nvd.nist.gov/vuln/detail/CVE-2024-54676 IBM Cognos Controller https://nvd.nist.gov/vuln/detail/CVE-2024-40702 IBM Engineering Requirements Management DOORS Next https://nvd.nist.gov/vuln/detail/CVE-2024-41787 Adobe 已發布多個產品的安全性更新 https://www.cisa.gov/news-events/alerts/2025/01/14/adobe-releases-security-updates-multiple-products https://helpx.adobe.com/security/security-bulletin.html Adobe發布例行更新，修補Photoshop重大漏洞 https://www.securityweek.com/adobe-critical-code-execution-flaws-in-photoshop/ The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7180725 Ivanti VPN 再爆零日漏洞！駭客組織已利用來進行網路間諜活動 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11535 英國網域名稱註冊機構Nominet傳出遭到Ivanti零時差漏洞攻擊 https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/ Ivanti旗下SSL VPN系統Connect Secure存在零時差漏洞，臺灣曝險數量全球第三 https://www.ithome.com.tw/news/166944 Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html UEFI安全開機存在弱點，攻擊者有機會繞過防護機制部署開機工具 https://ithome.com.tw/news/167022 供用戶贊助經營者的WordPress外掛程式GiveWP存在重大漏洞，若不處理攻擊者有機會接管網站 https://securityonline.info/cve-2025-22777-cvss-9-8-critical-security-alert-for-givewp-plugin-with-100000-active-installations/ WordPress外掛W3 Total Cache存在SSRF漏洞，百萬網站曝險 https://www.bleepingcomputer.com/news/security/w3-total-cache-plugin-flaw-exposes-1-million-wordpress-sites-to-attacks/ 開源檔案同步工具Rsync存在重大漏洞，攻擊者有機會越界寫入，66萬伺服器恐曝險 https://www.bleepingcomputer.com/news/security/over-660-000-rsync-servers-exposed-to-code-execution-attacks/ GitLab發布更新，修補多項資安漏洞 https://securityonline.info/gitlab-tackles-critical-security-flaws-in-latest-patch-release/ HPE修補Aruba裝置的命令注入漏洞 https://securityonline.info/cve-2024-54006-cve-2024-54007-command-injection-flaws-in-hpe-aruba-devices-poc-publicly-available/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 114年春節期間金融服務穩定整備措施 https://www.ey.gov.tw/Page/448DE008087A1971/56cd2f2f-6c4a-483c-92bf-a3ebc05ad88e 歐盟數位營運韌性法案生效 金融業如何建立資安事件通報 https://www.chinatimes.com/newspapers/20250117000292-260209?chdtv 中國信託銀行首創「週期性刷卡」智能偵測功能 https://www.cdns.com.tw/articles/1154282 傳言將真實的銀行通知信件誤認為詐騙信件 https://reurl.cc/EgajQA 3.信用卡/電子支付/行動支付/pay/支付系統/資安 WordPress電商網站遭到鎖定，駭客將JavaScript指令碼注入資料庫挾持付款資料 https://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpress-checkout-pages-via-database-injection.html WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables https://thehackernews.com/2025/01/wordpress-skimmers-evade-detection-by.html Payment Passkey成線上安全支付新焦點，兩大發卡組織齊推動 https://www.ithome.com.tw/news/167024 台北捷運多元支付閘門10月底完工！未來會新增支援哪些支付方式一次看懂 https://today.line.me/tw/v2/article/eL1xz9Z Apple Pay終於登場！北捷支付升級多樣化　但安卓用戶早有這三招秒刷進站 https://dailyview.tw/popular/detail/28672 醫指付＋今上線 支付更便利 https://reurl.cc/r3n9KE 全支付韓國也可以用了！使用教學及回饋優惠一次看懂 https://www.sogi.com.tw/articles/pxpay_plus/6264007 Line Pay準備成立子公司進軍電子支付市場 https://www.ithome.com.tw/news/167019 LINE Pay 將向金管會申請升格為電子支付 https://udn.com/news/story/7239/8495215 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 加密貨幣高風險？富邦虛擬資產ETF幫分憂 https://today.line.me/tw/v2/article/qoXlExD 美日韓：北韓去年盜取6.6億加密幣 駭客威脅國際金融 https://udn.com/news/story/6811/8496735?from=udn-catelistnews_ch2 美國加密貨幣交易首納入 IRS 報稅範圍，殘酷對比「台灣課稅規定」到底多廢 https://www.blocktempo.com/advantages-of-the-first-u-s-irs-cryptocurrency-taxation-compared-to-taiwans-system/ 消除不確定性！韓國啟動第二階段加密貨幣法規框架討論 https://news.pchome.com.tw/science/technice/20250116/index-73701646976769338005.html#google_vignette Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions https://thehackernews.com/2025/01/illicit-huione-telegram-market.html DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering https://thehackernews.com/2025/01/doj-indicts-three-russians-for.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 搜尋引擎攻擊事件激增！駭客藉 SEO 中毒手法誘導至詐騙網站 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11544 竊資軟體Formbook假借採購單散布，於記憶體內執行隱匿行蹤 https://securityonline.info/multi-layered-attack-formbook-stealer-bypasses-detection-with-memory-based-execution/ 北韓駭客Lazarus鎖定Web3開發人員發起攻擊行動Operation 99，意圖散布惡意軟體 https://www.ithome.com.tw/news/167007 「商業報價藏木馬」政府機關遭鎖定！11月資安威脅達9.6萬件 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11491 俄羅斯駭客APT28鎖定哈薩克，散布惡意軟體Hatvibe https://thehackernews.com/2025/01/russian-linked-hackers-target.html 以AI打造的勒索軟體FunkSec向受害者進行雙重勒索，聲稱已有85個企業組織受害 https://www.ithome.com.tw/news/166929 LDAPNightmare概念驗證程式碼遭人複製而冒用，在GitHub散布惡意軟體 https://www.ithome.com.tw/news/166928 NPM套件假冒以太坊工具，暗藏Quasar RAT木馬 https://www.ithome.com.tw/news/166915 勒索軟體駭客濫用AWS提供的功能，將S3儲存桶加密 https://www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/ AWS提供的資料保護措施遭到濫用！勒索軟體駭客將S3儲存桶加密，並向受害者索討贖金 https://www.ithome.com.tw/news/166999 鍵盤側錄工具VIP Keylogger、竊資軟體0bj3ctivity透過惡意圖檔散布 https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html 駭客透過YouTube等影音共享平臺散布竊資軟體，假借提供軟體安裝教學、利用影片說明或回應隱匿攻擊意圖 https://www.ithome.com.tw/news/166972 1.3萬臺MikroTik路由器被綁架組成殭屍網路，駭客搭配DNS弱點並透過2萬個網域散布惡意軟體 https://securityaffairs.com/173126/hacking/13000-device-mikrotik-botnet-exploiting-dns-flaws.html 勒索軟體RansomHub透過Python後門持續存取受害環境 https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html 中國駭客組織 RedDelta 鎖定台灣發動新一波間諜活動 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11545 美國對中國後門程式PlugX進行執法行動，清除逾4千臺受害電腦的惡意軟體 https://www.ithome.com.tw/news/166996 中國駭客RedDelta鎖定臺灣、蒙古、東南亞散布惡意程式PlugX https://www.ithome.com.tw/news/166933 FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns https://thehackernews.com/2025/01/reddelta-deploys-plugx-malware-to.html EAGERBEE, with updated and novel components, targets the Middle East https://securelist.com/eagerbee-backdoor/115175/ New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware https://thehackernews.com/2025/01/russian-linked-hackers-target.html Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html Ransomware on ESXi: The Mechanization of Virtualized Attacks https://thehackernews.com/2025/01/ransomware-on-esxi-mechanization-of.html Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems https://thehackernews.com/2025/01/expired-domains-allowed-control-over.html AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics https://thehackernews.com/2025/01/ai-driven-ransomware-funksec-targets-85.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 俄羅斯駭客Star Blizzard鎖定WhatsApp用戶而來 https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html 三星手機音訊解碼器存在漏洞，攻擊者有機會藉由Google簡訊服務觸發 https://www.ithome.com.tw/news/166955 Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China https://thehackernews.com/2025/01/european-privacy-group-sues-tiktok-and.html Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 電子賀卡網站GroupGreeting遭遇zqxq攻擊 https://www.ithome.com.tw/news/166952 泰藝電子發布資安重大訊息，揭露部分資訊系統遭到攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=230633&SPOKE_DATE=20250112&COMPANY_ID=8289 Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation https://thehackernews.com/2025/01/microsoft-sues-hacking-group-exploiting.html U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs https://thehackernews.com/2025/01/us-sanctions-north-korean-it-worker.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 遠東新世紀合作廠商遭遇網路攻擊，恐有資料外洩疑慮 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=175608&SPOKE_DATE=20250116&COMPANY_ID=1402 知名遊戲《流亡黯道2》管理帳號被駭，玩家資產損失恐無法追回 https://www.ithome.com.tw/news/166964 蘋果手機用戶當心！有人藉由網釣手法突破iMessage防護措施 https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/ 連銀行行員淪為詐團首腦，金融監理已成打詐破口 https://today.line.me/tw/v2/article/gzvxBrZ 駭客鎖定PayPal用戶從事網釣攻擊，利用M365網域繞過資安防護措施 https://hackread.com/paypal-phishing-scam-exploits-ms365-genuine-emails/ 駭客佯稱M365密碼到期，利用假YouTube連接引誘使用者存取釣魚網站 https://www.cyderes.com/blog/phishing-trend-exploiting-youtube-urls-through-o365-expiry-themes New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass https://thehackernews.com/2025/01/new-sneaky-2fa-phishing-kit-targets.html The $10 Cyber Threat Responsible for the Biggest Breaches of 2024 https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html 惡意攻擊者利用假Google廣告釣魚攻擊廣告帳戶，廣告商資金遭大規模盜用 https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads 攻擊者偽造Google Ads官方廣告，釣魚攻擊廣告主竊取預算 https://www.ithome.com.tw/news/167006 Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes https://thehackernews.com/2025/01/google-ads-users-targeted-in.html Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html Google OAuth身分驗證機制存在弱點，攻擊者有機會存取已停用的帳號 https://www.ithome.com.tw/news/166979 Google OAuth Vulnerability Exposes Millions via Failed Startup Domains https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html E.研究報告/工具 利用JavaScript撰寫MySQL Stored Program https://www.uuu.com.tw/Public/content/article/25/20250113.htm 當海纜全斷 - 如何通訊來維繫救援的生命線 https://hackmd.io/efBMZl4ITImkxUOjlmByHg?view https://www.slideshare.net/slideshow/1-hf/274909952 研究人員揭露能繞過macOS安全機制TCC的漏洞細節 https://securityonline.info/macos-vulnerability-cve-2024-54527-unveiled-tcc-bypass-poc-exploit-code-released/ 中小企業常見的資安迷思與最佳實踐 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11531 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal https://thehackernews.com/2025/01/how-to-bring-zero-trust-to-wi-fi.html F.商業 HPE Aruba Networking 發布2025年五大網路安全發展趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11528 關鍵基礎設施網路攻擊增加3倍！ OPSWAT MetaDefender NetWall 如何確保越南電力基礎設施的安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11541 Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs https://thehackernews.com/2025/01/taking-pain-out-of-cybersecurity.html Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity https://thehackernews.com/2025/01/hands-on-walkthrough-microsegmentation.html 強化MDR戰力，防火牆業者WatchGuard買下資安新創ActZero https://www.ithome.com.tw/news/166916 G.政府 嘉義市攜手南方治理平台7縣市 共創資安跨域合作新典範 https://reurl.cc/r3n931 數發部推動跨機關合作與數位轉型：創新科技助力便民服務 https://news.cnyes.com/news/id/5840410 數發部業務預算被砍剩1元可行嗎？ 網友狂刷一排「OK」 https://reurl.cc/zp71pV 數發部：若業務費砍至1元或全刪 將影響台灣網路安全 https://www.cna.com.tw/news/aipl/202501140405.aspx 數位部、NCC業務費為何被刪剩1元？謝龍介吐關鍵原因 https://www.chinatimes.com/realtimenews/20250116000031-260407?chdtv H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 The High-Stakes Disconnect For ICS/OT Security https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html 兆勤針對無線基地臺、資安路由器修補高風險權限提升漏洞 https://ithome.com.tw/news/167018 Netgear路由器存在重大漏洞，未經授權的攻擊者有機會遠端執行任意程式碼 https://securityonline.info/cve-2024-12847-cvss-9-8-netgear-router-flaw-exploited-in-the-wild-for-years-poc-published/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Saturday AI Hangout with Zack Lim 2025/1/18 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/305234492/ Advanced Scrum Case Study 2025/1/18 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/305079789/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/1/19 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhccbzb/ Algorithms Study Group! 2025/1/21 https://www.meetup.com/codeseoul/events/305093940/ Chinese Linguistics, History, and Etymology 2025/1/22 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhccbdc/ The wild innovations of end 2024 and what 2025 will bring (online session) 2025/1/22 https://www.meetup.com/taipei-education-technology-meetup-group/events/305143337/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2025/1/23 https://www.meetup.com/hackingthursday/events/psspctyhccbfc/ HackingThursday 固定聚會 台北場 Taipei 2025/1/23 https://www.meetup.com/hackingthursday/events/fcmtntyhccbfc/ Saturday AI Hangout with Zack Lim 2025/1/25 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/305234530/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/1/26 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhccbjc/ Algorithms Study Group! 2025/1/28 https://www.meetup.com/codeseoul/events/305093942/ Chinese Linguistics, History, and Etymology 2025/1/29 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhccbmc/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2025/1/30 https://www.meetup.com/hackingthursday/events/psspctyhccbnc/ HackingThursday 固定聚會 台北場 Taipei 2025/1/30 https://www.meetup.com/hackingthursday/events/fcmtntyhccbnc/ IC TAIWAN GRAND CHALLENGE: GLOBAL CALL FOR PROPOSALS 2025/1/31 https://www.meetup.com/meetups-hk-science-park/events/304872613/ Advanced Scrum Case Study 2025/2/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbcb/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/2/2 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhcdbdb/ Algorithms Study Group! 2025/2/4 https://www.meetup.com/codeseoul/events/305093944/ Chinese Linguistics, History, and Etymology 2025/2/5 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhcdbhb/ 自動化新視界：解鎖流程優化與工具整合實用策略課堂 2025/2/8 ~ 2025/2/15 https://www.accupass.com/event/2412020803131836788493 Advanced Scrum Case Study 2025/2/15 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbtb/ [Online] Philippine Bitcoin meetup 2025/2/20 https://www.meetup.com/philippine-bitcoiners/events/300961130/ 第八屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2025/2/20 https://www.accupass.com/event/2411261044223773652370 Advanced Scrum Case Study 2025/3/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcfbcb/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/