###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/12/08 ~ 2025/12/12 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet為多款系統修補FortiCloud SSO身分驗證繞過漏洞 https://www.ithome.com.tw/news/172750 Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html Palo Alto Networks旗下SSL VPN的入口網站出現新一波大規模掃描 https://www.ithome.com.tw/news/172696 Cloudflare再傳服務異常，原因是實施React漏洞防護出錯 https://www.ithome.com.tw/news/172677 多家資安業者與機構警告React2Shell已遭積極利用，全球恐有數萬臺React主機尚未修補 https://www.ithome.com.tw/news/172683 React伺服器元件追補安全更新，修正DoS與原始碼洩露漏洞 https://www.ithome.com.tw/news/172790 React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors https://thehackernews.com/2025/12/react2shell-exploitation-delivers.html React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation https://thehackernews.com/2025/12/critical-react2shell-flaw-added-to-cisa.html Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html 微軟發布12月例行更新，修補3個零時差漏洞，其中一個已被用於實際攻擊 https://www.ithome.com.tw/news/172730 針對半年前被揭露的Windows捷徑UI零時差漏洞，傳出微軟已默默採取緩解措施 https://www.ithome.com.tw/news/172673 Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days https://thehackernews.com/2025/12/microsoft-issues-security-fixes-for-56.html Apache Tika存在滿分XXE漏洞，惡意XFA PDF可遠端讀取伺服器資料 https://www.ithome.com.tw/news/172726 跨平臺文件解析工具Apache Tika存在XXE滿分漏洞 https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems https://thehackernews.com/2025/12/cisa-reports-prc-hackers-using.html Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks https://thehackernews.com/2025/12/sneeit-wordpress-rce-exploited-in-wild.html Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks https://thehackernews.com/2025/12/unpatched-gogs-zero-day-exploited.html Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw https://thehackernews.com/2025/12/chrome-targeted-by-active-in-wild.html Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution https://thehackernews.com/2025/12/hard-coded-gladinet-keys-let-attackers.html .NET Framework的HTTP用戶端代理設計缺陷，結合WSDL匯入可構成RCE攻擊鏈 https://www.ithome.com.tw/news/172770 .NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html New React RSC Vulnerabilities Enable DoS and Source Code Exposure https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html 地理位置資訊伺服器GeoServer存在XXE高風險漏洞，CISA警告已被用於實際攻擊 https://thehackernews.com/2025/12/cisa-flags-actively-exploited-geoserver.html CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog https://thehackernews.com/2025/12/cisa-flags-actively-exploited-geoserver.html Google修補Chrome今年第8個零時差漏洞 https://www.ithome.com.tw/news/172785 Google發布Chrome 143，修補V8引擎高風險漏洞 https://www.ithome.com.tw/news/172674 Adobe發布12月安全更新，ColdFusion藏多個重大漏洞應優先處理 https://www.ithome.com.tw/news/172759 PCIe協定存在弱點，恐面臨資訊洩露、拒絕服務等資安風險 https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html Notepad++發布更新，修補傳出已遭利用的更新元件漏洞 https://www.bleepingcomputer.com/news/security/notepad-plus-plus-fixes-flaw-that-let-attackers-push-malicious-update-files/ Nvidia修補AI推論伺服器Triton高風險DoS漏洞 https://www.ithome.com.tw/news/172727 SAP發布12月例行更新，修補3套系統的重大漏洞 https://www.ithome.com.tw/news/172736 模型檢測工具PickleScan三個零時差漏洞，讓惡意PyTorch模型躲避掃描執行任意程式碼 https://www.ithome.com.tw/news/172737 Nvidia修補AI推論伺服器Triton高風險漏洞，若不處理可被用於DoS攻擊 https://securityonline.info/nvidia-triton-server-patches-two-high-severity-dos-flaws-risking-critical-ai-inference-disruption/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 網釣工具包Spiderman鎖定數十家歐洲銀行的用戶而來 https://www.bleepingcomputer.com/news/security/new-spiderman-phishing-service-targets-dozens-of-european-banks/ 普發1萬元逾325萬人未領取！　數發部公布「登記入帳最多人選」 https://finance.ettoday.net/news/3083169 台灣電商平台也淪陷 陽信銀線上購物商城驚傳駭客勒索 https://reurl.cc/gnRpKz 美國金融業大變革：紐約州推動銀行數位資安升級，區塊鏈分析成反洗錢新利器 https://cmnews.com.tw/article/cmoneyairesearcher-2cb88650-93f0-11f0-b63a-6e4614b45b13 阻詐20.8億公股銀居首！臺灣銀行以AI防詐、數位券結合安養信託獲財金資訊年會雙獎 https://news.cnyes.com/news/id/6260752 3.信用卡/電子支付/行動支付/pay/支付系統/資安 小店家用行動支付租稅優惠延長3年　引進KIOSK也適用 https://money.udn.com/money/story/6710/9199848 北捷可嗶手機進站iPhone免解鎖！能刷信用卡LINE Pay誰用悠遊卡 https://city.gvm.com.tw/article/126485 手機搭台北捷運免悠遊卡！開放QR乘車碼和Apple Pay時間曝光 https://mrmad.com.tw/taipei-mrt-qr-code-mobile-payment-2026 台北捷運多元支付服務1月正式登場！Apple Pay、LINE Pay可直接掃碼搭捷運 https://www.elle.com/tw/life/hot-news/g63472866/mrt-payby-linepay-apple-pay/ 亞太區首發！Oen應援科技導入Visa Click to Pay 線上付款像「感應」一樣快 https://tech.udn.com/tech/story/124457/9195774 多人收到「Gopay」電子支付網購通知！網友提醒：詐騙新手法 https://newtalk.tw/news/view/2025-12-08/1008613 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 加密貨幣詐騙犯被判重刑，法官：規模空前且影響深遠 https://finance.technews.tw/2025/12/12/cypo-coin-fraud/ 渣打銀行與Coinbase合作擴大以機構為導向的加密貨幣主經紀商業務 https://m.cnyes.com/news/id/6273578 持有加密貨幣最多的千禧世代迎來離婚潮，但法律還沒準備好 https://www.blocktempo.com/millennials-crypto-divorce-legal-challenges/ Sam Altman 再出招！World App 重磅升級：整合加密幣支付、加密聊天功能 https://blockcast.it/2025/12/12/world-app-now-supports-crypto-payment-and-encrypted-chat-features/ 幣安悄然布局「股票永續合約」產品，API 更新顯示產品基礎架構已在準備中 https://zombit.info/binance-api-update-hints-at-stock-perpetual-contracts-as-exchanges-eye-tradfi-markets/ Pyth Network宣布將建立PYTH儲備，每月公開回購PYTH代幣 https://m.cnyes.com/news/id/6273432 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意軟體NanoRemote濫用Google Drive的API隱匿行蹤 https://www.ithome.com.tw/news/172797 後門程式PeerBlight鎖定React2Shell而來，企圖綁架Linux主機從事挖礦及DDoS攻擊 https://www.ithome.com.tw/news/172756 北韓駭客加入利用React2Shell的行列，散布惡意程式EtherRAT https://www.ithome.com.tw/news/172743 PyTorch模型資安檢測工具Picklescan存在重大漏洞，可迴避掃描、執行任意程式碼 https://thehackernews.com/2025/12/picklescan-bugs-allow-malicious-pytorch.html 惡意廣告假借提供ChatGPT與Grok指引，意圖散布macOS竊資軟體 https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/ NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems https://thehackernews.com/2025/12/nanoremote-malware-uses-google-drive.html ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure https://thehackernews.com/2025/12/four-threat-clusters-using-castleloader.html North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html 伊朗駭客MuddyWater鎖定土耳其、以色列，以及亞塞拜然而來，散布後門UDPGangster https://thehackernews.com/2025/12/muddywater-deploys-udpgangster-backdoor.html MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign https://thehackernews.com/2025/12/muddywater-deploys-udpgangster-backdoor.html STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware https://thehackernews.com/2025/12/stac6565-targets-canada-in-80-of.html 惡意VS Code延伸套件上架微軟市集，利用假PNG圖片藏匿木馬 https://www.bleepingcomputer.com/news/security/malicious-vscode-marketplace-extensions-hid-trojan-in-fake-png-file/ 惡意VS Code延伸套件透過微軟市集散布竊資軟體 https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers/ Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data https://thehackernews.com/2025/12/researchers-find-malicious-vs-code-go.html Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT https://thehackernews.com/2025/12/experts-confirm-jssmuggler-uses.html WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor https://thehackernews.com/2025/12/wirte-leverages-ashenloader-sideloading.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 提醒民眾對於資安高風險App須慎選使用 https://moda.gov.tw/ACS/press/news/press/18104 安卓惡意軟體DroidLock將裝置鎖定，並向受害者進行勒索 https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/ Slack在臺服務將移轉至中國？ Salesforce澄清臺灣用戶使用全球基礎設施，與阿里巴巴無關 https://www.ithome.com.tw/news/172682 以資安為由，俄羅斯限制蘋果FaceTime的語音及視訊功能 https://www.ithome.com.tw/news/172653 安卓間諜軟體ClayRat出現變種，具備完全控制裝置的能力 https://hackread.com/clayrat-android-spyware-variant-device-control/ Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features https://thehackernews.com/2025/12/android-malware-fvncbot-seedsnatcher.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 OWASP公布AI代理的10大資安威脅 https://www.ithome.com.tw/news/172760 PromptPwnd提示詞注入攻擊濫用AI代理，竊取金鑰並改寫CI/CD流程 https://www.ithome.com.tw/news/172709 Battering RAM硬體攻擊可繞過Intel與AMD機密運算，威脅公有雲資料安全 https://www.ithome.com.tw/news/172666 殭屍網路鎖定海運物流公司，綁架DVR發動DDoS攻擊 https://www.ithome.com.tw/news/172721 塑膠包裝材料與膠帶製造商炎洲、子公司炎洲流通資訊系統遭勒索軟體攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=150039&SPOKE_DATE=20251208&COMPANY_ID=4306 電子零組件供應商台郡資訊系統遭網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=140008&SPOKE_DATE=20251211&COMPANY_ID=6269 英格蘭主要醫療照護業者Barts Health NHS Trust遭Oracle EBS零時差漏洞攻擊 https://www.bleepingcomputer.com/news/security/barts-health-nhs-discloses-data-breach-after-oracle-zero-day-hack/ 英國國家網路安全中心推出主動通報服務，對企業組織曝險的裝置提出警告 https://www.bleepingcomputer.com/news/security/ncscs-proactive-notifications-warns-orgs-of-flaws-in-exposed-devices/ 葡萄牙修正《網路犯罪法》，明定資安研究員在特定條件下不受處罰 https://www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/ 中國駭客UNC5174濫用Discord的API，目的是充當C2通訊管道以迴避偵測 https://www.ithome.com.tw/news/172723 中國研究干擾低軌衛星通訊：需 2,000 架無人機切斷台灣規模網路區域 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12517 越南駭客OceanLotus鎖定中國自主IT生態系統「信創」而來，入侵Linux主機從事網路間諜活動 https://gbhackers.com/xinchuang-ecosystem/ 駭客利用Gogs零時差漏洞入侵逾700臺伺服器 https://www.ithome.com.tw/news/172793 Gladinet CentreStack加密演算法實作存在零時差漏洞，至少有9家企業組織遭到攻擊 https://www.bleepingcomputer.com/news/security/hackers-exploit-gladinet-centrestack-cryptographic-flaw-in-rce-attacks/ 亞太區 API 安全缺口日益擴大，立即強化治理與韌性當務之急 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12515 AI瀏覽器成為新攻擊目標！HashJack漏洞與提示注入威脅加劇 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12503 日本 JPCERT 警告：Array AG VPN 漏洞遭駭客積極利用，企業應立即檢查 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12518 JPCERT Confirms Active Command Injection Attacks on Array AG Gateways https://thehackernews.com/2025/12/jpcert-confirms-active-command.html Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 新型態手法ConsentFix結合OAuth同意網路釣魚，透過Azure CLI騙取微軟帳號 https://www.ithome.com.tw/news/172800 北韓IT工作者滲透歐美企業出現新招，先透過釣魚手法冒用合法工程師的身分，再向企業應徵 https://www.ithome.com.tw/news/172724 英國公立醫療機構Barts Health NHS Trust遭遇Oracle EBS資料外洩，並公開於暗網 https://www.ithome.com.tw/news/172731 逾1萬個Docker Hub映像曝露憑證與API金鑰 https://www.bleepingcomputer.com/news/security/over-10-000-docker-hub-images-found-leaking-credentials-auth-keys/ 初始入侵管道掮客Storm-0249手法升級，透過ClickFix網釣與無檔案PowerShell執行推動勒索軟體攻擊 https://thehackernews.com/2025/12/storm-0249-escalates-ransomware-attacks.html IDEsaster攻擊鏈濫用AI IDE與程式助理，恐致資料外洩與遠端程式碼執行 https://www.ithome.com.tw/news/172719 Evilginx網釣工具包活動鎖定美國18所大學而來，繞過多因素驗證竊取師生帳號資料 https://hackread.com/us-universities-domains-phishing-attacks/ 近南韓一半人口個資外洩！酷澎Coupang CEO請辭下台 https://www.technice.com.tw/techmanage/infosecurity/200869/ E.研究報告/工具 How to Streamline Zero Trust Using the Shared Signals Framework https://thehackernews.com/2025/12/how-to-streamline-zero-trust-using.html F.商業 Palo Alto Networks斥資33.5億美元買下可觀測性平臺供應商Chronosphere https://www.ithome.com.tw/news/172585 企業上雲、導入代理AI加速轉型，IDC預期機器身分安全風險增加，帶動IAM市場成長 https://www.ithome.com.tw/news/172710 產品資安責任鏈三棒接力、專家認「不可逆趨勢」：TWCERT/CC年會揭台灣資安轉型戰略(II) https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12505 2025上市櫃高科技製造業資安論壇-高科技產業資安重構：以零信任建構韌性供應鏈 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12510 從漏洞探勘到自動化攻擊：AI 正在重塑資安維運！Check Point 揭露駭客攻擊新常態 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12516 Google宣布Chrome強化Gemini代理式AI上網安全防護 https://www.ithome.com.tw/news/172716 Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats https://thehackernews.com/2025/12/google-adds-layered-defenses-to-chrome.html The Impact of Robotic Process Automation (RPA) on Identity and Access Management https://thehackernews.com/2025/12/the-impact-of-robotic-process.html Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work https://thehackernews.com/2025/12/securing-genai-in-browser-policy.html G.政府 數發部：算力資源為資服產業添助力 80家已達產品化 https://www.rti.org.tw/news?uid=3&pid=180659 竹縣府明年新設數位發展處 前藍營新媒體部副主任劉奕帆任處長 https://news.ltn.com.tw/news/politics/breakingnews/5275728 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 強化國家資安韌性　AIN全智網助攻資安院啟動工控專業訓練 https://www.storm.mg/article/11086761 穿戴、工控與個人 AI 裝置齊發：On-Device AI 推升「超低功耗晶片」成長動能 https://uanalyze.com.tw/articles/7466740999 全國首創「軌道電路設備物聯網計畫」　桃捷勇奪「傑出交通運輸計畫獎」 https://reurl.cc/ORYLW9 受惠物聯網及工業4.0，亞信明年展望正向 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=dcf0bc7f-1b58-4855-a344-ac25341be84b 瑞薩推出首款Wi-Fi 6和Wi-Fi/Bluetooth LE雙模MCU　滿足物聯網和智慧家庭應用 https://reurl.cc/8bDLgo 聚焦IIoT與汽車　NXP攜手產業推動智慧轉型 https://www.eettaiwan.com/20251209nt11-nxp-and-industry-drive-smart-transformation/ Omdia：預計到2035年蜂窩物聯網(Cellular IoT)連接數將達到59億 https://hk.investing.com/news/stock-market-news/article-1229073 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 資安課程【Ai實物教學小技巧】2025/12/13 https://www.accupass.com/event/2511050308171335521179 Critical Thinking for Startup Success - Online Session 2025/12/13 https://www.meetup.com/startup-agile-hong-kong/events/312234919/ .NET Conf 2025 - Next Gen .NET: Build Smarter, Run Faster 2025/12/13 https://www.meetup.com/cloud-experts-group/events/311974909/ AI Engineers Weekly Tech Talks 2025/12/13 https://www.meetup.com/ai-engineers-in-taiwan/events/312163633/ 【十二月場】MaiCoin 小學堂-進階版 2025/12/14 https://www.accupass.com/event/2512060429598924625650 【專為 PM、UIUX、行銷人所打造的 AI Coding 實戰課】2025/12/14 https://www.accupass.com/event/2511050121403729194000 bitcoin++ taipei | sovereignty edition 2025/12/15 https://www.meetup.com/taiwan-bitdevs/events/312113117/ 從 AI 小編客服到 CRM 整合 2025/12/17 https://wingwill.kktix.cc/events/aws-ai-web-performance-crm-event-2512 /dev/meet 資安小聚 2025/12/17 https://devcore.kktix.cc/events/meet251217 [On-Line] AWS Global Community Gatherings #14 2025/12/19 https://www.meetup.com/awsglobalcommunitygatherings/events/310622571/ 連結台灣專題講座：隱私保護機器學習概論 2025/12/19 https://technologyandlife.kktix.cc/events/19-12-25 Transform Your Business Through Strategic Cloud Migration - A Practical Framewor 2025/12/20 https://www.meetup.com/hang-zhou-atlassian-community-events/events/312234973/ 【課程諮詢】物聯網邊緣運算與資安實戰 2025/12/20 https://www.accupass.com/event/2412260751154280345070 【AI與健康照護】｜BEING HUMAN：AI與人共生的那一天 2025/12/20 https://www.accupass.com/event/2511040559456239777670 經濟部產業人才能力鑑定 IPAS 證照-AI應用規劃師+資訊安全工程師證照趨勢 2025/12/20 https://www.accupass.com/event/2511100938472545413330 【資安講座】滲透測試實務分享 2025/12/22 https://hackersir.kktix.cc/events/20251222-practical-pentest WordPress 台北 x 彩虹 聯合小聚 尾牙場 @ 言文字 2025/12/22 https://www.meetup.com/taipei-wordpress/events/312164321/ AI X-Mas event 2025/12/23 https://www.meetup.com/taipei-education-technology-meetup-group/events/312277145/ 【十二月場】MaiCoin 反詐騙講座 2025/12/24 https://www.accupass.com/event/2512060436481692456595