Ice1187/TW-Security-and-CTF-Resource
GitHub: Ice1187/TW-Security-and-CTF-Resource
一份系统整理台湾地区资讯安全与 CTF 学习资源的开源清单,涵盖技术教学、竞赛资讯、练习平台与社群组织。
Stars: 886 | Forks: 46
# 台湾资安 / CTF 学习资源整理
### 征求中:
- [ ] 威胁情资运用
- [ ] iOS Secuirty
- [ ] Cloud Security
## 目录
- [学习资源](#學習資源)
- [Basics](#basics)
- [Pwn](#pwn)
- [Web](#web)
- [Reverse](#reverse)
- [Crypto](#crypto)
- [Network](#network)
- [Fuzzing](#fuzzing)
- [Windows](#windows)
- [Android](#android)
- [红队演练 / 渗透测试](#紅隊演練--滲透測試)
- [工控安全](#工控安全)
- [Web3](#Web3)
- [进阶 (?](#advanced-)
- [大学课程线上影片](#大學課程線上影片)
- [未分类](#uncategorized)
- [经验分享](#經驗分享)
- [CTF](#ctf)
- [Wargame](#wargame)
- [营队 & 培训计划](#營隊--培訓計畫)
- [社群 & 学校社团](#社群--學校社團)
- [学校社团](#學校社群社團)
- [活动](#活動)
- [奖学金](#獎學金)
- [实习](#實習)
- [补助、赞助](#補助贊助)
- [漏洞通报](#漏洞通報)
- [国外资源](#國外資源)
- [Mindset](#mindset-心法)
- [CTF](#ctf-1)
- [Web](#web-1)
- [Crypto](#crypto-1)
- [Pwn](#pwn-1)
- [Reverse & Malware Analysis](#reverse--malware-analysis)
- [General Training](#general-training)
- [Fuzzing](#fuzzing-1)
- [Embedded / IoT](#embedded--iot)
- [Penetration Test / Red Team](#penetration-test--red-team)
- [Car/Automotive Hacking 汽车安全](#carautomotive-hacking-汽車安全)
- [ICS Security 工控安全](#ics-security-工控安全)
- [Web3](#Web3-1)
- [Wargame](#Wargame-1)
- [CTF Design 题目设计](#ctf-design-題目設計)
- [未分类](#uncategorized-1)
## 学习资源
### 基础
- [高中职生资安研习营](https://www.facebook.com/高中職生資安研習營-455550404836569/)
- [AIS3 Junior 新型态高中职资安课程](https://ais3.org/junior)
- [Introduction to CTF by Ice1187](https://github.com/Ice1187/My-Slides/blob/main/Introduction%20to%20CTF.pdf)
- [Linux Basic by Ice1187](https://github.com/Ice1187/My-Slides/blob/main/Linux%20Basic.pdf)
- [清大开放式课程 - 操作系统](https://ocw.nthu.edu.tw/ocw/index.php?page=course&cid=295)
- [CSOs 数字防御手册 by OCF](https://drive.google.com/file/d/1Yj6xmmJWHbleFRzbxVM1XbRzfFNGZg8w/view)
- [国家资通安全研究院 资安星际指南](https://www.nics.nat.gov.tw/cybersecurity_resources/publications/Research_Reports/)
### Pwn
- [NTU Computer Security by Yuawn](https://github.com/yuawn/NTU-Computer-Security)
- [2021 交大程序安全 binary exploit 课程教材 by u1f383 & kia](https://github.com/u1f383/Software-Security-2021)
- [漏洞攻击从入门到放弃 by frozenkp](https://www.youtube.com/playlist?list=PL7bgZHZRy3pJ1Lw-OmN5v3uEz-wSgPiCN)
- [Linux Kernel Exploitation by Yuawn](https://github.com/yuawn/Linux-Kernel-Exploitation)
- [Angel Boy's SlideShares](https://www.slideshare.net/AngelBoy1/presentations) ([YouTube 直播录像](https://www.youtube.com/@scwuaptx/streams))
- [Kazma's Blog](https://kazma.tw)
- [u1f383's Blog](https://u1f383.github.io/about/)
### Web
- [How to Hack Websites by Splitline](https://github.com/splitline/How-to-Hack-Websites)
- [[资安新手入门手册] Web Security 领航之路 by 飞飞](https://medium.com/资子之手-安之你我/资安新手入门手册-web-security-领航之路-8d634d9228b5)
- [Huli's Blog](https://blog.huli.tw/categories/Security/)
- [Beyond XSS:探索网页前端资安宇宙 by Huli](https://aszx87410.github.io/beyond-xss/)
- [Orange🍊's Blog](https://blog.orange.tw/)
### Reverse
- [SCIST 资安课程:我独自逆向:Reverse by Kazma](https://github.com/kazmatw/Kazma-Reverse-Engineering-Course)
- [2021 交大程序安全 Reverse Engineering 逆向工程简报、影片、题目 by LJP-TW](https://github.com/LJP-TW/NYCU-Secure-Programming)
- [2020 交大程序安全:逆向工程上课讲义 by NiNi](https://speakerdeck.com/terrynini/2020-jiao-da-cheng-shi-an-quan-ni-xiang-gong-cheng-shang-ke-jiang-yi-nil-di-zhou-di-duan)
- [2023 台大计算机安全:Windows Malware RE by Ice1187](https://github.com/Ice1187/My-Slides/blob/main/Windows%20Malware%20RE.pdf)
### Crypto
- [Crypto Course by oalieno](https://github.com/OAlienO/Crypto-Course)
- [Maple🍁's Blog](https://blog.maple3142.net/)
### 网络
- [从 0 开始的 Web Security by seadog007](https://ithelp.ithome.com.tw/articles/10237617)
### Fuzzing
- [fuzzing-learning-in-30-days by u1f383](https://github.com/u1f383/fuzzing-learning-in-30-days)
- [Fuzzing by Yuawn](https://github.com/yuawn/Fuzzing)
### Windows
- [现实主义勇者的 Windows 攻防记 by Zeze](https://ithelp.ithome.com.tw/users/20129318/ironman/4165)
- [Windows APT Warfare:恶意程序前线战术指南 by aaaddress1](https://www.tenlong.com.tw/products/9786264142519)
### Android
- [Android App 逆向入门 by Huli](https://blog.huli.tw/2023/04/27/android-apk-decompile-intro-1/)
### 红队演练 / 渗透测试
- [DEVCORE 红队演练专家应征指南](https://devco.re/blog/2024/07/09/guide-to-applying-for-red-team-specialist/)
- [HITCON ZeroDay](https://zeroday.hitcon.org/)
### 工控安全
- [实战工控场域攻击 - 现行工业控制场域网络 by tyc4d @ BambooFox CSC](https://www.youtube.com/live/Nf38rq4lbAI)
### Web3
- [DeFiHackLabs](https://github.com/SunWeb3Sec/DeFiHackLabs)
### 进阶 (?
- [Orange🍊's Presentation Slides](https://github.com/orangetw/My-Presentation-Slides)
- [Angel Boy's SlideShares](https://www.slideshare.net/AngelBoy1/presentations)
- [Hao's Arsenal](https://blog.30cm.tw)
- [DEVCORE 技术专栏](https://devco.re/blog/category/%E6%8A%80%E8%A1%93%E5%B0%88%E6%AC%84/)
- [DEVCORE 技术专栏英文版 (注: 两边文章不完全相同)](https://devco.re/en/blog/category/Tech%20Editorials/)
### 大学课程线上影片
- [台大/交大/台科大 计算机安全](https://www.youtube.com/@edu-ctf/featured)
- [台师大 资安攻防演练](https://youtube.com/playlist?list=PLBoiH9x2FdcPz6612yJXaMFWUAk_ZrPoO&si=0Nrihvsk69MzU9FS)
### 未分类
- [资安学习路径 by 飞飞](https://path.feifei.tw)
- [交大网络安全策进会 历年社课](https://bamboofox.cs.nycu.edu.tw/courses)
- [台科大信息安全研究社 历年社课](https://www.youtube.com/channel/UC4-PD2BdlYWd807BhJZkjIg/videos)
- [成大资安社 历年社课](https://www.youtube.com/@NCKUCTF)
- [SCIST 南台湾学生资讯社群 历年信息安全课程](https://www.youtube.com/@scist-tw/courses)
- [Awesome Taiwan Security Course](https://github.com/fei3363/Awesome-Taiwan-Security-Course)
- [Got Your PW 专供资安人的资源与工具整理](https://gotyour.pw/resources.html)
- [HackerCat](https://hackercat.org/)
- [CTF种子培训工作坊](https://www.facebook.com/te.nics.tw/)
## 经验分享
- [CTF转生 — 不转生就拿出真本事 by NiNi](https://blog.terrynini.tw/tw/2024-CTF%E8%BD%89%E7%94%9F%E2%80%94%E4%B8%8D%E8%BD%89%E7%94%9F%E5%B0%B1%E6%8B%BF%E5%87%BA%E7%9C%9F%E6%9C%AC%E4%BA%8B/)
- [资安怎么入门大哉问 by 骇客花生酱](https://vocus.cc/article/655f63dcfd89780001a93397)
- [关于 CTF 的那些事 by LYS](https://www.youtube.com/watch?v=_lNPRlt6c2E)
- [独自升级的骇客: 自由之路从框架开始 by NiNi](https://www.youtube.com/watch?v=GP0H3DP-GZQ) ([简报](https://drive.google.com/file/d/1oFQJ6mFD_usynJPzk0RYJzL1dD7K8X78/view))
- [Windows 系统安全这么复杂怎么学 by Zeze](https://drive.google.com/file/d/1CPnYh8_BXJzxAEY_VJUDlLsdvWuSN0q8/view)
- [黑客、社团、资讯魔法学习大总汇 by 飞飞](https://www.youtube.com/watch?v=SkUuK731XGY)
- [从初出茅庐到破解大师: 我的 14 年骇客生涯回顾 by Orange🍊](https://github.com/orangetw/My-Presentation-Slides/blob/main/data/2021-IThome-from-beginner-to-master-of-pwn.pdf)
- [A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learneds by Orange🍊](https://github.com/orangetw/My-Presentation-Slides#2023)
- [The Art of PHP — My CTF Journey and Untold Stories! (繁中) by Orange🍊](https://blog.orange.tw/posts/2025-08-the-art-of-php-ch/)
### 研究投稿 & 发表
- [HITCON 投稿生存指南 by HITCON RB 主席 Bletchley](https://www.youtube.com/watch?t=3161&v=hHKMPj6qFxs)
- [HITCON 学生发表奖励](https://hacker.org.tw/projects/hitcon-community-subsidy/)
### 证照
- [EXP-401 (OSEE):用五天课程训练通透十年的知识体系](https://devco.re/blog/2025/05/22/exp-401-osee-five-days-to-master-a-decade-of-knowledge/)
## CTF
- [MyFirstCTF](https://ais3.org/mfctf/)
- [Pre-exam of AIS3](https://ais3.org)
- [AIS3 EOF](https://ais3.org/eof)
- [BambooFox CTF](https://ctftime.org/ctf/394/)
- [台湾高中联合资安竞赛 THJCC CTF (Taiwan High-school Joint Cybersecurity Competition)](https://discord.com/invite/RDhf7rxz4f)
- [TSC CTF (Taiwan Security Club CTF)](https://discord.gg/AyKBaEWWVn)
- [TSJ CTF](https://ctftime.org/ctf/722)
- [Balsn CTF](https://ctftime.org/ctf/318)
- [ACSC CTF (Asian Cyber Security Challenge)](https://acsc.asia)
- [HITCON CTF](https://ctftime.org/ctf/79)
- [CGGC 网络守护者挑战赛](https://cggc.nchc.org.tw/)
- [神盾杯 资安竞赛](https://www.facebook.com/Aegis.CTF/?locale=zh_TW)
- [GiCS 资安女婕思](https://gics.tw/Home)
- [资安技能金盾奖](https://csc.nics.nat.gov.tw/shield.aspx)
- [AIS3 HACKATHON 资安专题黑客松](https://ais3.org/hackathon/2025/)
- [No Hack No CTF](https://nhnc.ic3dt3a.org/)
- [InnoServe 大专校院资讯应用服务创新竞赛](https://innoserve.tca.org.tw)
## Wargame 练习平台
- [pwnable.tw](https://pwnable.tw)
- [Hackme CTF](https://ctf.hackme.quest/)
- [NCKU CTF](https://class.nckuctf.org/)
- [BambooFox Wargame](https://bamboofox.cs.nycu.edu.tw/challenge_submissions)
- [SCIST CTF](https://ctf.scist.org/)
- [LoTuX CTF](https://lotuxctf.com/)
## 营队 & 培训计划
- ~~[高中职生资安研习营](https://www.facebook.com/高中職生資安研習營-455550404836569/)~~ (此子计划已结束)
- [AIS3 Junior 新型态高中职资安课程](https://ais3.org/junior)
- [AIS3 新型态资安实务主题课程](https://ais3.org)
- [台湾好厉害 高阶资安人才培训计划](https://www.facebook.com/people/TAIWANHolyHigh/100067003001515/)
- [南台湾学生资讯社群 SCIST 信息安全课程](https://www.facebook.com/scist.tw)
- [中部高中电资联合会议 SCAICT 信息安全课程](https://www.instagram.com/scaict.tw/)
- [TeamT5 Security Camp 资安培训营](https://teamt5.org/tw/posts/teamt5-security-camp-2025-info/)
- [Global Cybersecurity Camp (GCC)](https://gcc.ac/)
- [TDOH - 资安功德院](https://www.facebook.com/TSCHackerTDOH)
- [国家资通安全研究院 培训课程](https://www.nics.nat.gov.tw/latest_news/announcements/Event_Information/)
- [HITCON Training](https://hacker.org.tw/training/)
## 社群 & 学校社团
- Deep Hacking 读书会
- [南台湾学生资讯社群 SCIST](https://scist.org) [(FB 粉专)](https://www.facebook.com/scist.tw) [(YouTube)](https://www.youtube.com/c/OfficialSCIST)
- [中部高中电资联合会议 SCAICT](https://www.instagram.com/scaict.tw/)
- [CURA (CyberSecurity Unions Research Association)](https://www.facebook.com/profile.php?id=100086766466326)
- [HITCON GIRLS (女性 only)](https://www.facebook.com/HITCONGIRLS/)
- [TDOHacker](http://tdoh.logdown.com)
- [UCCU Hacker](https://www.facebook.com/UCCU.Hacker/)
- [CHROOT](http://www.chroot.org)
- [B33F 50UP](https://discord.gg/G5rTjx72FH)
- [StarHack 星骇资安社群](https://www.facebook.com/StarHackAcademy/) ([公开 Discord](https://discord.gg/yyJUZNVHzb))
### 学校社群/社团
- [台湾大学 网络安全实验室 Balsn](https://balsn.tw)
- [台湾科技大学 资安研究社 NTUSTISC](https://www.facebook.com/ntust.hacking)
- [交通大学 网络安全策进会 BambooFox CSC](https://bamboofox.cs.nycu.edu.tw/) [(FB 粉专)](https://www.facebook.com/NCTUCSC/)
- [台北科技大学 信息安全实验室](https://is1ab.com/) [(is1lab Web GitHub)](https://github.com/is1ab-web)
- [中央大学 CTF 读书会 NCtfU](https://www.facebook.com/nctfu/)
- [逢大学 黑客社 HackerSir](https://hackersir.org/) [(FB 粉专)](https://www.facebook.com/HackerSir.tw/)
- [中山大学 资安社 NSYSU ISC](https://www.facebook.com/nsysuisc/)
- [辅仁大学 信息安全研究会 NISRA](https://www.facebook.com/N15RA/)
- [东海大学 骇客社](https://www.facebook.com/東海駭客社-Hackers-in-Tunghai-115250553936475/)
- [成功大学 资安社](https://linktr.ee/NCKUCTF)
- [台东大学 资安社](https://www.instagram.com/nttu_hack/)
- [台南大学 资安社](https://www.instagram.com/nutn_isc/)
## 活动
- [/dev/meet 资安小聚 by DEVCORE](https://devcore.kktix.cc/)
- [HITCON 台湾骇客年会](https://hitcon.org)
- [学生发表奖励](https://hacker.org.tw/projects/hitcon-community-subsidy/)
- [DEVCORE CONFERENCE](https://conf.devco.re/)
- [CraftCon](https://www.cycraft.com/news/craftcon2026-20260511)
- [TeamT5 威胁分析师高峰会](https://teamt5.org/tw/posts/2025-teamt5-threat-analyst-summit/)
- [CYBERSEC 台湾资安大会](https://cyber.ithome.com.tw/)
- [每月资安、社群活动分享 by TDOHacker](https://blog.tdohacker.org)
- [Taiwan Security Activity Deadlines](https://stwater20.github.io/taiwan-security-deadlines/)
- [活动分享 by NICS 资安人参](https://www.facebook.com/te.nics.tw/)
- [hacker-tracker.tw 台湾资讯相关活动行事历](https://hacker-tracker.tw)
## 奖学金
- [DEVCORE 全国信息安全奖学金](https://devco.re/blog/2025/09/08/2025-devcore-cybersecurity-scholarship-application-opens/)
## 实习
- [DEVCORE 实习生计划](https://devco.re/blog/2025/12/30/9th-internship-program-recruit/)
- [奥义智慧科技 资安研究实习生](https://docs.google.com/forms/d/e/1FAIpQLSeu2qFpHICCRmwtcAo1O_9MJRNdgWpO7DdOMd7MDeWEgRf8ew/viewform)
- [TeamT5 实习](https://www.104.com.tw/company/1a2x6bkavd?roleJobCat=2_0&area=0&page=1&pageSize=20&order=8&asc=0&jobsource=company_job%5D%28https%3A%2F%2Fwww.104.com.tw%2Fcompany%2F1a2x6bkavd%3FroleJobCat%3D2_0&jobsource=company_job&tab=job)
- [TrapaSecurity 实习](https://www.cakeresume.com/companies/trapasecurity/jobs)
- [TXOne Networks 实习](https://www.104.com.tw/company/1a2x6blwhx)
- [趋势科技实习](https://careers.trendmicro.tw/%E6%A0%A1%E5%9C%92%E5%B0%88%E5%8D%80/young%E8%B6%A8%E5%8B%A2%E4%BA%BA%E6%9A%91%E6%9C%9F%E5%AF%A6%E7%BF%92/)
- [教育部信息安全人才培育计划 职缺公布栏](https://isip.moe.edu.tw/job/)
## 漏洞通报
- [HITCON ZeroDay](https://zeroday.hitcon.org/)
- [TWCERT/CC 台湾漏洞揭露平台 (TVN)](https://www.twcert.org.tw/tw/np-131-1.html)
## 国外资源
虽然这里主要是整理台湾的资安 / CTF 学习资源,但因为我认为这些资源的内容和品质非常好,因此还是放一下。
### Mindset 心法
- [Some Thoughts on Teaching Hacking](https://jeremyharbinger.com/teaching-hacking-1)
### CTF
- [picoCTF](https://picoctf.org)
- [CTFtime](https://ctftime.org)
- [The Flare-On Challenge (for Reverse)](https://flare-on.com/)
### Web
- [PortSwigger Web Security Academy](https://portswigger.net/web-security)
### Crypto
- [CRYPTOHACK](https://cryptohack.org/)
- [Understanding Cryptography: A Textbook for Students and Practitioners](http://ndl.ethernet.edu.et/bitstream/123456789/89369/1/Understanding%20cryptography%20a%20textbook%20for%20students%20and%20practitioners%20by%20Christof%20Paar%2C%20Jan%20Pelzl.pdf)
- [Crypton](https://github.com/ashutosh1206/Crypton)
- [Lattice-Based Cryptanalysis](https://github.com/josephsurin/lattice-based-cryptanalysis/blob/main/tutorial.pdf)
### Pwn
- [Binary Exploitation / Memory Corruption by LiveOverflow](https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN)
- [shellphish/how2heap](https://github.com/shellphish/how2heap)
- [Pwn2Own](https://www.trendmicro.com/en_us/zero-day-initiative/pwn2own.html)
### Reverse & Malware Analysis
- [FLARE Learing Hub](https://github.com/mandiant/flare-learning-hub)
- [stacksmashing's YouTube](https://www.youtube.com/@stacksmashing)
- [Zero2Segfault's YouTube](https://www.youtube.com/@Zero2Segfault/playlists)
### 通用训练
- [Low Level's YouTube](https://www.youtube.com/@LowLevelTV)
- [pwn.college](https://pwn.college)
- [TryHackMe](https://tryhackme.com/)
### Fuzzing
- [Fuzzing101](https://github.com/antonio-morales/Fuzzing101)
### Embedded / IoT
- [Hardware Security Research by LiveOverflow](https://www.youtube.com/playlist?list=PLhixgUqwRTjyLgF4x-ZLVFL-CRTCrUo03)
- [RECESSIM's YouTube](https://www.youtube.com/@RECESSIM)
- [Mattbrwn's YouTube](https://www.youtube.com/@mattbrwn)
- [FlashbackTeam's YouTube](https://www.youtube.com/@FlashbackTeam)
- [stacksmashing's YouTube](https://www.youtube.com/@stacksmashing/videos)
- [Embedded Security CTF](https://microcorruption.com)
- [MITRE Embedded CTF](https://ectf.mitre.org/)
### 渗透测试 / 红队
- [HackTheBox](https://www.hackthebox.com)
- [IppSec's YouTube](https://www.youtube.com/c/ippsec/videos)
- [GOAD: Game of Active Directory](https://github.com/Orange-Cyberdefense/GOAD)
- [ired.team](https://www.ired.team/)
- [Overview of network pivoting and tunneling](https://blog.raw.pm/en/state-of-the-art-of-network-pivoting-in-2019/)
### Car/Automotive Hacking 汽车安全
- [Car Hacking 101: Practical Guide to Exploiting CAN-Bus using Instrument Cluster Simulator](https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53)
- [Instrument Cluster Simulator for SocketCAN](https://github.com/zombieCraig/ICSim)
### ICS Security 工控安全
- [Fortiphyd Logic Inc](https://www.youtube.com/@fortiphyd/videos)
- [Graphical Realism Framework for Industrial Control Simulation](https://github.com/Fortiphyd/GRFICSv2)
### Web3
- [区块链黑暗森林自救手册](https://darkhandbook.io/)
### Wargame
- [OverTheWire](https://overthewire.org/wargames/)
- [The Ethernaut](https://ethernaut.openzeppelin.com/)
### CTF Design 题目设计
- [CTF Design Guidelines](https://docs.google.com/document/d/1QBhColOjT8vVeyQxM1qNE-pczqeNSJiWOEiZQF2SSh8/preview)
标签:云资产清单, 内核模块, 学习资料, 安全资源, 网络安全, 逆向工程, 防御加固, 隐私保护