Ice1187/TW-Security-and-CTF-Resource

GitHub: Ice1187/TW-Security-and-CTF-Resource

一份系统整理台湾地区资讯安全与 CTF 学习资源的开源清单,涵盖技术教学、竞赛资讯、练习平台与社群组织。

Stars: 886 | Forks: 46

# 台湾资安 / CTF 学习资源整理 ### 征求中: - [ ] 威胁情资运用 - [ ] iOS Secuirty - [ ] Cloud Security ## 目录 - [学习资源](#學習資源) - [Basics](#basics) - [Pwn](#pwn) - [Web](#web) - [Reverse](#reverse) - [Crypto](#crypto) - [Network](#network) - [Fuzzing](#fuzzing) - [Windows](#windows) - [Android](#android) - [红队演练 / 渗透测试](#紅隊演練--滲透測試) - [工控安全](#工控安全) - [Web3](#Web3) - [进阶 (?](#advanced-) - [大学课程线上影片](#大學課程線上影片) - [未分类](#uncategorized) - [经验分享](#經驗分享) - [CTF](#ctf) - [Wargame](#wargame) - [营队 & 培训计划](#營隊--培訓計畫) - [社群 & 学校社团](#社群--學校社團) - [学校社团](#學校社群社團) - [活动](#活動) - [奖学金](#獎學金) - [实习](#實習) - [补助、赞助](#補助贊助) - [漏洞通报](#漏洞通報) - [国外资源](#國外資源) - [Mindset](#mindset-心法) - [CTF](#ctf-1) - [Web](#web-1) - [Crypto](#crypto-1) - [Pwn](#pwn-1) - [Reverse & Malware Analysis](#reverse--malware-analysis) - [General Training](#general-training) - [Fuzzing](#fuzzing-1) - [Embedded / IoT](#embedded--iot) - [Penetration Test / Red Team](#penetration-test--red-team) - [Car/Automotive Hacking 汽车安全](#carautomotive-hacking-汽車安全) - [ICS Security 工控安全](#ics-security-工控安全) - [Web3](#Web3-1) - [Wargame](#Wargame-1) - [CTF Design 题目设计](#ctf-design-題目設計) - [未分类](#uncategorized-1) ## 学习资源 ### 基础 - [高中职生资安研习营](https://www.facebook.com/高中職生資安研習營-455550404836569/) - [AIS3 Junior 新型态高中职资安课程](https://ais3.org/junior) - [Introduction to CTF by Ice1187](https://github.com/Ice1187/My-Slides/blob/main/Introduction%20to%20CTF.pdf) - [Linux Basic by Ice1187](https://github.com/Ice1187/My-Slides/blob/main/Linux%20Basic.pdf) - [清大开放式课程 - 操作系统](https://ocw.nthu.edu.tw/ocw/index.php?page=course&cid=295) - [CSOs 数字防御手册 by OCF](https://drive.google.com/file/d/1Yj6xmmJWHbleFRzbxVM1XbRzfFNGZg8w/view) - [国家资通安全研究院 资安星际指南](https://www.nics.nat.gov.tw/cybersecurity_resources/publications/Research_Reports/) ### Pwn - [NTU Computer Security by Yuawn](https://github.com/yuawn/NTU-Computer-Security) - [2021 交大程序安全 binary exploit 课程教材 by u1f383 & kia](https://github.com/u1f383/Software-Security-2021) - [漏洞攻击从入门到放弃 by frozenkp](https://www.youtube.com/playlist?list=PL7bgZHZRy3pJ1Lw-OmN5v3uEz-wSgPiCN) - [Linux Kernel Exploitation by Yuawn](https://github.com/yuawn/Linux-Kernel-Exploitation) - [Angel Boy's SlideShares](https://www.slideshare.net/AngelBoy1/presentations) ([YouTube 直播录像](https://www.youtube.com/@scwuaptx/streams)) - [Kazma's Blog](https://kazma.tw) - [u1f383's Blog](https://u1f383.github.io/about/) ### Web - [How to Hack Websites by Splitline](https://github.com/splitline/How-to-Hack-Websites) - [[资安新手入门手册] Web Security 领航之路 by 飞飞](https://medium.com/资子之手-安之你我/资安新手入门手册-web-security-领航之路-8d634d9228b5) - [Huli's Blog](https://blog.huli.tw/categories/Security/) - [Beyond XSS:探索网页前端资安宇宙 by Huli](https://aszx87410.github.io/beyond-xss/) - [Orange🍊's Blog](https://blog.orange.tw/) ### Reverse - [SCIST 资安课程:我独自逆向:Reverse by Kazma](https://github.com/kazmatw/Kazma-Reverse-Engineering-Course) - [2021 交大程序安全 Reverse Engineering 逆向工程简报、影片、题目 by LJP-TW](https://github.com/LJP-TW/NYCU-Secure-Programming) - [2020 交大程序安全:逆向工程上课讲义 by NiNi](https://speakerdeck.com/terrynini/2020-jiao-da-cheng-shi-an-quan-ni-xiang-gong-cheng-shang-ke-jiang-yi-nil-di-zhou-di-duan) - [2023 台大计算机安全:Windows Malware RE by Ice1187](https://github.com/Ice1187/My-Slides/blob/main/Windows%20Malware%20RE.pdf) ### Crypto - [Crypto Course by oalieno](https://github.com/OAlienO/Crypto-Course) - [Maple🍁's Blog](https://blog.maple3142.net/) ### 网络 - [从 0 开始的 Web Security by seadog007](https://ithelp.ithome.com.tw/articles/10237617) ### Fuzzing - [fuzzing-learning-in-30-days by u1f383](https://github.com/u1f383/fuzzing-learning-in-30-days) - [Fuzzing by Yuawn](https://github.com/yuawn/Fuzzing) ### Windows - [现实主义勇者的 Windows 攻防记 by Zeze](https://ithelp.ithome.com.tw/users/20129318/ironman/4165) - [Windows APT Warfare:恶意程序前线战术指南 by aaaddress1](https://www.tenlong.com.tw/products/9786264142519) ### Android - [Android App 逆向入门 by Huli](https://blog.huli.tw/2023/04/27/android-apk-decompile-intro-1/) ### 红队演练 / 渗透测试 - [DEVCORE 红队演练专家应征指南](https://devco.re/blog/2024/07/09/guide-to-applying-for-red-team-specialist/) - [HITCON ZeroDay](https://zeroday.hitcon.org/) ### 工控安全 - [实战工控场域攻击 - 现行工业控制场域网络 by tyc4d @ BambooFox CSC](https://www.youtube.com/live/Nf38rq4lbAI) ### Web3 - [DeFiHackLabs](https://github.com/SunWeb3Sec/DeFiHackLabs) ### 进阶 (? - [Orange🍊's Presentation Slides](https://github.com/orangetw/My-Presentation-Slides) - [Angel Boy's SlideShares](https://www.slideshare.net/AngelBoy1/presentations) - [Hao's Arsenal](https://blog.30cm.tw) - [DEVCORE 技术专栏](https://devco.re/blog/category/%E6%8A%80%E8%A1%93%E5%B0%88%E6%AC%84/) - [DEVCORE 技术专栏英文版 (注: 两边文章不完全相同)](https://devco.re/en/blog/category/Tech%20Editorials/) ### 大学课程线上影片 - [台大/交大/台科大 计算机安全](https://www.youtube.com/@edu-ctf/featured) - [台师大 资安攻防演练](https://youtube.com/playlist?list=PLBoiH9x2FdcPz6612yJXaMFWUAk_ZrPoO&si=0Nrihvsk69MzU9FS) ### 未分类 - [资安学习路径 by 飞飞](https://path.feifei.tw) - [交大网络安全策进会 历年社课](https://bamboofox.cs.nycu.edu.tw/courses) - [台科大信息安全研究社 历年社课](https://www.youtube.com/channel/UC4-PD2BdlYWd807BhJZkjIg/videos) - [成大资安社 历年社课](https://www.youtube.com/@NCKUCTF) - [SCIST 南台湾学生资讯社群 历年信息安全课程](https://www.youtube.com/@scist-tw/courses) - [Awesome Taiwan Security Course](https://github.com/fei3363/Awesome-Taiwan-Security-Course) - [Got Your PW 专供资安人的资源与工具整理](https://gotyour.pw/resources.html) - [HackerCat](https://hackercat.org/) - [CTF种子培训工作坊](https://www.facebook.com/te.nics.tw/) ## 经验分享 - [CTF转生 — 不转生就拿出真本事 by NiNi](https://blog.terrynini.tw/tw/2024-CTF%E8%BD%89%E7%94%9F%E2%80%94%E4%B8%8D%E8%BD%89%E7%94%9F%E5%B0%B1%E6%8B%BF%E5%87%BA%E7%9C%9F%E6%9C%AC%E4%BA%8B/) - [资安怎么入门大哉问 by 骇客花生酱](https://vocus.cc/article/655f63dcfd89780001a93397) - [关于 CTF 的那些事 by LYS](https://www.youtube.com/watch?v=_lNPRlt6c2E) - [独自升级的骇客: 自由之路从框架开始 by NiNi](https://www.youtube.com/watch?v=GP0H3DP-GZQ) ([简报](https://drive.google.com/file/d/1oFQJ6mFD_usynJPzk0RYJzL1dD7K8X78/view)) - [Windows 系统安全这么复杂怎么学 by Zeze](https://drive.google.com/file/d/1CPnYh8_BXJzxAEY_VJUDlLsdvWuSN0q8/view) - [黑客、社团、资讯魔法学习大总汇 by 飞飞](https://www.youtube.com/watch?v=SkUuK731XGY) - [从初出茅庐到破解大师: 我的 14 年骇客生涯回顾 by Orange🍊](https://github.com/orangetw/My-Presentation-Slides/blob/main/data/2021-IThome-from-beginner-to-master-of-pwn.pdf) - [A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learneds by Orange🍊](https://github.com/orangetw/My-Presentation-Slides#2023) - [The Art of PHP — My CTF Journey and Untold Stories! (繁中) by Orange🍊](https://blog.orange.tw/posts/2025-08-the-art-of-php-ch/) ### 研究投稿 & 发表 - [HITCON 投稿生存指南 by HITCON RB 主席 Bletchley](https://www.youtube.com/watch?t=3161&v=hHKMPj6qFxs) - [HITCON 学生发表奖励](https://hacker.org.tw/projects/hitcon-community-subsidy/) ### 证照 - [EXP-401 (OSEE):用五天课程训练通透十年的知识体系](https://devco.re/blog/2025/05/22/exp-401-osee-five-days-to-master-a-decade-of-knowledge/) ## CTF - [MyFirstCTF](https://ais3.org/mfctf/) - [Pre-exam of AIS3](https://ais3.org) - [AIS3 EOF](https://ais3.org/eof) - [BambooFox CTF](https://ctftime.org/ctf/394/) - [台湾高中联合资安竞赛 THJCC CTF (Taiwan High-school Joint Cybersecurity Competition)](https://discord.com/invite/RDhf7rxz4f) - [TSC CTF (Taiwan Security Club CTF)](https://discord.gg/AyKBaEWWVn) - [TSJ CTF](https://ctftime.org/ctf/722) - [Balsn CTF](https://ctftime.org/ctf/318) - [ACSC CTF (Asian Cyber Security Challenge)](https://acsc.asia) - [HITCON CTF](https://ctftime.org/ctf/79) - [CGGC 网络守护者挑战赛](https://cggc.nchc.org.tw/) - [神盾杯 资安竞赛](https://www.facebook.com/Aegis.CTF/?locale=zh_TW) - [GiCS 资安女婕思](https://gics.tw/Home) - [资安技能金盾奖](https://csc.nics.nat.gov.tw/shield.aspx) - [AIS3 HACKATHON 资安专题黑客松](https://ais3.org/hackathon/2025/) - [No Hack No CTF](https://nhnc.ic3dt3a.org/) - [InnoServe 大专校院资讯应用服务创新竞赛](https://innoserve.tca.org.tw) ## Wargame 练习平台 - [pwnable.tw](https://pwnable.tw) - [Hackme CTF](https://ctf.hackme.quest/) - [NCKU CTF](https://class.nckuctf.org/) - [BambooFox Wargame](https://bamboofox.cs.nycu.edu.tw/challenge_submissions) - [SCIST CTF](https://ctf.scist.org/) - [LoTuX CTF](https://lotuxctf.com/) ## 营队 & 培训计划 - ~~[高中职生资安研习营](https://www.facebook.com/高中職生資安研習營-455550404836569/)~~ (此子计划已结束) - [AIS3 Junior 新型态高中职资安课程](https://ais3.org/junior) - [AIS3 新型态资安实务主题课程](https://ais3.org) - [台湾好厉害 高阶资安人才培训计划](https://www.facebook.com/people/TAIWANHolyHigh/100067003001515/) - [南台湾学生资讯社群 SCIST 信息安全课程](https://www.facebook.com/scist.tw) - [中部高中电资联合会议 SCAICT 信息安全课程](https://www.instagram.com/scaict.tw/) - [TeamT5 Security Camp 资安培训营](https://teamt5.org/tw/posts/teamt5-security-camp-2025-info/) - [Global Cybersecurity Camp (GCC)](https://gcc.ac/) - [TDOH - 资安功德院](https://www.facebook.com/TSCHackerTDOH) - [国家资通安全研究院 培训课程](https://www.nics.nat.gov.tw/latest_news/announcements/Event_Information/) - [HITCON Training](https://hacker.org.tw/training/) ## 社群 & 学校社团 - Deep Hacking 读书会 - [南台湾学生资讯社群 SCIST](https://scist.org) [(FB 粉专)](https://www.facebook.com/scist.tw) [(YouTube)](https://www.youtube.com/c/OfficialSCIST) - [中部高中电资联合会议 SCAICT](https://www.instagram.com/scaict.tw/) - [CURA (CyberSecurity Unions Research Association)](https://www.facebook.com/profile.php?id=100086766466326) - [HITCON GIRLS (女性 only)](https://www.facebook.com/HITCONGIRLS/) - [TDOHacker](http://tdoh.logdown.com) - [UCCU Hacker](https://www.facebook.com/UCCU.Hacker/) - [CHROOT](http://www.chroot.org) - [B33F 50UP](https://discord.gg/G5rTjx72FH) - [StarHack 星骇资安社群](https://www.facebook.com/StarHackAcademy/) ([公开 Discord](https://discord.gg/yyJUZNVHzb)) ### 学校社群/社团 - [台湾大学 网络安全实验室 Balsn](https://balsn.tw) - [台湾科技大学 资安研究社 NTUSTISC](https://www.facebook.com/ntust.hacking) - [交通大学 网络安全策进会 BambooFox CSC](https://bamboofox.cs.nycu.edu.tw/) [(FB 粉专)](https://www.facebook.com/NCTUCSC/) - [台北科技大学 信息安全实验室](https://is1ab.com/) [(is1lab Web GitHub)](https://github.com/is1ab-web) - [中央大学 CTF 读书会 NCtfU](https://www.facebook.com/nctfu/) - [逢大学 黑客社 HackerSir](https://hackersir.org/) [(FB 粉专)](https://www.facebook.com/HackerSir.tw/) - [中山大学 资安社 NSYSU ISC](https://www.facebook.com/nsysuisc/) - [辅仁大学 信息安全研究会 NISRA](https://www.facebook.com/N15RA/) - [东海大学 骇客社](https://www.facebook.com/東海駭客社-Hackers-in-Tunghai-115250553936475/) - [成功大学 资安社](https://linktr.ee/NCKUCTF) - [台东大学 资安社](https://www.instagram.com/nttu_hack/) - [台南大学 资安社](https://www.instagram.com/nutn_isc/) ## 活动 - [/dev/meet 资安小聚 by DEVCORE](https://devcore.kktix.cc/) - [HITCON 台湾骇客年会](https://hitcon.org) - [学生发表奖励](https://hacker.org.tw/projects/hitcon-community-subsidy/) - [DEVCORE CONFERENCE](https://conf.devco.re/) - [CraftCon](https://www.cycraft.com/news/craftcon2026-20260511) - [TeamT5 威胁分析师高峰会](https://teamt5.org/tw/posts/2025-teamt5-threat-analyst-summit/) - [CYBERSEC 台湾资安大会](https://cyber.ithome.com.tw/) - [每月资安、社群活动分享 by TDOHacker](https://blog.tdohacker.org) - [Taiwan Security Activity Deadlines](https://stwater20.github.io/taiwan-security-deadlines/) - [活动分享 by NICS 资安人参](https://www.facebook.com/te.nics.tw/) - [hacker-tracker.tw 台湾资讯相关活动行事历](https://hacker-tracker.tw) ## 奖学金 - [DEVCORE 全国信息安全奖学金](https://devco.re/blog/2025/09/08/2025-devcore-cybersecurity-scholarship-application-opens/) ## 实习 - [DEVCORE 实习生计划](https://devco.re/blog/2025/12/30/9th-internship-program-recruit/) - [奥义智慧科技 资安研究实习生](https://docs.google.com/forms/d/e/1FAIpQLSeu2qFpHICCRmwtcAo1O_9MJRNdgWpO7DdOMd7MDeWEgRf8ew/viewform) - [TeamT5 实习](https://www.104.com.tw/company/1a2x6bkavd?roleJobCat=2_0&area=0&page=1&pageSize=20&order=8&asc=0&jobsource=company_job%5D%28https%3A%2F%2Fwww.104.com.tw%2Fcompany%2F1a2x6bkavd%3FroleJobCat%3D2_0&jobsource=company_job&tab=job) - [TrapaSecurity 实习](https://www.cakeresume.com/companies/trapasecurity/jobs) - [TXOne Networks 实习](https://www.104.com.tw/company/1a2x6blwhx) - [趋势科技实习](https://careers.trendmicro.tw/%E6%A0%A1%E5%9C%92%E5%B0%88%E5%8D%80/young%E8%B6%A8%E5%8B%A2%E4%BA%BA%E6%9A%91%E6%9C%9F%E5%AF%A6%E7%BF%92/) - [教育部信息安全人才培育计划 职缺公布栏](https://isip.moe.edu.tw/job/) ## 漏洞通报 - [HITCON ZeroDay](https://zeroday.hitcon.org/) - [TWCERT/CC 台湾漏洞揭露平台 (TVN)](https://www.twcert.org.tw/tw/np-131-1.html) ## 国外资源 虽然这里主要是整理台湾的资安 / CTF 学习资源,但因为我认为这些资源的内容和品质非常好,因此还是放一下。 ### Mindset 心法 - [Some Thoughts on Teaching Hacking](https://jeremyharbinger.com/teaching-hacking-1) ### CTF - [picoCTF](https://picoctf.org) - [CTFtime](https://ctftime.org) - [The Flare-On Challenge (for Reverse)](https://flare-on.com/) ### Web - [PortSwigger Web Security Academy](https://portswigger.net/web-security) ### Crypto - [CRYPTOHACK](https://cryptohack.org/) - [Understanding Cryptography: A Textbook for Students and Practitioners](http://ndl.ethernet.edu.et/bitstream/123456789/89369/1/Understanding%20cryptography%20a%20textbook%20for%20students%20and%20practitioners%20by%20Christof%20Paar%2C%20Jan%20Pelzl.pdf) - [Crypton](https://github.com/ashutosh1206/Crypton) - [Lattice-Based Cryptanalysis](https://github.com/josephsurin/lattice-based-cryptanalysis/blob/main/tutorial.pdf) ### Pwn - [Binary Exploitation / Memory Corruption by LiveOverflow](https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN) - [shellphish/how2heap](https://github.com/shellphish/how2heap) - [Pwn2Own](https://www.trendmicro.com/en_us/zero-day-initiative/pwn2own.html) ### Reverse & Malware Analysis - [FLARE Learing Hub](https://github.com/mandiant/flare-learning-hub) - [stacksmashing's YouTube](https://www.youtube.com/@stacksmashing) - [Zero2Segfault's YouTube](https://www.youtube.com/@Zero2Segfault/playlists) ### 通用训练 - [Low Level's YouTube](https://www.youtube.com/@LowLevelTV) - [pwn.college](https://pwn.college) - [TryHackMe](https://tryhackme.com/) ### Fuzzing - [Fuzzing101](https://github.com/antonio-morales/Fuzzing101) ### Embedded / IoT - [Hardware Security Research by LiveOverflow](https://www.youtube.com/playlist?list=PLhixgUqwRTjyLgF4x-ZLVFL-CRTCrUo03) - [RECESSIM's YouTube](https://www.youtube.com/@RECESSIM) - [Mattbrwn's YouTube](https://www.youtube.com/@mattbrwn) - [FlashbackTeam's YouTube](https://www.youtube.com/@FlashbackTeam) - [stacksmashing's YouTube](https://www.youtube.com/@stacksmashing/videos) - [Embedded Security CTF](https://microcorruption.com) - [MITRE Embedded CTF](https://ectf.mitre.org/) ### 渗透测试 / 红队 - [HackTheBox](https://www.hackthebox.com) - [IppSec's YouTube](https://www.youtube.com/c/ippsec/videos) - [GOAD: Game of Active Directory](https://github.com/Orange-Cyberdefense/GOAD) - [ired.team](https://www.ired.team/) - [Overview of network pivoting and tunneling](https://blog.raw.pm/en/state-of-the-art-of-network-pivoting-in-2019/) ### Car/Automotive Hacking 汽车安全 - [Car Hacking 101: Practical Guide to Exploiting CAN-Bus using Instrument Cluster Simulator](https://medium.com/@yogeshojha/car-hacking-101-practical-guide-to-exploiting-can-bus-using-instrument-cluster-simulator-part-i-cd88d3eb4a53) - [Instrument Cluster Simulator for SocketCAN](https://github.com/zombieCraig/ICSim) ### ICS Security 工控安全 - [Fortiphyd Logic Inc](https://www.youtube.com/@fortiphyd/videos) - [Graphical Realism Framework for Industrial Control Simulation](https://github.com/Fortiphyd/GRFICSv2) ### Web3 - [区块链黑暗森林自救手册](https://darkhandbook.io/) ### Wargame - [OverTheWire](https://overthewire.org/wargames/) - [The Ethernaut](https://ethernaut.openzeppelin.com/) ### CTF Design 题目设计 - [CTF Design Guidelines](https://docs.google.com/document/d/1QBhColOjT8vVeyQxM1qNE-pczqeNSJiWOEiZQF2SSh8/preview)
标签:云资产清单, 内核模块, 学习资料, 安全资源, 网络安全, 逆向工程, 防御加固, 隐私保护