學院

以我們的標準訓練

源自我們實際工作方式的課程、複習與自我測驗。從基礎開始,更多內容即將推出。

安全

Offensive Systems Security experimental 級別 I

Seeing memory and control flow, then bending them inside a sandbox that never touches your machine: a foundational, defensively framed offensive-systems course where exploitation is demonstrated and contained, not just described.

Security Architecture and Engineering experimental 級別 II

A system is a graph of trust boundaries, and you defend the graph: model an architecture, place and wire components against a brief, machine-check the security invariants, then survive an injected constraint you did not design for.

Silicon-rooted Security experimental 級別 III

Down from software abstraction to gates, datapaths and buses: add a security opcode to a RISC-V-class core, build a gateware cipher, protect the bus, root trust in hardware, model the attacks, and verify a security property in simulated silicon.

Systems Security experimental 級別 III

把縱深防禦當作工程而非口號:權限、隔離、威脅模型、記憶體安全與漏洞類別,透過先攻擊再強化一個刻意脆弱系統的實驗來學習。

Cryptography experimental 級別 III

讓機密可被證明的數學:模算術、對稱與公開金鑰機制、雜湊與簽章,從第一原理建構每一個基本元件。

Reverse Engineering experimental 級別 III

拆解軟體以理解它:反組譯、呼叫慣例、靜態與動態分析以及二進位修補,在瀏覽器沙箱中的小型目標上實作。

Detect, Respond, Forensics experimental 級別 III

當預防失效時該怎麼做。遙測與偵測工程、分流與遏制、記憶體與磁碟鑑識,以及時間軸重建,全部在一個你必須界定範圍、清除並說明的受駭系統上實作。

Cyber Threat Intelligence experimental 級別 III

The intelligence cycle applied to the cyber domain: threat actor profiling with the Diamond Model, the Cyber Kill Chain and MITRE ATT&CK, analytic tradecraft under uncertainty, sharing formats and platforms, and closing the loop from intelligence into detection engineering.

Web and Mobile Security experimental 級別 III

From a static document viewer to a scriptable, sandboxed, cellular-connected attack surface: browser process isolation, modern web runtimes, the WebRTC privacy leak, mobile OS security, telemetry, zero-click exploitation, and the baseband and SIM Toolkit layers beneath it all.

Cyber-Physical and OT Security experimental 級別 III

From the Purdue Model to the shop floor: SCADA, ICS and PLCs, a source-checked history of incidents, IEC 62443, and the case for physical segregation, closing the CyBOK Cyber-Physical Systems gap.

Secure Development at Scale experimental 級別 III

能撐起上千個應用的安全:威脅建模、安全 SDLC、供應鏈完整性與政策即程式碼,整合進管線並由真正的審查關卡評分。

Formal Methods experimental 級別 IV

為系統撰寫規格並證明其正確:以 SPIN 與 PROMELA 進行模型檢查、以 TLA+ 撰寫規格,產出 Common Criteria 評估在較高保證等級所期望的那種證據。

Adversarial ML and GenAI Security experimental 級別 III

攻擊並防禦模型,從分類器時代到代理式時代:規避、投毒、擷取、提示注入與代理風險,並以一條輕量的AI治理與保證主線貫穿全程。

Distributed Systems Security experimental 級別 IV

Consensus, Byzantine fault tolerance, clock and event-ordering attacks, and blockchain security, from Lamport's 1978 logical clocks through Paxos, Raft, and Practical Byzantine Fault Tolerance to Bitcoin and SUNDR, benchmarked against MIT's current 6.5840 and 6.852J, with Plan 9 and Inferno as a contrasting historical case study.

Scams and Social Engineering experimental 級別 II

透過從RSA到MGM Resorts的真實事件,剖析詐騙與社交工程的本質、心理與歷史,並提供可轉移的分析框架,以及針對高階主管、財務主管、工程師與接待人員的角色導向教學指引。

Technical Countermeasures to Social Engineering experimental 級別 III

針對社交工程與詐騙散布的技術對策,涵蓋貝氏與規則式過濾、電子郵件驗證、人工智慧偵測與語音通道防詐控管,並以董事會能理解的治理語言呈現。