This paper aims to give an overall up-to-update review, evaluation and analysis of the underground scene of black hat hackers and/or cyber criminals.

Source PDF
http://www.exploit-db.com/download_pdf/17334/

The winners of the Pwnie Awards were announced at a ceremony in Las Vegas on Aug 3rd, 2011.

Source
http://pwnies.com/winners/

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Download
http://sourceforge.net/projects/agnitiotool/files/

Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's "BlueHat Prize" contest easily dwarfs any bug bounty that's been given by rivals. The company announced the contest as this year's Black Hat security conference got under way today in Las Vegas.

More Details here
https://www.microsoft.com/security/bluehatprize/

see rules and regulations
https://www.microsoft.com/security/bluehatprize/rules.aspx

Features : Encoder , Processes , FTP-Brute-Forcer , Server-Information , SQL-Manager and etc.
Download
http://www.megaupload.com/?d=DRHS3AV9

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Download
http://www.secmaniac.com/download/

The Social-Engineer Toolkit v3.0 Codename "#WeThrowBaseballs" from David Kennedy on Vimeo.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. JD-GUI is free for non-commercial use. This means that JD-GUI shall not be included or embedded into commercial software products. Nevertheless, this project may be freely used for personal needs in a commercial or non-commercial environments.

Download
http://java.decompiler.free.fr/jd-gui/downloads/jd-gui-0.3.3.windows.zip
http://java.decompiler.free.fr/jd-gui/downloads/jd-gui-0.3.3.linux.i686.tar.gz

CAT provides the ability to test a web application for all types of vulnerabilities from SQL injection to reverse proxy bypass. It allows for traffic between a web browser and a web server to be intercepted and altered. Requests can then be repeated within CAT allowing for all aspects of the request to be altered. Requests can be fuzzed using a range of different fuzzing algorithms including brute forcing, injection attacks and scripted attacks; it also provides a facility to fuzz forms with CSRF tokens. Authorisation within an application can easily be checked using two synchronised web sessions from one user type to another

Download
http://www.contextis.com/resources/tools/cat/download/

Download PDF
http://www.eset.com/us/resources/white-papers/Hodprot-Report.pdf