e.g.
http://tinyurl.com/3thjtw4

To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs. Here's how it works.
A typical bounty is $500 USD
We may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded

Source:
http://www.facebook.com/whitehat/bounty/

Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Download
http://code.google.com/p/websecurify/downloads/list

Here is the core information about the book,

Title: IDA PRO Book – 2nd Edition
Author:Chris Eagle
Publisher: No Starch Press
Pages: 672
Release Date: July 14, 2011

Here is the table of contents

PART I: Introduction to IDA
Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: IDA Pro Background

PART II: Basic IDA Usage
Chapter 4: Getting Started with IDA
Chapter 5: IDA Data Displays
Chapter 6: Disassembly Navigation
Chapter 7: Disassembly Manipulation
Chapter 8: Datatypes and Data Structures
Chapter 9: Cross-References and Graphing
Chapter 10: The Many Faces of IDA

PART III: Advanced IDA Usage
Chapter 11: Customizing IDA
Chapter 12: Library Recognition Using FLIRT Signatures
Chapter 13: Extending IDA’s Knowledge
Chapter 14: Patching Binaries and Other IDA Limitations

PART IV: Extending IDA’s Capabilities
Chapter 15: IDA Scripting
Chapter 16: The IDA Software Development Kit
Chapter 17: The IDA Plug-in Architecture
Chapter 18: Binary Files and IDA Loader Modules
Chapter 19: IDA Processor Modules

PART V: Real-World Applications
Chapter 20: Compiler Personalities
Chapter 21: Obfuscated Code Analysis
Chapter 22: Vulnerability Analysis
Chapter 23: Real-World IDA Plug-ins

PART VI: The IDA Debugger
Chapter 24: The IDA Debugger
Chapter 25: Disassembler/Debugger Integration
Chapter 26: Additional Debugger Features

Appendix A: Using IDA Freeware 5.0
Appendix B: IDC/SDK Cross-Reference

Book:
http://www.nostarch.com/idapro2.htm

Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.

Download
http://www.squertproject.org/download

Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI.

Download
http://sourceforge.net/projects/fwbuilder/files/

Features of Arpon:

It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
It detects and blocks unidirectional, bidirectional and distributed attacks
Doesn’t affect the communication efficiency of ARP protocol
Doesn’t affect the race response time from attacks
Multithreading on all OS supported
It manages the network interface into unplug, boot, hibernation and suspension OS features
It works in userspace for OS portability reasons
Easily configurable via command line switches, provided that you have root permissions
Tested against Ettercap, Cain & Abel, dsniff and other tools

Download
http://sourceforge.net/projects/arpon/files/

Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac).
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.

http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf

Popular Freeware Software download website "FileHippo" is Vulnerable to Iframe Injection.

Vulnerable Link
http://www.filehippo.com/search?q=%22%3E%3Ciframe%20src=http://www.google.com%20height=500%20width=500%3E

by n3t phir3

It auto scans for all the domains in reverse and try to find the LFI/RFI/SQLI in the domain and reports back

LFI
http://scan.subhashdasyam.com/lfi-scanner.php

RFI
http://scan.subhashdasyam.com/rfi-scanner.php

SQLI
http://scan.subhashdasyam.com/sqli-scanner.php

by
Subhash Dasyam

Police arrest 18-year-old man in Shetland Islands who is alleged to be involved in hacker attacks on law enforcement agencies.Officers from the Metropolitan Police Service's Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.The man, who was arrested at a residential address in Shetland, is said to have used the online nickname "Topiary"

The arrest of Topiary is the third made in the UK in the search for members of the group, following that of Ryan Cleary​, in Essex, in June, and the arrest and release in London last week of a 16-year-old known online as Tflow.

Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools e.g Burp Suite – Intruder . The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing tools. This fingerprinting tool can reduse the realm of password cracking.

Download
https://sites.google.com/a/c22.cc/storage/poc_scripts/apache_log_extractor.py?attredirects=0&d=1

#1.Finding vulnerable sites
#2.Finding amount of columns
#3.Getting mysql version current user
#4.Getting Databases
#5.Getting Tables
#6.Getting Columns
#7.Getting Usernames and Passwords

Source
http://pastebin.com/bQBnkmXY

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.

Download
http://code.google.com/p/yara-project/downloads/list

Info
Extracting EXE Drop Malware
http://blogs.cisco.com/security/extracting-exe-drop-malware/

Source
http://pastebin.com/kngbjqQv

"On the 4th of august at the world’s largest technical security conference – BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability."

Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs.

Download
http://code.google.com/p/smiasm/

The GUI tool for static analysis of Android malware is ready for an alpha release.

Download
https://bitbucket.org/ryanwsmith/apkinspector/downloads

Das Landeskriminalamt Nordrhein-Westfalen soll ein Cybercrime-Kompetenzzentrum bekommen, das erste seiner Art in Deutschland. Zunächst sollen 60, bis Ende 2012 100 Polizisten, Wissenschaftler und Techniker dort künftig alle Fälle von Internet-Kriminalität bearbeiten. Die Palette der Straftaten reichten von Angriffen auf kritische Infrastrukturen und Onlinebanking-Verfahren über Erpressung von Unternehmen bis hin zu Kinderpornografie, erläuterte (PDF-Datei) Innenminister Ralf Jäger (SPD). Neben der Ermittlungsarbeit soll das Kompetenzzentrum eine zentrale Ansprechstelle für Unternehmen und Behörden erhalten, die Opfer von Cyber-Angriffen wurden, und die Ansprechstelle des Verfassungsschutzes ergänzen, der für Internet-Spionage zuständig ist.

This program serves to detect packers, Cryptors, Compilers,
Packers Scrambler, Joiners, Installers.

Download
http://www.rdgsoft.8k.com/

36 new exploits, 27 new post-exploitation modules and 12 auxiliary modules.
Metasploit 4.0 will be available for download in August 2011.

The United States is the main source of application attacks. Applications are attacked by infected computers, or bots, with most located in the US.We provide a list of technical recommendations for security teams as well as nontechnical ones for corporate executives.

Download PDF
http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed1.pdf

a web application that helps you exploit routers.

Source
http://www.routerpwn.com/

Source
ICQ 7.5 client
http://noptrix.net/advisories/icq_cli_xss.txt
icq.com webpage
http://noptrix.net/advisories/icq_web_xss.txt

by Kayan

Microsoft hat in Unterschleißheim bei München ein Anti-Malware-Labor eröffnet, in dem Schadprogramme und Hackerangriffe analysiert werden sollen. Nach den Standorten Redmond, Dublin und Melbourne betreibt der Softwarehersteller damit nun seine erste Einrichtung dieser Art in Deutschland. Microsoft erhofft sich, durch das neue Labor noch schneller auf Cyber-Bedrohungen in Europa, dem Nahen und Mittleren Osten und Afrika reagieren zu können.

Source
http://www.microsoft.com/germany/presseservice/news/pressemitteilung.mspx?id=533400