1. Brief overview of drive-by downloads
http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html#section-1-drive-by-download
2. Drive by cache
http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html#drive-by-cache
3. Real-world example
http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html#example
4. Complete codes
http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html#complete-exploit-codes

Features of Files Over Miles include:

High Speed
Ability to send large files
Encryption (128 bit AES)
Works with any browser with Adobe Flash Player 10.

http://www.filesovermiles.com/

http://smsti.in/send-free-sms/
http://seasms.com/#type
http://spicesms.com/sendsms.php
http://www.bollywoodmotion.com/free-long-sms-india.html

http://sendfreefax.net
http://www.freefax.com/ff_snd.html
http://www.eztel.com/freefax/sendfax.html
http://www.popfax.com

Goto http://qrcode.kaywa.com
Select the content type as you wish . if you want to add a Url on QR code select url and add your URL
and Press on the size if you want to make Size Small , medium or Large then Press the Generate Button. Download the QR code image on Computer.

Decrypt a QR Code:
Goto http://zxing.org/w/decode.jspx
Click Browse and Uplod the picture to the website and you can decrypt it and there are many other methods to decrypt QR code .The Device which to Decrypt QR code are QR barcode readers and camera phones with QR CODE Reader Application on it .

* Front/Deface Page cretor without knowladge of HTML and user friendly
* Undetectable by Google Dork
* Back-Connect [Available in Paid Version]
* Database Dump [Automatic Dump available in Paid Version]
* SQL and Linux Command Run
* Front/Deface Page Creator
* Mail Bomber Testing
* DDoS attacker Testing
* Self kill
* Indiviusal Login's

Download
http://teamnuts.in/ugdevil.rar

Username: ugdevil
Password: 12345678

With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.

Download
http://www.matriux.com/index.php?page=download

FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners.

Download
http://www.firecat.fr/download.html

JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X. It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

Download
http://anonymous-proxy-servers.net/en/software.html

http://www.be007.gigfa.com/scanner/scanner.php
http://www.sunmagazin.com/tools/hack/SQLI-Scan
http://scanner.drie88.tk
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan
http://wolfscps.com/gscanner.php

Defcon 19 presentations available for download, Go check out the presentations from this year’s defcon conference here: http://good.net/dl/k4r3lj/DEFCON19/

Schwarze Sonne RAT (Remote Administration Tool) is software design to control in the best condition and confort possible any kind of Microsoft Windows up windows7

Download
https://code.google.com/p/schwarzesonenrat/downloads/list

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:

Download
http://code.google.com/p/yara-project/downloads/list

Moshi Moshi is a VoIP Bot written in Python that uses SIP as VoIP Protocol, Text-to-speech engines for Output, and DTMF Tones for Input. It is part of a talk ("Sounds Like Botnet") given at DEF CON 19 and BSidesLV 2011 on VoIP Botnets by Itzik Kotler and Iftach (Ian) Amit.

Download
http://code.google.com/p/moshimoshi/downloads/detail?name=moshimoshi_poc.tar.gz&can=2&q=

An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.

The SIFT Workstation is a VMware appliance, pre-configured with the necessary tools to perform detailed digital forensic examination in a variety of settings. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many new capabilities and tools such as log2timeline that provides a timeline that can be of enormous value to investigators.

Download
http://computer-forensics.sans.org/community/downloads

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.


Download
http://code.google.com/p/wfuzz/downloads/list

This paper aims to give an overall up-to-update review, evaluation and analysis of the underground scene of black hat hackers and/or cyber criminals.

Source PDF
http://www.exploit-db.com/download_pdf/17334/

The winners of the Pwnie Awards were announced at a ceremony in Las Vegas on Aug 3rd, 2011.

Source
http://pwnies.com/winners/

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Download
http://sourceforge.net/projects/agnitiotool/files/

Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's "BlueHat Prize" contest easily dwarfs any bug bounty that's been given by rivals. The company announced the contest as this year's Black Hat security conference got under way today in Las Vegas.

More Details here
https://www.microsoft.com/security/bluehatprize/

see rules and regulations
https://www.microsoft.com/security/bluehatprize/rules.aspx

Features : Encoder , Processes , FTP-Brute-Forcer , Server-Information , SQL-Manager and etc.
Download
http://www.megaupload.com/?d=DRHS3AV9

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Download
http://www.secmaniac.com/download/

The Social-Engineer Toolkit v3.0 Codename "#WeThrowBaseballs" from David Kennedy on Vimeo.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. JD-GUI is free for non-commercial use. This means that JD-GUI shall not be included or embedded into commercial software products. Nevertheless, this project may be freely used for personal needs in a commercial or non-commercial environments.

Download
http://java.decompiler.free.fr/jd-gui/downloads/jd-gui-0.3.3.windows.zip
http://java.decompiler.free.fr/jd-gui/downloads/jd-gui-0.3.3.linux.i686.tar.gz

CAT provides the ability to test a web application for all types of vulnerabilities from SQL injection to reverse proxy bypass. It allows for traffic between a web browser and a web server to be intercepted and altered. Requests can then be repeated within CAT allowing for all aspects of the request to be altered. Requests can be fuzzed using a range of different fuzzing algorithms including brute forcing, injection attacks and scripted attacks; it also provides a facility to fuzz forms with CSRF tokens. Authorisation within an application can easily be checked using two synchronised web sessions from one user type to another

Download
http://www.contextis.com/resources/tools/cat/download/

Download PDF
http://www.eset.com/us/resources/white-papers/Hodprot-Report.pdf