I've written up a paper that describes some useful tools/techniques for deconstructing web based exploits:

Analyzing Browser Based Vulnerability Exploitation Incidents

The paper started as a blog entry and it remains a blog entry at its core.  But since really huge blog entries are uncool (so I hear), and for other logistical reasons, the paper itself is hosted elsewhere.  Future research from other members of my team will likely be collected in some central spot, stay tuned...