JavaScript Deobfuscation

I came across this site by accident (it was mentioned in the comments of a Storm Center Diary article). It's a nice site to help deobfuscate JavaScript called, appropriately enough, deobfuscatejavascript.com. Heed the warnings they post and realize if the malware doesn't use the eval() or write() functions, which are trapped by the site, the code could execute in your browser. I run a Linux box that has VirtualBox installed, running another virtual Linux machine, with Firefox on it running no-script. Use a sandbox when checking out code or sites. Or you will probably end up getting owned at some point.

ShmooCon Live Stream

ShmooCon IX ramps up later on today and will be live streaming the conference. Information and links can be found here.

Kill Chain Analysis

Good paper by LockHeed Martin on intelligence-driven computer network defense and the analysis of intrusion kill chains.  Paper is hosted by the Virginia Information Technologies Agency here.

CloudShark

CloudShark is useful site that allows you to upload a pcap and share it with other people for collaborative efforts. Say you are troubleshooting a network issue over a conference call and need to share packet captures that were collected as the issue is happening. Or a team of network security analysts are working on a difficult analysis, and need to share the packets with someone from another location to assist them. Just drag and drop a packet capture into CloudShark and send the link to whomever needs to look at the capture. If they need to do more analysis (there are a limited number of online analysis tools built into CloudShark) they can click the download link and grab the pcap and open it up in their analysis tool of choice. There's even a plugin to allow you to upload a capture you're working on in WireShark (be aware that there's no proxy support that I've found).
The site is at http://www.cloudshark.org, and there is also a virtual image you can purchase and download to run on your own server or, order their appliance.