It is the norm to have JavaScript code within exploits on malicious web, PDFs and anything that executes .js code. Since JavaScript is running on the client-side, having it in plain code is not so bright idea. So, obfuscation the JavaScript code is a must. Here’s come the challenge for malcode analyst, de-obfuscating the JavaScript code. We’ll focus more on de-obfuscating malicious JavaScript code which is used for triggering bugs and hiding payloads within malicious web or malicious PDFs. Some says JavaScript de-obfuscation is hard. So, in this presentation, we’ll evaluate from lame/boring to complex JavaScript obfuscations methods present in-the-wild and try to de-obfuscat them all. We’ll share dynamic and static approaches to de-obfuscation of JavaScript.