From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis
Dongchao Zhou
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Web Security
This talk presents **JSimplify**, a comprehensive JavaScript deobfuscation tool designed to handle the full spectrum of obfuscation techniques used by real-world malware. The researchers from Beijing University of Post and Telecommunications and Tian Technology Research Institute first surveyed 12 major JavaScript obfuscation tools, identified 20 distinct obfuscation techniques organized into four categories, and then built a three-stage pipeline that achieves 100% success rate across all 20 techniques -- significantly outperforming 13 existing approaches.
AI review
A rigorous engineering effort that builds a comprehensive JavaScript deobfuscation pipeline achieving 100% coverage across 20 obfuscation techniques. The taxonomy is useful, the dataset is the largest of its kind, and the hybrid static-dynamic approach with LLM-powered variable renaming is well-designed. However, this is a tool-building paper rather than an offensive research contribution -- no new obfuscation bypasses, no novel attack techniques, and the proxy presentation limits the depth of technical Q&A.