(also Strider HoneyMonkey Exploit Detection System)
A HoneyMonkey virtual machine interacts with malicious websites (clicks on links, downloads files, fills out forms, etc.) and monitors the system for any changes that indicate an exploit or infection. HoneyMonkey logs any details about identified exploits and alerts the cybersecurity team about the new threat.
After each session, HoneyMonkey resets to a safe state by cleaning any infections it may have contracted during its research.
History of HoneyMonkey
HoneyMonkey virtual machines successfully identified several zero-day exploits, giving Microsoft and the broader cybersecurity community a head start on addressing them. The project also successfully mapped many malicious websites, which were subsequently taken down or blacklisted.
HoneyMonkey provided a wealth of data on how different systems, depending on their patch levels, were exploited. This helped Microsoft and other software companies prioritize their patch releases based on the vulnerabilities most often targeted by attackers.
The insights gleaned from HoneyMonkey have been significant for the cybersecurity industry, enabling more proactive detection of malicious exploits, more effective patch management, and generally advancing the threat detection and prevention field.