HoneyBadger
Turn Attackers Into Evidence
Deploy digital tripwires — weaponized-looking files that silently beacon home the moment an attacker opens them. Know immediately: who, from where, and exactly when.
How it works
You place a payload file — disguised as a spreadsheet, PDF, Word document, executable, or HTML page — on a server share, in an email attachment, or on a workstation. When anyone opens it, the file reaches out to your AlertMonitor instance and reports back the source IP, WiFi geolocation coordinates(accurate to metres on most devices), the device's user agent, and the exact timestamp.
AlertMonitor correlates that beacon against your device inventory, generates an alert, and lets you see every triggered event plotted live on a map.
Six payload types
Deployable anywhere, for any scenario.
Code-signed executable — passes endpoint inspection until triggered
Disguised as a sensitive document, spreadsheet dump, or report
Word document payload for share-based and email delivery
Web page or portal — fires on browser open from any device
Excel/Word macro for embedded deployment scenarios
Script payload for server-side and automated-path traps
What you get
WiFi Geolocation
Triangulates physical location from nearby WiFi networks at time of open — accurate to within metres on most devices.
Source IP & User Agent
Reports the exact IP address and browser/OS fingerprint of the device that opened the file.
Automatic AlertMonitor Alerts
Beacons fire directly into your AlertMonitor alert pipeline with full escalation and notification policy support.
Device Linking
Attach a payload to a specific device in your inventory — beacon alerts auto-associate with the right asset.
Live Beacon Map
All triggered events shown chronologically on an interactive map per client, plotted in real time.
Code-Signed EXE Payloads
Sign with your own certificate so payloads pass endpoint inspection without false alarms before the attacker triggers them.
Use cases
Detect Lateral Movement
Place payloads in file shares that no legitimate user should ever open. The moment an attacker moves laterally and touches a baited file, you know.
Insider Threat Detection
Know the instant sensitive files are accessed by the wrong person — even from inside the trusted network.
Ransomware Early Warning
A file that beacons during encryption or exfiltration tells you an attack is in progress — before your backups are gone.
Phishing Simulation
Send payload links to employees and see who clicks, from which device, and from which physical location.
Breach Confirmation
If you've been told an attacker had access, drop a payload in the likely path and wait. Confirmation comes the moment they return.
No separate license. No extra cost.
HoneyBadger is built into the AlertMonitor platform. If you're already an AlertMonitor subscriber, you have access to HoneyBadger today — payload deployment, beacon alerts, device linking, and the live map are all part of your existing subscription.