Monitoring for zero-day application vulnerability may often rely on manual analyses or signature based detection, approaches that replicate the attack first. Replications can only succeed with the right version, patch, etc. of the vulnerable application and the right environment. Such approaches also wait until the embedded shell code executed. These approaches can miss some zero-day attacks because execution handlers may not be implementing the intended versions of the malware.