top of page


Moneta is a live usermode memory analysis tool in C++ for Windows with the capability to detect malware IOCs.


It is designed for both defensive and offensive security research, with an emphasis on identifying anomalies and filtering false positives stemming from dynamic executable memory.


Malware Memory Artifacts Kit

This is a set of tools which allow for the dynamic creation of a myriad of different malware IOCs in memory. These include process injection, process hollowing, Lagos Island, anomalous PEB modules, and every permutation and stealth technique in conjunction with these: classic DLL injection, shellcode, reflective DLL injection, PE header wiping, moating, and more.



PEXMIT is a PE and process memory space scanner written in C++. It is focused on identifying PEs on disk which lack (or are endowed with) specific exploit mitigation features. Similarly, it can enumerate processes (and their loaded modules) as well and hunt for the presence or absence of specific exploit mitigations.

This tool also has the ability to enumerate the security attributes of a provided process: its Integrity Level, whether it is PPL, PP, AppContainer, etc.

bottom of page