This is a set of tools which allow for the dynamic creation of a myriad of different malware IOCs in memory. These include process injection, process hollowing, Lagos Island, anomalous PEB modules, and every permutation and stealth technique in conjunction with these: classic DLL injection, shellcode, reflective DLL injection, PE header wiping, moating, and more.
PEXMIT is a PE and process memory space scanner written in C++. It is focused on identifying PEs on disk which lack (or are endowed with) specific exploit mitigation features. Similarly, it can enumerate processes (and their loaded modules) as well and hunt for the presence or absence of specific exploit mitigations.
This tool also has the ability to enumerate the security attributes of a provided process: its Integrity Level, whether it is PPL, PP, AppContainer, etc.