Bypass PPL
lephong99 opened this issue · 1 comments
lephong99 commented
I have a question, can this tool bypass ppl when dumping lsass?
ricardojoserf commented
Hi @lephong99 . No, it would be impossible to use this technique is PPL is enabled, but you can always disable it changing the key "RunAsPPL" in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" to 0 and restarting the computer ;)