This is a tool that uses the old WerfaultSecure.exe program to dump the memory of processes protected by PPL (Protected Process Light), such as LSASS.EXE. The output is in Windows MINIDUMP format.
This tool automatically replaces the "MDMP" magic header with a PNG magic header. After the dump is complete, you need to restore the original 4-byte magic at the beginning of the file with the original 4 bytes: {0x4D, 0x44, 0x4D, 0x50} "MDMP".
WSASS.exe path_to_werfaultsecure.exe target_PID
Example: WSASS.exe C:\TMP\WerfaultSecure.exe 888
Tool to run process with PPL without driver
Youtube: https://www.youtube.com/watch?v=FZ20oQ-pVwg
Essential tools that every security researcher and hacker should have in their toolkit:
Essential Tools For Security Researcher and Hacker
Some books you should read to sharpen your cybersecurity skills, especially in offensive security:
Books on Programming and Cybersecurity recommended by Zero Salarium Researchers