Need help with PPLKiller?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

136 Stars 39 Forks 10 Commits 4 Opened issues


Tool to bypass LSA Protection (aka Protected Process Light)

Services available


Need anything else?

Contributors list

# 323,882
4 commits
# 394,691
2 commits


Tool to bypass LSA Protection (aka Protected Process Light)

I’ve noticed there is a common misconception that LSA Protection prevents attacks that leverage SeDebug or Administrative privileges to extract credential material from memory, like Mimikatz. LSA Protection does NOT protect from these attacks, at best it makes them slightly more difficult as an extra step needs to be performed.

The driver file can be downlaoded here:[] You just need to extract RTCore64.sys from the installer using something like 7zip and place into in the same folder as the PPLKiller executable.

Usage and Demo

Bypassing LSA Protection

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.