WSASS is a tool designed to dump the LSASS (Local Security Authority Subsystem Service) process on modern Windows 11 systems. It leverages the older WerfaultSecure.exe to bypass protections and acquire a memory dump of the LSASS process, which is crucial for security analysis and penetration testing.
Key Features:
- PPL Bypass: Utilizes
WerfaultSecure.exeto dump memory from Protected Process Light (PPL) processes like LSASS. - MINIDUMP Output: Generates memory dumps in the standard Windows MINIDUMP format.
- Automatic Header Modification: Replaces the MDMP magic header with a PNG header for easier handling, requiring restoration post-dump.
Use Cases:
- Security Auditing: Allows security professionals to examine LSASS memory for credential theft and other malicious activities.
- Reverse Engineering: Enables reverse engineers to analyze the inner workings of LSASS and related security mechanisms.
- Incident Response: Aids incident responders in acquiring memory dumps for forensic analysis during security breaches.
Target Users:
- Security Researchers
- Penetration Testers
- Incident Responders
- Reverse Engineers
