If you want to run a program with PPL protection enabled, then this tool will help you do that.
CreateProcessAsPPL.exe Mode:0-4 path_to_exe arg0 arg1 ...
Mode:
- PROTECTION_LEVEL_WINTCB_LIGHT 0
- PROTECTION_LEVEL_WINDOWS 1
- PROTECTION_LEVEL_WINDOWS_LIGHT 2
- PROTECTION_LEVEL_ANTIMALWARE_LIGHT 3
- PROTECTION_LEVEL_LSA_LIGHT 4
An article about exploiting the PPL program to destroy Windows Defender
WSASS - Tool to dump the LSASS process on modern Windows 11
An article about exploiting WerFaultSecure.exe to dump LSASS