
Running an Executable as SYSTEM: Unlocking Windows Privilege Escalation Techniques
In this hands-on session, Pavel Yosifovich demonstrates how to launch a process under the SYSTEM account without relying on external tools like PsExec. You’ll learn how to:
Identify SYSTEM processes and extract their access tokens, Use Windows APIs like OpenProcessToken, DuplicateTokenEx, and CreateProcessWithTokenW, Troubleshoot access denial issues, deal with protected processes, and understand session contexts