Running an Executable as SYSTEM: Unlocking Windows Privilege Escalation Techniques
Please note a correction: PROCESS_QUERY_LIMITED_INFORMATION is enough to get a process token for duplication purposes, which means some protected processes are fair game.
💡 Want to take your Windows internals knowledge further? Check out my courses at TrainSec.net