System hacking
⏱ ~3-min readAceMark GuideWhat this topic is really about
SeImpersonatePrivilege lets a process impersonate another security token — the basis for Potato-family privilege escalation. Pass-the-hash uses an NTLM hash for auth, Kerberoasting cracks service-account ticket hashes, golden ticket forges a TGT with a compromised KRBTGT key.
Covering tracks involves clearing or modifying logs and removing artifacts so the intrusion is harder to detect or attribute. Gathering public info is reconnaissance, gaining access is exploitation, and enumerating ports is scanning.
See the mechanism
SeImpersonatePrivilege lets a process impersonate another security token — the basis for Potato-family privilege escalation. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
On a Windows host, whoami /priv shows SeImpersonatePrivilege enabled. Which technique is this often used for?
- Identify what the question tests: On a Windows host, whoami /priv shows SeImpersonatePrivilege enabled..
- SeImpersonatePrivilege lets a process impersonate another security token — the basis for Potato-family privilege escalation.
- Pass-the-hash uses an NTLM hash for auth, Kerberoasting cracks service-account ticket hashes, golden ticket forges a TGT with a compromised KRBTGT key.
Traps the examiner sets
- Read each option carefully — distractors on System hacking are designed to look plausible.
- Re-check the exact wording of the question stem before committing to an answer.
- Watch the qualifiers ("always", "only", "except") that flip a correct-looking option.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on System hacking and see it stick.
Practice more of this topic →