https://bytejmp.com/tags/privilege-escalation/ Recent content in Privilege Escalation on Byte JMP Hugo -- gohugo.io en-gb Mon, 25 May 2026 14:00:00 -0300 https://bytejmp.com/posts/potato-privesc-windows/ Mon, 25 May 2026 14:00:00 -0300 https://bytejmp.com/posts/potato-privesc-windows/ TL;DR Potato attacks exploit Windows service accounts that hold SeImpersonatePrivilege or SeAssignPrimaryTokenPrivilege. The core technique forces a privileged process (usually SYSTEM) to authenticate to an attacker-controlled server via NTLM, then impersonates the captured token to spawn a SYSTEM shell. Since 2016, over a dozen variants have emerged — each bypassing a specific Microsoft patch or restriction. This post maps the entire family: how each variant works, why the previous one stopped working, and when to use which.