Maybe you know that feeling of getting completely lost in the endless rabbit hole an extremely indepth HTB course can throw you in. Even if not, you know that whatever you consume, the info-to-funfact ratio has to be atleast 80/20 for you to be worth it. Working through the HackTheBox Windows Privilege Escalation module, I kept hitting the same problem: too much content, no clear signal on what actually matters when you're only starting out . So here's the distilled version. The Privilege & Group Reference Privilege / Group What it gets you How Tool SeImpersonatePrivilege SYSTEM via token impersonation Service accounts have it by default — MSSQL, IIS, anything running as a service PrintSpoofer, SigmaPotato SeAssignPrimaryTokenPrivilege SYSTEM via token impersonation Same accounts, same story Potato family SeDebugPrivilege Every credential cached in memory Read/write any process including LSASS mimikatz + procdump SeTakeOwnershipPrivilege Any file on the system Claim ownership of…