Token Impersonation is a post-exploitation technique in Windows environments where a process with the SeImpersonatePrivilege creates a thread that adopts the access token of a different user. This allows an attacker to execute code with the identity and privileges of the target user, most commonly escalating from a local service account to the highly privileged NT AUTHORITY\SYSTEM context.
Glossary
Token Impersonation

What is Token Impersonation?
Token Impersonation is a Windows security vulnerability where an attacker leverages the SeImpersonatePrivilege to assume the security context of a different logged-on user, often escalating privileges to SYSTEM.
The attack typically exploits services running as NETWORK SERVICE or LOCAL SERVICE, which inherently possess the SeImpersonatePrivilege. Attackers use tools like RoguePotato or PrintSpoofer to coerce a privileged process into authenticating to a malicious named pipe, capturing the resulting token to achieve full system compromise.
Common Token Impersonation Techniques
Token impersonation attacks exploit the Windows security model to assume the identity of another user. These techniques leverage the SeImpersonatePrivilege to escalate from a compromised service account to NT AUTHORITY\SYSTEM.
Potato Family Exploits
A series of NTLM reflection and relay attacks that force a privileged process to authenticate to a malicious listener, capturing the token for impersonation.
- Hot Potato: Exploits HTTP-to-SMB NTLM relay and a race condition in the WebDAV redirector.
- Rotten Potato: Abuses the
AcceptSecurityContextAPI to force a SYSTEM-level COM service to authenticate. - Juicy Potato: A more reliable variant that uses a CLSID lookup to trigger a COM server under SYSTEM context.
- PrintSpoofer: Exploits the
RpcRemoteFindFirstPrinterChangeNotificationfunction to force a SYSTEM process to connect to a named pipe.
Named Pipe Impersonation
A technique where an attacker creates a named pipe server and coerces a higher-privileged client to connect to it. The ImpersonateNamedPipeClient API call then allows the server to assume the security context of the connected client.
- The attacker typically uses a printer bug or PetitPotam to force the SYSTEM account to authenticate to the malicious pipe.
- This method is highly effective against unpatched domain controllers and is a core component of many local privilege escalation chains.
Token Duplication via Direct API Calls
Instead of coercing a connection, an attacker with SeDebugPrivilege can directly enumerate and duplicate tokens from running processes.
- Process Hacker / Mimikatz: Tools that use
OpenProcessTokenandDuplicateTokenExto create a primary token for spawning a new process. - Parent PID Spoofing: Combining token duplication with process creation to make a malicious process appear to be a child of a legitimate SYSTEM process.
- This technique requires high initial privileges but provides a direct path to SYSTEM without network coercion.
Service Account to SYSTEM Escalation
Many service accounts, such as IIS APPPOOL\DefaultAppPool or NETWORK SERVICE, are granted SeImpersonatePrivilege by default. An attacker who gains code execution in this context can immediately escalate to SYSTEM.
- Web Shell Scenario: A web shell running under the IIS worker process can execute a Potato exploit to gain full system control.
- SQL Server Scenario: An attacker with
xp_cmdshellaccess running as a service account can use token impersonation to break out of the database process isolation. - This attack vector is a primary reason why service hardening and least-privilege configurations are critical.
Frequently Asked Questions
Clear, technical answers to the most common questions about Windows token impersonation attacks, privilege escalation mechanics, and the defensive controls that mitigate them.
Token impersonation is a Windows privilege escalation technique where an attacker leverages the SeImpersonatePrivilege to assume the security context of a different logged-on user, often escalating from a low-privilege service account to NT AUTHORITY\SYSTEM. The attack works by locating a process running under a target security context, opening its primary token with OpenProcessToken(), duplicating it with DuplicateTokenEx() to create an impersonation token, and then spawning a new process or thread using CreateProcessWithTokenW() that inherits the stolen identity. This technique is particularly dangerous because it does not require credential theft—the attacker simply borrows an existing authenticated session. Common exploitation tools include JuicyPotato, RoguePotato, and PrintSpoofer, which coerce privileged processes into authenticating to attacker-controlled named pipes, providing a token that can be impersonated.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Token impersonation is part of a broader ecosystem of Windows privilege escalation and lateral movement techniques. Understanding adjacent attack vectors and defensive controls is essential for securing agentic systems against identity-based threats.
SeImpersonatePrivilege
A Windows user right that allows a process to impersonate a client after authentication. Originally assigned to services like IIS and SQL Server, this privilege is the core mechanism exploited in token impersonation attacks. When an attacker gains code execution under an account with this right, they can use tools like Juicy Potato, Rogue Potato, or PrintSpoofer to coerce a privileged process into authenticating, then impersonate its token to escalate to NT AUTHORITY\SYSTEM. The privilege is enabled by default for Local Service, Network Service, and members of the Administrators group.
Credential Guard
A virtualization-based security (VBS) feature introduced in Windows 10 Enterprise and Windows Server 2016 that isolates user credentials in a protected virtualized environment separate from the operating system. By storing NTLM hashes, Kerberos TGTs, and cleartext credentials in a secure kernel-mode enclave, Credential Guard prevents token impersonation tools like Mimikatz from extracting secrets from LSASS memory. This is a critical defense against both token impersonation and pass-the-hash attacks in agentic systems running on Windows hosts.
Process Hollowing
A code injection technique where a legitimate process is launched in a suspended state, its memory is unmapped, and replaced with malicious code before resuming execution. This allows malware to execute under the guise of a trusted process, inheriting its security context and evading detection. While distinct from token impersonation, process hollowing achieves a similar goal: executing code in a different security context. Combined with token manipulation, an attacker can hollow a SYSTEM process and inject a payload that runs with elevated privileges. Defenses include memory integrity checks and behavioral EDR monitoring.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us