How can you gain TrustedInstaller privileges using token manipulation?

To obtain TrustedInstaller privileges, start the TrustedInstaller service, then use token manipulation tools like Incognito, Invoke-TokenManipulation, or SelectMyParent to create a child process with the TrustedInstaller.exe token. For example, in PowerShell with NtObjectManager: `$p = Get-NtProcess -Name TrustedInstaller.exe; New-Win32Process cmd.exe -ParentProcess $p`. This allows modification of system files, even bypassing SYSTEM restrictions, as detailed in the original article.