How does token duplication allow escalation to SYSTEM, and what tools are commonly used?

Token duplication leverages a SYSTEM-privileged token to create a new process with the same high integrity. Tools like `incognito`, `Invoke-TokenManipulation.ps1`, and `SelectMyParent` automate this. For example, `incognito.exe execute -c "NT AUTHORITY\SYSTEM" cmd.exe` launches a SYSTEM command prompt. This method requires existing administrator privileges to access SYSTEM tokens. Details are in the token duplication section.