What are the main exploitation strategies for net session tokens in a Windows domain?

Two primary strategies exist: local privilege escalation and domain penetration. For local escalation, if you have `SeImpersonate` or `SeAssignPrimaryToken` privileges, you can use the net session token to create a new process with higher privileges (as covered in Penetration Techniques - Exploitation of Nine Windows Privileges). For domain penetration, the token's permissions allow access to domain resources based on the session user's group memberships, enabling lateral movement.