What is SeImpersonatePrivilege and how can it be exploited to gain SYSTEM privileges?

SeImpersonatePrivilege allows a process to impersonate a client after authentication but not create new tokens. It is commonly held by IIS and SQL Server users. Exploitation involves obtaining a SYSTEM token via NTLM Relay to Local Negotiation using tools like Rotten Potato, LonelyPotato, or Juicy Potato, then calling `CreateProcessWithToken` to spawn a SYSTEM-privileged process. This technique is detailed in Penetration Techniques - Exploitation of Nine Windows Privileges and builds on token theft methods covered in Penetration Techniques - Token Theft and Exploitation.