Privilege Escalation

Automated Scanners

tldr: Run sharpup first. If nothing found, run winpeas.

SharpUp good, Winpeas ok
More shit from Winpeas but takes longer and lots of garbage data from it. Also sometimes misses easy wins for me.
Also seatbelt. Run all checks: Seatbelt.exe -group=all -full

icacls DACLs explained

icacls c:\windows\*

Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
Ref: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls

Token Privileges

# run
whoami /priv

# check against table in repo below

Ref: https://github.com/gtworek/Priv2Admin

Post Exploitation & Looting