I'm a bit late on this subject, but I think it's worth a post. For those who usually do pentesting and usually get some access to Windows boxes, but are looking for a specific credential (like a domain admin), impersonating access tokens available can be a very useful approach. The details about how to do it and tools available can be found in
Windows pen testing - access tokens
Windows pen testing - access tokens
Windows pen testing - access tokens
I'm a bit late on this subject, but I think it's worth a post. For those who usually do pentesting and usually get some access to Windows boxes, but are looking for a specific credential (like a domain admin), impersonating access tokens available can be a very useful approach. The details about how to do it and tools available can be found in