Impersonation Privileges

finding them (after getting a normal/non privileged shell):

whoami /priv

bad ones to have enabled:

SeImpresonatePrivilege (AKA SeAssignPrimaryToken) both are Potato Attacks!
SeChangeNotifyPrivilege

meterpreter:

getprivs

same bad ones

PayloadsAllTheThings/Methodology and Resources/Windows - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThings (github.com)

To see the table format:

https://academy.tcm-sec.com/courses/1154361/lectures/24797727

around 2:30