Which technique involves manipulating or spoofing tokens to impersonate other users in order to escalate privileges?

Access Token Manipulation focuses on the Windows security token that represents a user’s identity, group memberships, and privileges. If an attacker can alter or spoof that token, they can make a process run as a different user—often with higher rights—enabling privilege escalation. This is done by impersonating a token, duplicating a token, or reusing a stolen token so the system grants access checks based on that forged identity. Other techniques don’t revolve around changing the in-memory identity: Runas launches a process with different credentials via a new logon session, rather than manipulating an existing token; Scheduled Task uses stored credentials to run tasks but doesn't impersonate in-process tokens; Shims modify program behavior rather than the user’s identity.