If you are a penetration tester, you probably dealt with and abused windows access tokens before, e.g. to get SYSTEM pri