Token-stealing payloads TL;DR: Find SYSTEM EPROCESS, swap token, return cleanly — the canonical kernel privesc payload. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO