From each foothold, attempt to escalate privileges to SYSTEM/root on the compromised host. - On Windows systems: check for unquoted service paths, writable service binaries, SeImpersonate/SeAssignPrimaryToken privileges, cached credentials, and local admin password reuse. - On Linux systems: check f