In your pentesting activities, there are many circumstances where you need to “migrate” your Windows working process, typically a shell,to a different process and some scenarios can be:
- You have an unstable shell and need to move to a more robust process on the victim’s machine (typically explorer.exe which will live until the victim doesn’t log off)
- Some exploits require interactive session and if your process lives in session 0, for example a service, you need to switch to a different one. Well known exploits such as the “Secondary Logon Handle Privilege Escalation” or the more recent “Microsoft Windows – COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation” don’t work in session 0
- You need to migrate from a 32 bits process to a 64 bits process
Keep in mind that you can only migrate to processes according to your privileges, so if you are a standard user you can only migrate to processes with same privileges as the source application.
Rest of article here