From 29c34d3d21e256b4d179e971b4a6d76ef403adf3 Mon Sep 17 00:00:00 2001
From: keyboardcrunch <40863898+keyboardcrunch@users.noreply.github.com>
Date: Wed, 16 Sep 2020 13:24:21 -0500
Subject: [PATCH] Update PrivilegeEscalation.md

---
 PrivilegeEscalation.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/PrivilegeEscalation.md b/PrivilegeEscalation.md
index 1391a63..f6f7310 100644
--- a/PrivilegeEscalation.md
+++ b/PrivilegeEscalation.md
@@ -18,7 +18,6 @@ Detections addition of a debugger process to executables using Image File Execut
 (RegistryKeyPath ContainsCIS "CurrentVersion\Image File Execution Options" AND RegistryKeyPath ContainsCIS ".exe\Debugger") AND (EventType = "Registry Value Create" OR EventType = "Registry Key Create")
 ```
 
-
 ### T1546 Application Shimming
 Atomics: [T1546.010](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.010.md) , 
 [T1546.011](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md)
@@ -220,4 +219,3 @@ Detects Winlogon Helper Dll changes through Registry MetadataIndicator item, as
 ```
 IndicatorMetadata In Contains Anycase ("Microsoft\Windows NT\CurrentVersion\Winlogon","Microsoft\Windows NT\CurrentVersion\Winlogon\Notify") AND IndicatorMetadata In Contains Anycase ("logon","Userinit","Shell") AND IndicatorMetadata Does Not ContainCIS "WINDOWS\system32\userinit.exe"
 ```
-