From 30a46908af93f339c23b2a9bc96687bdf73e7424 Mon Sep 17 00:00:00 2001
From: keyboardcrunch <40863898+keyboardcrunch@users.noreply.github.com>
Date: Tue, 15 Sep 2020 22:09:46 -0500
Subject: [PATCH] Update and rename queries.md to PrivilegeEscalation.md

---
 queries.md => PrivilegeEscalation.md | 6 ------
 1 file changed, 6 deletions(-)
 rename queries.md => PrivilegeEscalation.md (98%)

diff --git a/queries.md b/PrivilegeEscalation.md
similarity index 98%
rename from queries.md
rename to PrivilegeEscalation.md
index a531386..1391a63 100644
--- a/queries.md
+++ b/PrivilegeEscalation.md
@@ -1,4 +1,3 @@
-# Windows Atomic Tests by ATT&CK Tactic & Technique
 ## Privilege Escalation
 
 ### T1053.002 AT Scheduled Task
@@ -222,8 +221,3 @@ Detects Winlogon Helper Dll changes through Registry MetadataIndicator item, as
 IndicatorMetadata In Contains Anycase ("Microsoft\Windows NT\CurrentVersion\Winlogon","Microsoft\Windows NT\CurrentVersion\Winlogon\Notify") AND IndicatorMetadata In Contains Anycase ("logon","Userinit","Shell") AND IndicatorMetadata Does Not ContainCIS "WINDOWS\system32\userinit.exe"
 ```
 
-
-## Defense Evasion
-### T1055.004 Asynchronous Procedure Call
-Atomics: [T1055.004]()
-