In parallel with the review of the rules catalog, which consists in transforming patterns from STIX to Sigma and improving them, and the writing of new Linux detection rules, SEKOIA.IO has also written new Windows detection rules in January. We are constantly adding new rules, either based on techniques currently used by threat actors, or to supplement not covered techniques, or to detect the exploitation of new vulnerabilities. Among them, we have added: * _Suspicious Windows DNS Queries_: the rule aims to detect a rare usage of some text based web services (Pastebin, Discord, Telegram) from Windows command line tools. This technique is used by many threat actors for their command and control channel or to download payloads. * _Dynwrapx Module Loading_: the rule aims to detect the loading of DynamicWrapperX modules. Some threat actors use it in their infection chain based on JScript, VBScript to later load some malware. * _UAC Bypass Using Fodhelper_: the rule aims to detect the well known User Access Control (UAC) Bypass using the Fodhelper process. * _Suspicious Windows Installer Execution_: the rule aims to detect the use of the Microsoft Installer to install a downloaded MSI package. Other detection rules can be found on SEKOIA.IO XDR, in the [rules catalog page](Those that have been updated recently appear at the top of the list.). Those that have been updated recently appear at the top of the list.