diff --git a/detection/c2/unexpected-talker-events.sql b/detection/c2/unexpected-talker-events.sql
index e7c1984d..eed9e8de 100644
--- a/detection/c2/unexpected-talker-events.sql
+++ b/detection/c2/unexpected-talker-events.sql
@@ -121,6 +121,7 @@ WHERE
     '500,0,443,com.apple.NRD.UpdateBrainService',
     '500,0,443,com.google.one.NetworkExtension',
     '500,0,443,curl',
+    '500,0,443,electron',
     '500,0,443,firefox',
     '500,0,443,fwupdmgr',
     '500,0,443,git-remote-http',
@@ -151,6 +152,7 @@ WHERE
     '500,0,5632,ssh',
     '500,0,80,chrome',
     '500,0,80,com.apple.NRD.UpdateBrainService',
+    '500,0,80,electron',
     '500,0,80,firefox',
     '500,0,80,http',
     '500,0,80,io.tailscale.ipn.macsys.network-extension',
diff --git a/detection/evasion/hidden-cwd-events-linux.sql b/detection/evasion/hidden-cwd-events-linux.sql
index 64aa5882..826f75d7 100644
--- a/detection/evasion/hidden-cwd-events-linux.sql
+++ b/detection/evasion/hidden-cwd-events-linux.sql
@@ -62,6 +62,7 @@ WHERE
             '.vscode',
             '.vim',
             '.config',
+            '.github',
             '.provisio',
             '.terraform.d',
             '.emacs.d',