diff --git a/yml/OSBinaries/Pktmon.yml b/yml/OSBinaries/Pktmon.yml
index 77fd42b..50030de 100644
--- a/yml/OSBinaries/Pktmon.yml
+++ b/yml/OSBinaries/Pktmon.yml
@@ -10,14 +10,14 @@ Commands:
     Category: Reconnaissance
     Privileges: Administrator
     MitreID: T1040
-    OperatingSystem: Windows 10 1809 and later
+    OperatingSystem: Windows 10 1809 and later, Windows 11
   - Command: pktmon.exe filter add -p 445
     Description: Select Desired ports for packet capture
     Usecase: Look for interesting traffic such as telent or FTP
     Category: Reconnaissance
     Privileges: Administrator
     MitreID: T1040
-    OperatingSystem: Windows 10 1809 and later
+    OperatingSystem: Windows 10 1809 and later, Windows 11
 Full_Path:
   - Path: c:\windows\system32\pktmon.exe
   - Path: c:\windows\syswow64\pktmon.exe
diff --git a/yml/OSBinaries/Pnputil.yml b/yml/OSBinaries/Pnputil.yml
index 512ae99..0ff4fb1 100644
--- a/yml/OSBinaries/Pnputil.yml
+++ b/yml/OSBinaries/Pnputil.yml
@@ -10,10 +10,10 @@ Commands:
     Category: Execute
     Privileges: Administrator
     MitreID: T1547
-    OperatingSystem: Windows 10,7
+    OperatingSystem: Windows 7, Windows 10, Windows 11
 Full_Path:
   - Path: C:\Windows\system32\pnputil.exe
-Code_Sample: 
+Code_Sample:
   - Code: https://github.com/LuxNoBulIshit/test.inf/blob/main/inf
 Detection:
   - Sigma: https://github.com/SigmaHQ/sigma/blob/a8a0d546f347febb0423aa920dbc10713cc1f92f/rules/windows/process_creation/process_creation_lolbins_suspicious_driver_installed_by_pnputil.yml
diff --git a/yml/OSBinaries/Ttdinject.yml b/yml/OSBinaries/Ttdinject.yml
index a1b6052..19fb508 100644
--- a/yml/OSBinaries/Ttdinject.yml
+++ b/yml/OSBinaries/Ttdinject.yml
@@ -10,14 +10,14 @@ Commands:
     Category: Execute
     Privileges: Administrator
     MitreID: T1127
-    OperatingSystem: Windows 10 2004
+    OperatingSystem: Windows 10 2004 and above, Windows 11
   - Command: ttdinject.exe /ClientScenario TTDRecorder /ddload 0 /ClientParams "7 tmp.run 0 0 0 0 0 0 0 0 0 0" /launch "C:/Windows/System32/calc.exe"
     Description: Execute calc using ttdinject.exe. Requires administrator privileges. A log file will be created in tmp.run. The log file can be changed, but the length (7) has to be updated.
     Usecase: Spawn process using other binary
     Category: Execute
     Privileges: Administrator
     MitreID: T1127
-    OperatingSystem: Windows 10 1909
+    OperatingSystem: Windows 10 1909 and below
 Full_Path:
   - Path: C:\Windows\System32\ttdinject.exe
   - Path: C:\Windows\Syswow64\ttdinject.exe
diff --git a/yml/OSBinaries/Tttracer.yml b/yml/OSBinaries/Tttracer.yml
index 2e8ee54..fa6a26d 100644
--- a/yml/OSBinaries/Tttracer.yml
+++ b/yml/OSBinaries/Tttracer.yml
@@ -10,14 +10,14 @@ Commands:
     Category: Execute
     Privileges: Administrator
     MitreID: T1127
-    OperatingSystem: Windows 10 1809 and newer
+    OperatingSystem: Windows 10 1809 and newer, Windows 11
   - Command: TTTracer.exe -dumpFull -attach pid
     Description: Dumps process using tttracer.exe. Requires administrator privileges
     Usecase: Dump process by PID
     Category: Dump
     Privileges: Administrator
     MitreID: T1003
-    OperatingSystem: Windows 10 1809 and newer
+    OperatingSystem: Windows 10 1809 and newer, Windows 11
 Full_Path:
   - Path: C:\Windows\System32\tttracer.exe
   - Path: C:\Windows\SysWOW64\tttracer.exe