This detection rule targets suspicious keywords commonly used in PowerShell scripts that may indicate the presence of malicious behaviors associated with exploitation frameworks. Specifically, it monitors for certain keywords within PowerShell script blocks, flagging potential usages of Reflective DLL Injection techniques and other exploits that leverage the PowerShell environment and .NET capabilities to execute malicious payloads. The detection logic is based on the presence of specific keywords and class signatures associated with reflective assembly loading and interop services, which malicious actors often utilize to obfuscate their actions while performing exploits. To facilitate accurate detection, Script Block Logging must be enabled on the target Windows system. This rule helps in identifying and mitigating risks associated with the stealthy exploitation of PowerShell as a scripting tool by adversaries.