This detection rule focuses on identifying poor operational security (OpSec) practices in PowerShell scripts often used in attacks. It targets specific artifacts common in notable offensive payloads like Cobalt Strike Beacon and Empires, which are typically modified in minimal ways by attackers who lack stringent cybersecurity hygiene. The detection mechanism looks for certain keywords or patterns that have been frequently left unchanged in the code by various threat actors. A condition triggers an alert when the script contains specific strings indicative of such poorly secured scripts, making this rule critical for environments susceptible to PowerShell-based attacks. The rule also acknowledges the possibility of false positives due to the nature of PowerShell scripting but rates them as moderate to low due to the explicit search terms used.