This detection rule is designed to identify obfuscated uses of PowerShell where the input is piped through standard input (stdin) to execute commands. The rule specifically focuses on combinations of commands that involve invoking PowerShell with obfuscation techniques to mask the actual payload being executed. By analyzing the command line parameters, particularly those including 'cmd' with a combination of flags like '/c' or '/r', along with 'powershell' and potential constructs indicating input manipulations (e.g., using ${input}), the rule aims to catch attempts that might evade traditional detection mechanisms. The goal of this rule is to enhance threat detection in environments where PowerShell is used, particularly in instances of malicious activity aimed at executing tailored commands through obfuscation.