This rule targets PowerShell scripts that utilize concatenated strings through dynamic command invocation methods (e.g., `&()` or `.( )`) to obfuscate malicious commands. Such techniques typically aim to evade detection by static analysis systems and circumvent security mechanisms like the Antimalware Scan Interface (AMSI). The rule captures events from PowerShell logs, particularly those with event code `4104` indicating script block logging. With the given query, it replaces patterns indicative of concatenation with a unique character and counts their occurrences to flag potential obfuscation attempts. The alerts generated will help identify suspicious PowerShell activities that may involve evading defenses.