This detection rule identifies potential PowerShell obfuscation techniques that utilize backtick-escaped characters within variable expansions. Such methods are commonly leveraged by attackers to evade detection mechanisms, especially static analysis systems, and to bypass security measures like the Antimalware Scan Interface (AMSI). The rule focuses on identifying PowerShell script blocks that utilize backtick characters to enhance the complexity of strings in scripts intended for malicious purposes. Furthermore, to correctly implement this rule, administrators must enable PowerShell Script Block Logging on their systems via Group Policy or registry modifications. The detection logic counts the instances of backtick-escaped variables in script blocks longer than 500 characters, thus raising alarms on scripts that may indicate threat evasions.