This detection rule is designed to identify instances of Base64 encoded shellcode that may be executed via PowerShell scripts. The detection relies on the use of Script Block Logging, which must be enabled to capture the execution of scripts in Windows environments. When a script block containing specific Base64 encoded strings, which are indicative of encoded shellcode patterns, is detected, the rule triggers an alert. The key encoded strings being monitored are 'OiCAAAAYInlM' and 'OiJAAAAYInlM', which serve as signatures of potential malicious activity. This rule targets threats that may involve evasion techniques, privilege escalation, or execution of unauthorized commands. Since false positives are labeled as 'unknown', careful review of alerts is advised to minimize unnecessary noise in the alerting system.