This detection rule focuses on identifying potentially malicious activities involving command-line utilities that reference reCAPTCHA. The rule aims to monitor and flag instances where commonly used LOLBAS (Living Off The Land Binaries and Scripts) such as PowerShell, cmd.exe, and other scripting engines are invoked with parameters mentioning reCAPTCHA or any associated terms, indicating possible exploitation attempts. Through the specified logic, the rule searches endpoint data for event codes linked to process creation. It particularly looks for specific executable names often utilized for scripting or administrative purposes, and cross-references any occurrences of terms like 'reCAPTCHA', 'I am not a robot', or 'Verify you are human'. The use of regular expressions helps to accurately match against these inputs in both the processes and their parent processes. The findings are then compiled for further analysis, allowing security teams to detect and respond to potentially sophisticated threats that utilize social engineering techniques.