This detection rule focuses on identifying unusual port usage by analyzing PowerShell scripts that use the command `Test-NetConnection`. Adversaries may employ lesser-known ports for command-and-control communications rather than the standard ports, such as using HTTPS over port 8088 instead of port 443. The rule employs a selection criterion that checks for the presence of 'Test-NetConnection' along with specific parameters related to establishing a connection to a computer at a designated port. Additionally, the rule filters out common web ports (80 and 443) to reduce false positives stemming from legitimate administrative activities. The primary goal is to detect potential malicious activity where uncommon ports are being accessed, indicating possible command-and-control behavior.