This detection rule identifies the execution of PowerShell scripts that are attempting to utilize Mimikatz functionality for credential dumping. Mimikatz is a well-known tool that exploits legitimate administrative tools within the Windows operating system to extract plaintext credentials from a compromised system. The rule is triggered when certain keywords or command patterns indicative of Mimikatz are detected within the PowerShell script's block of text. Specifically, it identifies commands associated with dumping credentials, certificates, and accessing secure stores, allowing security teams to detect potentially malicious activities early on. The rule effectively reduces the risk of credential theft, which is a common target during attacks aimed at gaining lateral movement across networks.