This detection rule is designed to identify the use of specific keywords associated with malicious PowerShell scripts, particularly those used in exploitation frameworks like Metasploit and Mimikatz. It leverages Script Block Logging in Windows PowerShell to monitor the execution of scripts containing certain dangerous function calls and keywords that are commonly employed in attacks to manipulate tokens or leverage system privileges. The rule's selection criteria focus on the presence of these harmful terms within the ScriptBlockText, enabling proactive identification of potential security incidents related to PowerShell misuse. Proper implementation requires that Script Block Logging is enabled on the target systems, and the rule may need fine-tuning to reduce false positives specific to the operational context of the environment. This rule contributes to enhanced monitoring and response capabilities, effectively aiding security teams in defending against PowerShell-based exploits.