This rule is designed to detect potentially malicious usage of the Nishang framework within PowerShell scripts. Nishang is an exploitation framework that contains a collection of PowerShell scripts and functions aimed at penetration testing and malicious acts. The detection focuses specifically on identifying the presence of certain commandlets or keywords associated with malicious intent within PowerShell script blocks. These may include commandlets such as 'Add-ConstrainedDelegationBackdoor' and 'Invoke-MimikatzWDigestDowngrade', among others. Using keyword-based matching allows quick identification of scripts that may be used for data exfiltration, credential dumping, and remote command execution. The effectiveness of this detection relies on enabling Script Block Logging on Windows systems, as this will capture the executed commands for analysis. Given the high risk associated with PowerShell misuse, the detection level is set to high, emphasizing the need for immediate investigation of these events.