# Standards & References
- **MITRE ATT&CK T1059.001**: PowerShell execution
- **MITRE ATT&CK T1055**: Process Injection (all sub-techniques)
- **MITRE ATT&CK T1546.003**: WMI Event Subscription persistence
- **MITRE ATT&CK T1620**: Reflective Code Loading
- **Microsoft AMSI Documentation**: https://learn.microsoft.com/en-us/windows/win32/amsi/
- **PowerShell Logging**: https://learn.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/whats-new/script-logging