diff --git a/0_custom_configuration/all_modules.txt b/0_custom_configuration/all_modules.txt
index 350b3964..a32da81c 100644
Binary files a/0_custom_configuration/all_modules.txt and b/0_custom_configuration/all_modules.txt differ
diff --git a/0_custom_configuration/mde_covered_modules.txt b/0_custom_configuration/mde_covered_modules.txt
index c19b2b6d..2f6433cc 100644
Binary files a/0_custom_configuration/mde_covered_modules.txt and b/0_custom_configuration/mde_covered_modules.txt differ
diff --git a/11_file_create/include_powershell_profiles.xml b/11_file_create/include_powershell_profiles.xml
new file mode 100644
index 00000000..2778ca1d
--- /dev/null
+++ b/11_file_create/include_powershell_profiles.xml
@@ -0,0 +1,23 @@
+<Sysmon schemaversion="4.30">
+    <EventFiltering>
+        <RuleGroup name="" groupRelation="or">
+            <FileCreate onmatch="include">
+                <Rule name="technique_id=T1546.013,technique_name=Event Triggered Execution: PowerShell Profile" groupRelation="or"> <!-- PowerShell Profile Rule for T1546.013 -->
+                    <!-- PowerShell 5.1 [ More information: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-5.1] -->
+                    <TargetFilename condition="end with">\Documents\WindowsPowerShell\Profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">C:\Windows\System32\WindowsPowerShell\v1.0\Profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1</TargetFilename>
+
+                    <!-- PowerShell 7 [ More information: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.4] -->
+                    <TargetFilename condition="end with">\Documents\PowerShell\Profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">\Documents\PowerShell\Microsoft.PowerShell_profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">C:\Program Files\PowerShell\7\Profile.ps1</TargetFilename>
+                    <TargetFilename condition="end with">C:\Program Files\PowerShell\7\Microsoft.PowerShell_profile.ps1</TargetFilename>
+                </Rule>
+            </FileCreate>
+        </RuleGroup>
+    </EventFiltering>
+</Sysmon>
diff --git a/attack_matrix/Sysmon-modular.json b/attack_matrix/Sysmon-modular.json
index 969e604a..a44ca3fa 100644
--- a/attack_matrix/Sysmon-modular.json
+++ b/attack_matrix/Sysmon-modular.json
@@ -1105,6 +1105,22 @@
 			"comment": "",
 			"enabled": true,
 			"metadata": []
+		},
+		{
+			"techniqueID": "T1546.013",
+			"tactic": "persistence",
+			"color": "#fd8d3c",
+			"comment": "",
+			"enabled": true,
+			"metadata": []
+		},
+		{
+			"techniqueID": "T1546.013",
+			"tactic": "privilege-escalation",
+			"color": "#fd8d3c",
+			"comment": "",
+			"enabled": true,
+			"metadata": []
 		}
 	],
 	"gradient": {