[Bug]: Couldn't run Start-ADThreatHun.ps1 #2
Description
What happened?
Ran this command .\Start-ADThreatHunter.ps1 -verbose in a lab DC with unstricted powershell environment as Administrator.
The troubleshooting doesn't help.
Windows Version
Windows Server 2022
Audit Policy Status
Yes
Relevant log output
PSMessageDetails :
Exception : System.Management.Automation.ParseException: At C:\Users\Administrator\Downloads\PowerShell-Hun
ter-main\PowerShell-Hunter-main\AD-ThreatHunting\functions\Get-ADSuspiciousActivity.ps1:106
char:67
+ ... CallingComputer = $_.Properties[13].Value ?? "Unknow ...
+ ~~
Unexpected token '??' in expression or statement.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:106 char:66
+ ... CallingComputer = $_.Properties[13].Value ?? "Unk ...
+ ~
The hash literal was incomplete.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:109 char:22
+ }
+ ~
The Try statement is missing its Catch or Finally block.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:116 char:15
+ } | Where-Object { $_ -ne $null }
+ ~
An empty pipe element is not allowed.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:195 char:10
+ }
+ ~
The Try statement is missing its Catch or Finally block.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:209 char:47
+ TotalFailedLogins = $failedLogins ? $failedLogins.Count : ...
+ ~
Unexpected token '?' in expression or statement.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:209 char:46
+ TotalFailedLogins = $failedLogins ? $failedLogins.Count : ...
+ ~
The hash literal was incomplete.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:239 char:5
+ }
+ ~
Unexpected token '}' in expression or statement.
At C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-main\AD-ThreatHunt
ing\functions\Get-ADSuspiciousActivity.ps1:244 char:1
+ }
+ ~
Unexpected token '}' in expression or statement.
at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext
funcContext, Exception exception)
at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame
frame)
at
System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame
frame)
at
System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame
frame)
at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke
clauseToInvoke, Boolean createLocalScope, Dictionary`2 functionsToDefine, List`1
variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object
input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args)
at System.Management.Automation.ScriptBlock.<>c__DisplayClass57_0.<InvokeWithPipe>b__0()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThre
adCheck(Action action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope,
ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object
scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Boolean
propagateAllExceptionsToTop, List`1 variablesToDefine, Dictionary`2 functionsToDefine,
Object[] args)
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(Cmdlet contextCmdlet, Boolean
useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input,
Object scriptThis, Object[] args)
at Microsoft.PowerShell.Commands.ForEachObjectCommand.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.Pipe.AddToPipe(Object obj)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback
callback, Object state)
at System.Management.Automation.MshCommandRuntime.WriteObject(Object sendToPipeline)
at System.Management.Automation.Cmdlet.WriteObject(Object sendToPipeline)
at System.Management.Automation.Provider.CmdletProvider.WriteItemObject(Object item, String
path, Boolean isContainer)
at Microsoft.PowerShell.Commands.FileSystemProvider.GetItem(String path)
at System.Management.Automation.SessionStateInternal.GetItemPrivate(CmdletProvider
providerInstance, String path, CmdletProviderContext context)
TargetObject :
CategoryInfo : ParserError: (:) [Get-ChildItem], ParseException
FullyQualifiedErrorId : UnexpectedToken,Microsoft.PowerShell.Commands.GetChildItemCommand
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at <ScriptBlock>, C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-mai
n\AD-ThreatHunting\Start-ADThreatHunt.ps1: line 80
at <ScriptBlock>, C:\Users\Administrator\Downloads\PowerShell-Hunter-main\PowerShell-Hunter-mai
n\AD-ThreatHunting\Start-ADThreatHunt.ps1: line 78
at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}