NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities.

It can be compiled as either a standalone executable or a DLL.

Features

  • Execute .NET assemblies
  • Run PowerShell commands or scripts
  • Load and execute Beacon Object Files (BOFs)
  • Built-in patchless AMSI (Anti-Malware Scan Interface) bypass
  • Built-in patchless ETW (Event Tracing for Windows) bypass
  • Support for encrypted payloads with AES decryption
  • Flexible input options: local files, URLs, or compiled-in data
  • Dual-build support: can be compiled as an executable or a DLL

Building

NyxInvoke can be built as either an executable or a DLL. Use the following commands:

Executable

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features exe --bin NyxInvoke

DLL

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features dll --lib

To include compiled-in CLR or BOF data, add the respective features:

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=exe,compiled_clr,compiled_bof --bin NyxInvoke

or

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=dll,compiled_clr,compiled_bof --lib

Usage

Executable Mode

The executable supports three main modes of operation:

  1. CLR Mode (.NET assembly execution)
  2. PowerShell Mode
  3. BOF Mode (Beacon Object File execution)

General Syntax

NyxInvoke.exe <mode> [OPTIONS]

For more information click here.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here