NyxInvoke – A Comprehensive Guide To Advanced Execution Techniques In Rust

NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities.

It can be compiled as either a standalone executable or a DLL.

Features

Execute .NET assemblies
Run PowerShell commands or scripts
Load and execute Beacon Object Files (BOFs)
Built-in patchless AMSI (Anti-Malware Scan Interface) bypass
Built-in patchless ETW (Event Tracing for Windows) bypass
Support for encrypted payloads with AES decryption
Flexible input options: local files, URLs, or compiled-in data
Dual-build support: can be compiled as an executable or a DLL

Building

NyxInvoke can be built as either an executable or a DLL. Use the following commands:

Executable

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features exe --bin NyxInvoke

DLL

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features dll --lib

To include compiled-in CLR or BOF data, add the respective features:

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=exe,compiled_clr,compiled_bof --bin NyxInvoke

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=dll,compiled_clr,compiled_bof --lib

Usage

Executable Mode

The executable supports three main modes of operation:

CLR Mode (.NET assembly execution)
PowerShell Mode
BOF Mode (Beacon Object File execution)

General Syntax

NyxInvoke.exe <mode> [OPTIONS]

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.