NyxInvoke – A Comprehensive Guide To Advanced Execution Techniques In Rust

NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities.

It can be compiled as either a standalone executable or a DLL.

Features

Execute .NET assemblies
Run PowerShell commands or scripts
Load and execute Beacon Object Files (BOFs)
Built-in patchless AMSI (Anti-Malware Scan Interface) bypass
Built-in patchless ETW (Event Tracing for Windows) bypass
Support for encrypted payloads with AES decryption
Flexible input options: local files, URLs, or compiled-in data
Dual-build support: can be compiled as an executable or a DLL

Building

NyxInvoke can be built as either an executable or a DLL. Use the following commands:

Executable

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features exe --bin NyxInvoke

DLL

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features dll --lib

To include compiled-in CLR or BOF data, add the respective features:

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=exe,compiled_clr,compiled_bof --bin NyxInvoke

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=dll,compiled_clr,compiled_bof --lib

Usage

Executable Mode

The executable supports three main modes of operation:

CLR Mode (.NET assembly execution)
PowerShell Mode
BOF Mode (Beacon Object File execution)

General Syntax

NyxInvoke.exe <mode> [OPTIONS]

For more information click here.

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.