NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities.
It can be compiled as either a standalone executable or a DLL.
NyxInvoke can be built as either an executable or a DLL. Use the following commands:
cargo +nightly build --release --target=x86_64-pc-windows-msvc --features exe --bin NyxInvoke
cargo +nightly build --release --target=x86_64-pc-windows-msvc --features dll --lib
To include compiled-in CLR or BOF data, add the respective features:
cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=exe,compiled_clr,compiled_bof --bin NyxInvoke
or
cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=dll,compiled_clr,compiled_bof --lib
The executable supports three main modes of operation:
NyxInvoke.exe <mode> [OPTIONS]
For more information click here.
You've heard about Rust, but you never had the chance to try it out?This course…
Prince now has a Windows Defender flag, namely "Ransom:Win64/PrinceRansom.YAA!MTB". This means that Prince Ransomware will…
This is small harness to recreate the social engineering and phishing lure recently seen in…
Usman Sikander (a.k.a Offensive-Panda) is a seasoned security professional specializing in adversary emulation, malware development,…
Just some quick malware analysis on a free Saturday. I was just chilling in the…
MyMSIAnalyzer is a tool that allows you to detect vulnerabilities inside MSI files. It is…