NyxInvoke – A Comprehensive Guide To Advanced Execution Techniques In Rust

NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities.

It can be compiled as either a standalone executable or a DLL.

Features

• Execute .NET assemblies
• Run PowerShell commands or scripts
• Load and execute Beacon Object Files (BOFs)
• Built-in patchless AMSI (Anti-Malware Scan Interface) bypass
• Built-in patchless ETW (Event Tracing for Windows) bypass
• Support for encrypted payloads with AES decryption
• Flexible input options: local files, URLs, or compiled-in data
• Dual-build support: can be compiled as an executable or a DLL

Building

NyxInvoke can be built as either an executable or a DLL. Use the following commands:

Executable

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features exe --bin NyxInvoke

DLL

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features dll --lib

To include compiled-in CLR or BOF data, add the respective features:

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=exe,compiled_clr,compiled_bof --bin NyxInvoke

or

cargo +nightly build --release --target=x86_64-pc-windows-msvc --features=dll,compiled_clr,compiled_bof --lib

Usage

Executable Mode

The executable supports three main modes of operation:

1. CLR Mode (.NET assembly execution)
2. PowerShell Mode
3. BOF Mode (Beacon Object File execution)

General Syntax

NyxInvoke.exe <mode> [OPTIONS]

For more information click here.