Darkside
C# AV/EDR Killer using less-known driver (BYOVD)
Install / Use
/learn @ph4nt0mbyt3/DarksideREADME
Darkside
This is a C# AV/EDR Killer using Rogue Anti-Malware Driver 3.3. This driver is not present in the loldrivers or Windows blocklist at the time of this writing. The only reason I'm making this public is because the company has already published a fix in version 3.4, and Microsoft will likely block this driver soon. This driver can be used in Windows 23H2 with HVCI enabled, loldrivers blocklist, or WDAC enabled. HVCI is designed to ensure the integrity of code executed in the kernel, but it cannot protect against all possible vulnerabilities or actions that can be performed through drivers or system interfaces.
Steps
- Load and start the driver:
sc create TrueSight binPath="c:\path\to\truesight.sys" type= kernel start= demand
sc start TrueSight
- Start Darkside
Darkside.exe -p PID
Recommendations
- Block this driver through WDAC or wait till Microsoft do it (at your own risk)
- Limit local privileges, audit and prevent privesc attacks.
Related Skills
node-connect
343.1kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
90.0kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
343.1kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
343.1kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
