ph4nt0mbyt3/Darkside external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ph4nt0mbyt3/Darkside

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ph4nt0mbyt3/Darkside)

Close

ph4nt0mbyt3 / DarksideView on GitHubMore

• External links
• Readme badge

C# AV/EDR Killer using less-known driver (BYOVD)

☆185Nov 10, 2023Updated 2 years ago

Alternatives and similar repositories for Darkside

Users that are interested in Darkside are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MaorSabag / TrueSightKiller

  View on GitHub
  CPP AV/EDR Killer
  ☆481Nov 28, 2023Updated 2 years ago
• cpu0x00 / SharpReflectivePEInjection

  View on GitHub
  reflectively load and execute PEs locally and remotely bypassing EDR hooks
  ☆166Jan 4, 2024Updated 2 years ago
• brosck / Reaper

  View on GitHub
  「💀」Proof of concept on BYOVD attack
  ☆165Dec 7, 2024Updated last year
• Helixo32 / NimBlackout

  View on GitHub
  Kill AV/EDR leveraging BYOVD attack
  ☆397Jul 11, 2023Updated 2 years ago
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆547Feb 13, 2024Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• YOLOP0wn / EchoDrv

  View on GitHub
  Exploitation of echo_driver.sys
  ☆170Sep 16, 2023Updated 2 years ago
• ZeroMemoryEx / Terminator

  View on GitHub
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆1,050Jun 20, 2023Updated 2 years ago
• itm4n / PPLrevenant

  View on GitHub
  Bypass LSA protection using the BYODLL technique
  ☆178Sep 21, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• eversinc33 / Banshee

  View on GitHub
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆594Aug 2, 2025Updated 8 months ago
• mertdas / SharpTerminator

  View on GitHub
  Terminate AV/EDR Processes using kernel driver
  ☆354Jun 12, 2023Updated 2 years ago
• MalwareTech / EDRception

  View on GitHub
  A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
  ☆203Dec 27, 2023Updated 2 years ago
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆971Jul 21, 2023Updated 2 years ago
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆595Jan 5, 2025Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• itaymigdal / PartyLoader

  View on GitHub
  Threadless shellcode injection tool
  ☆68Aug 5, 2024Updated last year
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆269Apr 8, 2025Updated last year
• 0xHossam / Killer

  View on GitHub
  Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.
  ☆835Jul 2, 2024Updated last year
• MzHmO / NtlmThief

  View on GitHub
  Extracting NetNTLM without touching lsass.exe
  ☆244Nov 27, 2023Updated 2 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆791Jan 26, 2026Updated 2 months ago
• rasta-mouse / CsWhispers

  View on GitHub
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆191Mar 4, 2024Updated 2 years ago
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆245Jul 2, 2024Updated last year
• blackarrowsec / Handly

  View on GitHub
  Abuse leaked token handles.
  ☆136Dec 14, 2023Updated 2 years ago
• Yair-Men / Passenger

  View on GitHub
  ProcExp Driver (Ab)use
  ☆22Dec 28, 2022Updated 3 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• xalicex / Killers

  View on GitHub
  Exploitation of process killer drivers
  ☆204Oct 17, 2023Updated 2 years ago
• antonioCoco / SspiUacBypass

  View on GitHub
  Bypassing UAC with SSPI Datagram Contexts
  ☆466Sep 24, 2023Updated 2 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆413Jan 11, 2026Updated 3 months ago
• roberreigada / LsassUnhooker

  View on GitHub
  Little program written in C# to bypass EDR hooks and dump the content of the lsass process
  ☆61Jun 24, 2021Updated 4 years ago
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV

  View on GitHub
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆291May 27, 2024Updated last year
• BlackSnufkin / NovaLdr

  View on GitHub
  Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
  ☆264Jun 29, 2024Updated last year
• senzee1984 / MutationGate

  View on GitHub
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆281Apr 10, 2024Updated 2 years ago
• YOLOP0wn / POSTDump

  View on GitHub
  ☆345Nov 10, 2025Updated 5 months ago
• Octoberfest7 / CVE-2023-36874_BOF

  View on GitHub
  Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
  ☆205Aug 25, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• passthehashbrowns / BOFMask

  View on GitHub
  ☆131Jun 28, 2023Updated 2 years ago
• thiagopeixoto / mystique-self-injection

  View on GitHub
  An improvement and a different approach to Mockingjay Self-Injection.
  ☆35May 21, 2024Updated last year
• S3cur3Th1sSh1t / Caro-Kann

  View on GitHub
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆409Sep 12, 2023Updated 2 years ago
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆685Aug 15, 2025Updated 8 months ago
• Mr-Un1k0d3r / .NetConfigLoader

  View on GitHub
  .net config loader
  ☆350Nov 9, 2023Updated 2 years ago
• OtterHacker / SetProcessInjection

  View on GitHub
  ☆155Oct 2, 2023Updated 2 years ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆622Jan 2, 2025Updated last year