← LibraryTechnique entry
EDR-DIRECT-SYSCALLDefense Evasion
Direct Syscall (Hell's / Halo's Gate)
Invoke NT syscalls directly instead of via hooked ntdll exports — skips userland EDR hooks on Nt* APIs.
§ Where this technique fits
EDR-DIRECT-SYSCALL is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.