Exploring Hell’s Gate.
Hell’s Gate makes it possible to execute direct syscalls based on dynamically retrieving the required SSNs via a combination of walking the Process Environment Block (PEB), parsing the Export Address Table (EAT) from ntdll.dll, opcode comparison from the syscall stub of the native functions and extracting the SSNs.
https://redops.at/en/blog/exploring-hells-gate
https://t.me/cKure/13383