Tag: Syscall Hooking

Amid the ongoing duel between Linux kernel developers and authors of malicious modules, each kernel release reshuffles the balance of power. A recent example is the FlipSwitch rootkit module, which employs an unusual technique to intercept system calls under the stringent constraints introduced in kernel 6.9. Rather than relying on the familiar substitution of pointers…