Singularity is a sophisticated Loadable Kernel Module (LKM) rootkit designed for Linux 6.x kernels. It employs advanced techniques for evasion and persistence, making it particularly challenging to detect. The rootkit leverages the ftrace mechanism for hooking system calls without modifying the System Call Table, thus avoiding detection by common security measures. While ftrace operates within kernel protections, it can still be targeted for detection. The article highlights how forensic analysts with direct memory access can uncover traces of ftrace hooks, particularly through files like `/sys/kernel/debug/tracing/enabled_functions`. Hiding processes is a core feature of Singularity. The rootkit uses a simple array to manage hidden process IDs, allowing it to maintain performance without complex memory management. By hooking the `kill()` syscall, it can silently add processes to its hidden list when a specific signal (signal 59) is sent. This enables privilege escalation without raising alarms. The rootkit also modifies directory listings in `/proc` to exclude hidden processes and can manipulate stat calls to conceal the existence of hidden PIDs from various detection tools. The article dives into the technical details of how Singularity achieves process invisibility. It filters directory entries and modifies the return values of system calls to ensure hidden processes remain undetectable. Techniques include adjusting the number of links in parent directories to prevent inconsistencies that could alert analysts. The rootkit is designed to operate stealthily, making it a significant threat for security researchers and defenders alike. The full source code of Singularity is available for those interested in studying its implementation further.