FlipSwitch is a novel syscall hooking technique developed to bypass the changes introduced in Linux kernel 6.9 that neutralized traditional hooking methods. By directly patching the syscall dispatcher's machine code, FlipSwitch allows rootkits to redirect syscalls while remaining stealthy, posing ongoing challenges for kernel security. Detection methods, including YARA rules, have been devised to identify this rootkit in memory or on disk.