FlipSwitch introduces a new syscall hooking technique for Linux kernel 6.9+, bypassing traditional methods rendered obsolete by changes in the syscall dispatch mechanism. The technique locates the original syscall function, scans the x64_sys_call function's machine code for a specific call instruction, and modifies its offset to redirect to a malicious function. This precise method leaves minimal traces and can be fully reverted. FlipSwitch demonstrates the ongoing evolution of attack techniques in response to kernel hardening efforts, highlighting the cat-and-mouse game between attackers and defenders in cybersecurity.