LKMs allow users to write code in the kernel space. Therefore, it becomes extremely easy to use LKMs to perform System Call Interception in order to perform tricks such as: Hide files and processes, trojanize executables, write shell backdoors, and much more. These are the tricks used by authors of most malicious backdoors. Hopefully, this knowledge will allow individuals that have been infected by such backdoors to understand how they work, and how to detect them. Also, two specific examples on how to use LKMs to perform Intrusion Detection will be presented: 1) Howto intercept sys_execve to detect Trojan binaries 2) Howto write your own sandbox environment. In addition, changes within the 2.5+ Kernels will also be discussed. At the end of this presentation, any audience member with minimal programming skills will be able to write his or her own LKMs using the techniques described.