Linux kernel rootkits are everywhere, but no modern (public) detection system exists. Linux rootkit checkers are currently woefully inadequate, often focusing upon mundane and outdated techniques that are only used by the lowest of the kiddies. I will briefly highlight common modern rootkit techniques as seen in real in-the-netz linux rootkits, and walk through my Antilulz tool, which is an LKM designed to be loaded at times of peak paranoia to give your kernel the once over. I'll continue the conversation discussing what a rootkit would need to do to defeat these checks, and expand upon antilulz to continue the cold war. If I've time, I'll talk a bit about the state of rootkit detection, and will discuss real-time kernel IDS techniques, and why they are extremely hard to do.