This paper introduces the new Linux Trace Toolkit Next Generation (LTTng) kernel tracer and its analysis counterpart, Linux Trace Toolkit Viewer (LTTV), a fully extensible text and graphical trace viewer. It will focus on how these tools can be used in the security field, particularly for reverse engineering. Using a tracer to reverse engineer a software "black box" can help understanding its behavior. Such a software can be a either a driver, a library or a multithreaded application: the tracer can log every interaction between the operating system and the program. It can help eluding detection of sandboxes and debuggers due to its small performance impact compared to library wrappers and debuggers. It can collect every system call made by every program which can be later used for fuzzing. It is not, however, limited to process examination: one could use the kernel instrumentation to reverse engineer a driver controlling a piece of hardware. This tracer should be seen as a system wide monitor for your system: It gives you the opportunity to monitor the hardware, the OS, the libraries and the programs and analyse the information with integrated plugins. This paper will explain how you can use LTTng and LTTV for reverse engineering and how you can extend it further.