Computer & OS Fundamentals · beginner · ~10 min
Explain the kernel's role, user vs kernel mode, and syscalls.
The OS kernel manages hardware and enforces security, running in privileged kernel mode while apps run in restricted user mode. Programs reach hardware only through system calls — the controlled user→kernel gateway.
The user/kernel boundary is the host's main security line. Privilege escalation and kernel exploits are about crossing or abusing it. Syscalls are also where defenders monitor (auditd, seccomp, EDR).
Kernel. Privileged core: scheduling, memory, devices, security. User vs kernel mode. Restricted vs full hardware access. System call. The controlled request from app to kernel. Security boundary. Crossing user→root/kernel is the essence of privilege escalation.
The operating system is the software that manages the hardware and arbitrates access between programs.
The kernel is the privileged core: it schedules processes, manages memory, controls devices, and enforces security. It runs in kernel mode with full hardware access. Your programs run in user mode with restricted access.
A user program can't touch hardware directly — it asks the kernel via a system call (read a file, open a socket, create a process). The CPU switches from user to kernel mode for the duration. Syscalls are the controlled gateway between an app and the machine.
The user/kernel split is the primary security boundary on a host. Privilege escalation often means tricking a kernel-mode or root component into doing something for you. Kernel exploits are the most powerful because the kernel has no higher authority to stop it.
Unix-like (Linux, macOS, BSD) and Windows differ in detail but share these ideas: a kernel, processes, users, permissions, and syscalls. The labs in this course are Unix/Linux-flavoured.
An OS kernel arbitrates hardware access and enforces the user/kernel privilege boundary; programs cross it only via system calls. That boundary is the central target of privilege escalation and the central thing defenders monitor.