Layers of the Hacker Onion

There are hackers, and then there are HACKERS. Which one you are depends on how deep you go through the layers in the onion. At the heart of this metaphorical onion is the actual CPU. Around this heart exist all the different pieces of a computer. I know, weird metaphor, but stick with me for a minute.

Let's start at the outside layers and work in. I'm not going to cover everything, just enough to get my point across. One instructor I've heard refer to this as "going toward the dragons." If you think back on really old maps, or even the ones used in role playing games today, there was always that part of the map around the edges that no one had ever gone to before (or very few people). That area always had dragons, and sea creatures draw on it, because there was a fear of the unknown. So he refers to your journey from the "known" into the "unknown" as the journey toward dragons. In our metaphor, as you work your way closer to a full understanding of the CPU, you'll be traveling toward those dragons, and increasing your own abilities.

The outer most layers of our onion are the domain of the normal end user. Solitaire lives here. The Windows GUI lives here. What we know is how to click which icon to get what application. Although this has improved the lives of billions of people around the world, it's also just the very surface of what's actually happening in the computer.

At the next layer down we have the expert users. People that can manipulate that operating environment, make changes that don't explode in their face, and do things that most end users think is amazing. This is the person your Granny might call first when she can't get on AOL.

The next layer is the super user. This person understand a lot more than just basic software and hardware. You might even say that people here are the first layer that we refer to as hackers. They probably know how to program in a high level language, understand how networking actually works (at a high level), and what services area. These are the script kiddies.

Deeper down, we find a layer where 90% of the hackers we know live. They can create scripts, understand network protocols, and run a bunch of security applications. They know how to do a port scan and vulnerability scans. They can understand the overall implications of 75% of the findings these tools present. But past this point, we're looking into the face dragons.

Thar be DRAGUNS!!! Here is the beginning of your quest for knowledge. At this point, you start to understand how High Level programming languages, like C++, are a lot like your Windows GUI. They give you a very high level way to access the CPU and it's functions. You start to want to learn Assembly, and how to use debuggers. You want to learn the difference between how RAM truly gets assigned and utilized by the CPU, and how the CPUs own internal register locations are used. You're one layer away from the CPU in our model. With enough work in this area, you'll actually understand the binary instruction sets used within the CPU, and how we can modify the registers to create our own instruction flow. This is how you Reverse Engineer and write Exploits.

Now, as you've read this, I'd imagine you've probably already placed yourself within one of these layers. Your goal, as a hacker, is to reach that inner most layer, nearest to the CPU. To really gain a complete understanding of the system, so that you can hack it, and protect it. But the only way to do this is to do it on your own. Someone can open the door, but you have to do the walking on your own. It's a little bit like a religious journey in that respect.