Aspie Hackers — Bug Whisperers
Dreaming of a responsible Aspie Hacker lifestyle? Want to get paid for reporting vulnerabilities in websites?
“Aspie Hackers — Bug Whisperers” is a boutique digital skills bootcamp to kickstart and accelerate self-employment for neuro-nontypical, neuro-atypical, highly functioning neuro-diverse autistic people previously diagnosed with Asperger’s*.
Work in the Ethical Hacking community using existing approaches on Bug Bounty Programs! No experience necessary — but one should enjoy playing on the Internet. It’s a combination of “Hackers for Change” x “AsperIT” x “Bug Bounty Reports Explained” with the assistance of Artificial Intelligence generative prompts and VR workstations as needed.
We will come together as a Work Group** and study the skillsets and tools for real-world Vulnerability Disclosure Programs and Bug Bounty Hunting until we succeed through collaborating on international platforms such as HackerOne and Bugcrowd.
Companies will pay each individual after we find vulnerabilities in their Bug Bounty Programs. We may later seek employment at Capture-The-Flag (CTF) events and private invitations from companies on the same platforms. There are many ways to advance one’s career and remuneration.
Is this a promise of pay and employment? No — Bug Bounty Hunting is simply a newer way to get paid for Ethical Hacking and be self-employed based on the amount of time and effort one puts in. Bug Bounties have been around since the start of the Internet but But Bounty Platforms are about 10 years old and growing fast in popularity over the last 5 years.
*Asperger’s doesn’t exist anymore as a diagnosis but Aspie is a cool brand name until we create the next one, which could be anything from elfen to ET Neuro.
**Work Group: The hope is to make this organization into a corresponding entity (such as a non-profit) based on interest. Hyperlink to our LinkedIn Group now.
WHAT EXACTLY ARE WE DOING?
We will participate in the open-source community of Software Engineers working with Internet technologies, specifically Web Applications (websites) at particular Test Phases of the Secure Software Deveopment Lifecycle (SSDLC). There we will merge with the Security Operations specialists who focus on Offensive Security Testing which are Ethical Hackers who simulate malicious hackers in a legal approved setting in order to improve security. We will work with only the Bug Bounty Platform’s website addresses in a “black-box” environment of unknowns. This means we have to learn how to identify everything of value about a web application/website/product. The first part of a Penetration Test is a Vulnerability Assessment in which the first part is an Information Gathering Stealth Recon phase in which Open-Source Intelligence (OSINT) is analyzed in various ways based on context.
For those wondering, automated scans (such as through Dynamic Application Security Testing (DAST)) are merely a small aspect of the work. We will be conducting competent manual active Proof-of-Concept (POC) exploitation as necessary when legal and part of the process.
There exist established guidelines and methodologies familiar to all Web Application Security experts — and these will form our executive foundations much like a secret sauce to those on the outside looking in. This will be our operational focus until we develop our own Bug Whisperer’s best strategies.
We will connect and interact with the vast openly secret communities on social media platforms such as Discord and Twitter for starters.
LOOKING FOR
Hacker Aspies and assistance in the organization — collaborate brightly online and/or in person and work during your best hours.
CURRENT PHASE
We’re currently a free Discord server called “Aspie Hackers” and an online Meetup.com event called “Aspie Bug Whisperers — 101”.
WEEKLY 101 MEETUPS
The plan is to begin with two “101" meetups per week to introduce the idea. These will be presented online (global) and sometimes in person at the current location. On mondays we will state the plan for the week and on fridays we will discuss what was accomplished.
With the right momentum we will begin the first series presentations after the 101s.
The first “Aspie Bug Whisperers — 101” online meetup event was slated for July 10th, 2023.
We began in Ottawa, Canada’s safe capital in the summer of 2023, and moved to Wrocław, Poland for the summer of 2024. As digital nomads we are available online.
Meetups and Discord are a beginning. Maintaining OPSEC (Operations Security) in the field of Cyber Security is noteworthy but we want this to be an open concept organization. More advanced and encrypted communications are available as necessary.
FIRST SERIES PRESENTATIONS
All about Web Application Security Testing within Cyber Security and Bug Bounty Platforms. Please see the other foundational articles in this publication.
SECOND SERIES PRESENTATIONS
All about Stealth Recon, the first phase in a Vulnerability Assessment for a Penetration Test.
THIRD SERIES PRESENTATIONS
Our best and brightest.
ABOUT ASPIE HACKERS
Highly functioning autistic people. Possibly most natural hackers.
Aspie hackers are atypically:
— extremely detail oriented
— naturally “out of the box”
— capable of hyper-focusing with a high capacity for analysis
— superior in identifying patterns
— methodological and make more rational decisions
— focused on finding the best solutions, not one of the best
— interested, with a specific bandwidth for huge amounts of information in an obsessive way
— vividly excel in their field of expertise
— passionately search for complex intellectual stimulation
— the “investigator profile” - highly valuable for forensics and pentesting
— longer stamina with autonomy over schedule
Yet people on this spectrum are some of the most frequently unemployed.
ASPIE NOTES
We are already outside of the system as Aspies — we do ethical social engineering just to stay alive. Hackers have a passion for studying systems to make them work right.
The seemingly technical hacker art of “character encoding and escaping” is a primary skill of a Web Application Tester — and it’s also what Aspies do naturally every day by attuning to ordinary neuro-typicalities. We often “escape” social codes in a similar fashion to “escaped characters” by not processing ordinary interactions in an automated way, although this fabulous spectrum allows some to create their own automation scripts live!
Automation is a mega skill in the dimension of Web Application Security Testing. Artificial Intelligence through tools such as ChatGPT may further accelerate the learning curve previously necessary to gain junior level employment.
Writing ChatGPT prompts as a new security skill: one first has a need to know the language of the product under test (Web Application business) and the security dimension — our working group organization’s specialty.
ASPIE HEALTH
This group is about performing at our best and brightest. We will advocate best working practices holistically for the mind and body, as per Aspie.
PRECISE AIMS
The aim is to succeed in establishing a maturing group, on a clear path to Bug Bounty payouts for “Aspie Hackers — Bug Whisperers”.
TOPICS OF SPECIAL INTEREST
Primary:
Cyber Security
Hacker Communities
InfoSec — NetSec — AppSec — Web
Stealth Recon
Vulnerability Assessment
Risk Assessment
Professional Attacks with Consent
Guidelines
Methodologies
Tools
Reporting
Bug Bounty Platforms
AI — ChatGPT
Virtual Reality
Secondary:
Roadmaps
Certifications
Online Courses
Literature
Practice Labs
Communities and Events
Bitcoin
NFTs and DAOs
Cyber Crime
Encryption
Darkweb
News Sources
BUSINESS HELP NEEDED
There is currently no organization or operating costs. Let’s connect to make “Bug Whisperers” happen!
Perhaps by creating a non-profit for Aspies we could obtain assistance such as free online training modules from various schools.
ABOUT THE FOUNDER
Apparently I’m highly functioning and passionate about Cyber Security while doing this for fellow Aspies in town and globally. I’ve paid my time in normal circumstances on the quest for IT engagement, so I’m also grateful for your maintenance of curiosity!
