How Does Mind Mapping Help for Better Bug Bounty
“If Mind maps work for you then great. Else figure out something that does.”
Katie, a PhD student from the United Kingdom, an “occasional bug bounty hunter”, and a Youtuber. We talked a lot, and she shared stories of mind maps, her bug bounty insights and strategies, and how she used mind maps in her bug bounty career and more.
We first met her on a tweet where she shared her ideas of bug bounty notes with mind maps, and she gave us a big warm welcome later. She shared her story between mind maps, her bug bounty strategies, and how she used mind maps in her bug bounty career, etc.
This interview is done in a mind mapping way ended like this:
You can feel her wit and the vibe behind the map :)
Tell us more about yourself.
My name is Katie and I'm a PhD student and bug bounty hunter. I study natural language processing and cyber security at Cranfield University.
But in my free time I do bug bounty hunting. I also make educational videos about bug hunting on my YouTube channel.
In the little free time I do have, I also knit. I have knitted various 'lucky socks’, and I always find bugs if I am wearing my lucky socks.
How long have you been using XMind? What do you use mind map for?
I have been using XMind for 2 years now, since the start of my PhD. I'm really into productivity and being organized so I spent a lot of time googling for note taking techniques.
I found mind mapping and XMind and I've never tried any other software for mind mapping, I tried XMind and almost immediately purchased it.
I mindmap for all kinds of things:
- I run a YouTube channel talking about Cyber Security I mindmap all my videos.
- During my PhD when I write notes on my research, I mindmap questions and answers.
- For Bug bounties I treat learning as a course so I take notes in XMind too.
Do you still remember what was the first mind map about? How do you feel about it?
So my first mind map was a mind map of everything I have left to do on my PhD. I found it very stressful to look at as I made it my desktop background. A colleague said I need something natural in there to keep me calm.
So I added some grass :)
Do you study at home because of the Coronavirus? and how does XMind help in this period of time?
Yes! The UK is under lockdown right now. So if we can work at home, we need to to protect others.
I have had no real changes adapting to working from home full time. I think one of the most important things when you're learning anything (official student or not) it's really important to not read things passively.
You need to question what you read, think critically about it and take notes, you never know what will inspire you later.
When you take notes it helps for them to be searchable. In XMind, I do this by exporting the markdown as well as the image before adding it to my notebook. My notebook also has tags so I can easily find mind maps relating to certain concepts.
How do you make mind maps? What are the principles you've been following when making them?
I stick to templates so I'm never left with a blank screen I keep these templates highly focused on asking and answering questions. So I might start with something like "How did they exploit the target?" , and answer it by going "They were able to do x, y, z"
It must be appealing to look at but visually distinct. So playing around with colour, branch styles, topic styles etc
I make mind maps as I read/watch/listen, so often they end up kinda messy as my brain processes all the info.
These are the steps about how I create a mind map:
Step 1 - Open up the template
Step 2 - Decide what to read
I record info like the link if it's on the web or citation if it's academic so I can find it again, then I add some keywords, this is super important because when it goes into my notebook it will make it searchable even if I don't use some words.
Step 3 - Ask and Answer Myself
I start by asking questions that I think whatever I'm reading should be able to answer (it might not but this tells me my motivation for reading+taking notes)
Step 4 - Summarize
I read the whole article/watch the whole video/read all the slides and just focus on the core ideas - often including screenshots.
Step 5 - What new things have I learned?
This focuses on everything new I've learned while reading, sometimes these are notes and sometimes I add symbols for my own comments.
Step 6 - Asking and answering my initial questions.
Sometimes a resource might pose extra questions, but in this case we ignore that bubble.
Here comes the map:
How did the idea of using XMind for bug bounty come up?
From my followers!
I've been using XMind a LONG time for work. When my followers and other bug bounty hunters tell me, they were using XMind, it's like a lightbulb went on and I was like “whah I can use this for other things”.
I definitely take better notes when I mindmap because the visual notes + flow really work well for me, so I don't know why I was making it more difficult by writing notes in bullet point form.
What are the advantages for mind mapping on bug bounty notes?
I'm a very visual person so I find mind mapping to have a low "brain focus requirement”.
Being able to drag ideas around, create new leaves quickly means that it can keep up with you. Plus later as you start to reflect you can throw in summaries, boundaries and relationships to join related ideas. Also you can easily include screenshots without messing around too much, and then you can hide it if you want something out of the way so you see your ideas and not the output of tools.
In general, I think it's just very flexible and when you deal with a lot of types of notes (Screenshots, links, etc), you aren't limited by just text.
As an occasional bug bounty hunter, what is/are important for hunting the bugs down better?
Bug bounty hunting is a hobby for me, although it certainly has financial benefits!
I think especially for beginners, it's absorbing a ton of content, like learning a language; it's reading every article, even if you don't quite follow it, listening to podcasts, watching youtube videos, doing security challenges for practice.
Never stop learning and never say 'I can't read this I'm not good enough yet’. And like I said before, it's about not reading/watching/listening passively, always take notes and stay engaged.
That's how you can learn. Even the really technical/hard parts can be understood given time.
As an expert in Defense & Security, how does XMind help to make better defense and security stuff?
I think one feature that would be really useful for security professionals is better support for dealing with code/cmd line output: Automatically formatting, preserving source formatting etc.
More Markers! And the ability to import new Markers/stickers into XMind. I use these a bunch to add contextual information, but they're not always appropriate.
Honestly though, you're doing a good job many people in security are using XMind:
(Maybe start a formal bug bounty program ;) - If you haven't already)
What is/are your favorite features in XMind? Why?
enter to create new leaves or branches!
I can mindmap and think at the same time, so I can write everything down. I also really like being able to theme and colour my mind maps, it makes it really nice to present them to others.
I've actually forgone a powerpoint presentation and just showed off my XMind notes.