// Comparison

Hacks, Leaks, and Revelations vs Open Source Intelligence Techniques and Tools: Which Should You Read?

Two cybersecurity books on OSINT, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52024

The Art of Analyzing Hacked and Leaked Data

Micah Lee

Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.

Beginner

3/52018

Open Source Intelligence Techniques and Tools

Nihad A. Hassan, Rami Hijazi

Hassan and Hijazi's pedagogical introduction to OSINT framed inside the broader intelligence cycle (collection → processing → analysis → dissemination) rather than around a specific toolchain.

Read this if

Investigative journalists, threat intel analysts, and OSINT practitioners who routinely handle leaked datasets. Lee covers verification, OPSEC for sources, and the practical Python tooling that turns a multi-gigabyte dump into a story or a finding.

Readers coming from a non-investigative background — students, analysts, junior threat-intel hires — who want a methodology before they touch tools. Stronger on framing and process than Bazzell, and the right first book if you don't yet know what an OSINT engagement should produce.

Skip this if

Readers wanting traditional pentest tradecraft. The book is about post-leak analysis, not about how to obtain data. Different domain entirely.

Practitioners who already know the methodology and need current tooling; this book ages quickly on URLs and platforms. Also light on OPSEC, attribution avoidance, and the operational rigour real investigations demand. By 2026 the tooling chapters are partially historical.

Key takeaways

Verification is half the work; the book's framing of authentication-by-cross-reference and provenance-by-metadata is the cleanest in print.
Source OPSEC is structural, not personal; the book's chapters on SecureDrop, Tails, and Tor align with current practitioner standards.
Python plus Aleph plus DataSette plus a few small custom scripts is enough to handle most real-world leaks; the book's pragmatic tooling choices avoid academic over-engineering.

OSINT lives inside the intelligence cycle; treating it as ad-hoc Googling produces ad-hoc Googling-grade output.
Source classification, bias awareness, and verification are the boring chapters that separate analysis from speculation.
Hassan and Hijazi's strongest contribution is the conceptual scaffolding; once internalized, you can graduate to Bazzell for current depth.

How they compare

We rate Hacks, Leaks, and Revelations higher (4/5 against 3/5 for Open Source Intelligence Techniques and Tools). For most readers, that means Hacks, Leaks, and Revelations is the primary pick and Open Source Intelligence Techniques and Tools is a useful follow-up.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

Hacks, Leaks, and Revelations and Open Source Intelligence Techniques and Tools both cover OSINT, so reading them in sequence reinforces the same material from different angles.

Keep reading

Hacks, Leaks, and Revelations

→ Alternatives to Hacks, Leaks, and Revelations → What to read after Hacks, Leaks, and Revelations