Cyber Shelf

// Comparison

Hacks, Leaks, and Revelations vs OSINT Techniques: Which Should You Read?

Two cybersecurity books on OSINT, compared honestly: who each is for, what each does best, and which to read first.

Beginner
4/52024
Hacks, Leaks, and Revelations

The Art of Analyzing Hacked and Leaked Data

Micah Lee

Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.

Intermediate
5/52024
OSINT Techniques

Resources for Uncovering Online Information

Michael Bazzell

Michael Bazzell's relentlessly updated technical manual for finding people, accounts, breach data, geolocation evidence, and online identifiers — the de facto reference of the modern OSINT field.

Read this if

Investigative journalists, threat intel analysts, and OSINT practitioners who routinely handle leaked datasets. Lee covers verification, OPSEC for sources, and the practical Python tooling that turns a multi-gigabyte dump into a story or a finding.
Investigators, journalists, threat-intel analysts, fraud teams, and anyone whose job depends on what they can verify from public sources. The single most utilitarian OSINT book in print; Bazzell rewrites it nearly every year because the field's surface keeps moving.

Skip this if

Readers wanting traditional pentest tradecraft. The book is about post-leak analysis, not about how to obtain data. Different domain entirely.
Readers wanting an academic intelligence-cycle textbook or a single tidy OSINT methodology. Bazzell's strength is breadth, currency, and tooling — if you want methodology before tools, read Hassan & Hijazi first. Also written for North America; non-US techniques are sparser.

Key takeaways

  • Verification is half the work; the book's framing of authentication-by-cross-reference and provenance-by-metadata is the cleanest in print.
  • Source OPSEC is structural, not personal; the book's chapters on SecureDrop, Tails, and Tor align with current practitioner standards.
  • Python plus Aleph plus DataSette plus a few small custom scripts is enough to handle most real-world leaks; the book's pragmatic tooling choices avoid academic over-engineering.
  • Treat the book as a current toolbox, not a finished doctrine — the URLs and tools die, the workflow Bazzell teaches outlives them.
  • Build a separate VM and disposable identity per investigation; the book's OPSEC posture is non-negotiable for serious work.
  • Breach-data, username, and email pivots are still the highest-yield queries in 2026; everything else is supporting evidence.

How they compare

We rate OSINT Techniques higher (5/5 against 4/5 for Hacks, Leaks, and Revelations). For most readers, that means OSINT Techniques is the primary pick and Hacks, Leaks, and Revelations is a useful follow-up.

Hacks, Leaks, and Revelations is pitched at beginner level. OSINT Techniques is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Hacks, Leaks, and Revelations and OSINT Techniques both cover OSINT, Privacy, so reading them in sequence reinforces the same material from different angles.

Keep reading

Hacks, Leaks, and Revelations

Alternatives to Hacks, Leaks, and RevelationsWhat to read after Hacks, Leaks, and Revelations

OSINT Techniques

Alternatives to OSINT TechniquesWhat to read after OSINT Techniques

Related topics

OSINTPrivacy