// Comparison

Hacks, Leaks, and Revelations vs Practical Social Engineering: Which Should You Read?

Two cybersecurity books on OSINT, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52024

The Art of Analyzing Hacked and Leaked Data

Micah Lee

Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.

Intermediate

4/52022

Practical Social Engineering

A Primer for the Ethical Hacker

Joe Gray

Joe Gray's working manual for the social-engineering side of red team and threat intel: OSINT-driven recon, pretexting, phishing infrastructure, and the legal and ethical boundaries that separate professional work from criminal activity.

Read this if

Investigative journalists, threat intel analysts, and OSINT practitioners who routinely handle leaked datasets. Lee covers verification, OPSEC for sources, and the practical Python tooling that turns a multi-gigabyte dump into a story or a finding.

Red teamers, fraud investigators, and threat-intel analysts who need to operationalize social engineering as a discipline rather than a stunt. Strongest for the OSINT-to-pretext pipeline — Gray shows how recon directly shapes what your call sounds like.

Skip this if

Readers wanting traditional pentest tradecraft. The book is about post-leak analysis, not about how to obtain data. Different domain entirely.

Readers wanting Mitnick-style war stories. Gray writes like a practitioner, not a memoirist; the book is procedural and careful, not dramatic. Also light on adversarial deepfake / voice-clone tradecraft, which is where the field has moved since 2022.

Key takeaways

Verification is half the work; the book's framing of authentication-by-cross-reference and provenance-by-metadata is the cleanest in print.
Source OPSEC is structural, not personal; the book's chapters on SecureDrop, Tails, and Tor align with current practitioner standards.
Python plus Aleph plus DataSette plus a few small custom scripts is enough to handle most real-world leaks; the book's pragmatic tooling choices avoid academic over-engineering.

Recon is the engagement: a pretext that doesn't survive contact with the target's reality is a recon failure, not a delivery failure.
Documentation, scoping, and consent are not bureaucratic overhead; they are what separate professional social engineering from social engineering.
OSINT and SE are the same workflow viewed from two sides — what you can find is what you can credibly claim to know.

How they compare

Hacks, Leaks, and Revelations and Practical Social Engineering are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Hacks, Leaks, and Revelations is pitched at beginner level. Practical Social Engineering is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Hacks, Leaks, and Revelations and Practical Social Engineering both cover OSINT, so reading them in sequence reinforces the same material from different angles.

Keep reading

Hacks, Leaks, and Revelations

→ Alternatives to Hacks, Leaks, and Revelations → What to read after Hacks, Leaks, and Revelations