OSINT Techniques
Resources for Uncovering Online Information · 11th Edition
Michael Bazzell's relentlessly updated technical manual for finding people, accounts, breach data, geolocation evidence, and online identifiers — the de facto reference of the modern OSINT field.
- Authors
- Michael Bazzell
- Published
- 2024
- Publisher
- Independently published
- Pages
- 614
- Edition
- 11th Edition
- Language
- English
Read this if
Investigators, journalists, threat-intel analysts, fraud teams, and anyone whose job depends on what they can verify from public sources. The single most utilitarian OSINT book in print; Bazzell rewrites it nearly every year because the field's surface keeps moving.
Skip this if
Readers wanting an academic intelligence-cycle textbook or a single tidy OSINT methodology. Bazzell's strength is breadth, currency, and tooling — if you want methodology before tools, read Hassan & Hijazi first. Also written for North America; non-US techniques are sparser.
Key takeaways
- Treat the book as a current toolbox, not a finished doctrine — the URLs and tools die, the workflow Bazzell teaches outlives them.
- Build a separate VM and disposable identity per investigation; the book's OPSEC posture is non-negotiable for serious work.
- Breach-data, username, and email pivots are still the highest-yield queries in 2026; everything else is supporting evidence.
Notes
Read it with a notebook and a spun-up Linux VM; this is a workshop book, not an armchair read. Pair with Extreme Privacy 5e (Bazzell) for the defender's mirror image and with Practical Social Engineering (Gray) for the operational use case. Bazzell's IntelTechniques newsletter and the Privacy, Security and OSINT podcast are the continuing-education companion — the 11th edition will be partially obsolete by the time you finish it, and that is the field's shape, not the book's flaw.
What to read before
What to read before OSINT Techniques →Beginner · 2018
Open Source Intelligence Techniques and Tools
Hassan and Hijazi's pedagogical introduction to OSINT framed inside the broader intelligence cycle (collection → processing → analysis → dissemination) rather than around a specific toolchain.
Beginner · 2024
Hacks, Leaks, and Revelations
Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.
Intermediate · 2024
Extreme Privacy
Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.
What to read next
What to read after OSINT Techniques →Intermediate · 2024
Extreme Privacy
Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.
Beginner · 2018
Open Source Intelligence Techniques and Tools
Hassan and Hijazi's pedagogical introduction to OSINT framed inside the broader intelligence cycle (collection → processing → analysis → dissemination) rather than around a specific toolchain.
Intermediate · 2022
Practical Social Engineering
Joe Gray's working manual for the social-engineering side of red team and threat intel: OSINT-driven recon, pretexting, phishing infrastructure, and the legal and ethical boundaries that separate professional work from criminal activity.
Explore similar books
Alternatives to OSINT Techniques →Beginner · 2018
Open Source Intelligence Techniques and Tools
Hassan and Hijazi's pedagogical introduction to OSINT framed inside the broader intelligence cycle (collection → processing → analysis → dissemination) rather than around a specific toolchain.
Intermediate · 2024
Extreme Privacy
Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.
Beginner · 2024
Hacks, Leaks, and Revelations
Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.