See how OSINT really works from stolen data and breach engines to real world investigations. Learn More  

Leveraging Data Breach Data for Privacy and Intelligence

Black Hat OSINT

Data breaches aren't just leaks: they're intelligence assets. Black Hat OSINT pulls back the curtain on how stolen data is collected, traded, and weaponized, and how data breach search engines fit into that ecosystem. This book doesn't treat breaches as abstract incidents or headlines; it shows how real-world attackers think, how they steal data, exploit stolen data at scale, and how OSINT turns your data into a powerful weapon that's used against you.

Instead of focusing on tools, Black Hat OSINT walks you through the full lifecycle of breached data telling you how your data is stolen, what happens after it's leaked, how it ends up on hacking forums, and how it's used for harassment, doxing, fraud, and related attacks. Through real case studies and breakdowns of breach marketplaces and search engines, you'll gain a clear understanding of how personal data becomes an intelligence source and understand just how easily your own data can be leveraged against you.

No matter if you use data breach search engines professionally or you've ever searched for your own data and felt uneasy this book is for you. Black Hat OSINT equips you with the mindset to recognize threats, understand the risks behind the results you see, and learn how to reduce your exposure. Whether you're an investigator, developer, journalist, or simply trying to protect yourself, this book gives you the context most people never see and attackers hope you never learn.

Contents

The book consists of a foreword, preface, 14 chapters, and two appendixes.

Click on the chapter to the right and you will be able to read a small excerpt where available. Chapters available for reading are emboldened.

Excerpts of available chapters are only available as early uncorrected drafts.

At present, the raw and unedited excerpts of available chapters are as follows:

- Chapter 5.5: The Story of RaidForums - Chapter 9.1.2: How Images Work Against You

Purchase the Book 

Foreword by Zach Naimon (Principal Product Engineer @ ClickHouse)
    Preface (Why Black Hat OSINT? Who is This Book For?)
        Part I: Understanding Open-Source Intelligence
        1 What is OSINT and What Can You Do With it?
		1.1 What is OSINT?
		1.2 Dissecting Intelligence 
		1.3 OSINT Use Cases
		1.4 Summary
		2 OSINT Operations and Hacking
		2.1 Hacking: A Modern Day OSINT Machine
		2.2 The Basics of Stolen Data and OSINT Operations
		2.3 Beyond the Basics: Harassment & Doxing
		2.4 Summary
		Part II: Your Data as an Intelligence Source
		3 How is Data Stolen?
		3.1 Attack Vectors
			3.1.1 Injection
			3.1.2 Broken Access Control and Cryptographic Failures
			3.1.3 Insecure Design
			3.1.4 Security Misconfiguration
			3.1.5 Vulnerable and Outdated Components
			3.1.6 Identification and Authentication Failures
			3.1.7 Cross-Site Scripting (XSS)
			3.1.8 Cross-Site Request Forgery (CSRF)
			3.1.9 Social Engineering and Other Attack Vectors
		3.2 Data Breach Search Engines and Your Data
		3.3 Summary
		4 What Happens When Data is Stolen?
		4.1 How Did We Come to This?
		4.2 Stolen Data and the Data Breach Ecosystem
		4.3 How Do Hackers Acquire So Many Data Breaches?
		4.4 Stolen Data, OSINT, and Data Breach Search Engines
		4.5 Summary
		5 Real-life War Stories Involving Data Breaches And OSINT
		5.1 Data Breaches and Your Data
			5.1.1 SkidBase
		5.2 Data Breaches, Your Data, and Script Kiddies
		5.3 LeakedSource, WeLeakInfo & co.
		5.4 What to Do When Your Data Becomes Interested in You?
		5.5 The Story of RaidForums
			5.5.1 What was RaidForums?
			5.5.2 The Inception of RaidForums?
			5.5.3 The Role of Twitch, Raiding, and the Birth of RaidForums
			5.5.4 The Entry Towards the Dark
			5.5.5 RaidForums and Leaked Databases
			5.5.6 RaidForums and Law Enforcement
		5.6 Summary
		6 Internals of Data Breach Search Engines
		6.1 What Do Data Breach Search Engines Consist Of?
			6.1.1 Acquiring Data
			6.1.2 Formatting and Parsing Data
			6.1.3 Using Data
			6.1.4 (Not) Sharing and Trading Data
		6.2 Buidling a Data Breach Search Engine
		6.3 Data Breach Search Engines and Privacy Regulations
		6.4 Summary
		7 The Legality of Data Breach Search Engines
		7.1 What Makes a Data Breach Search Engine Illegal? 
		7.2 The Case of LeakedSource
			7.2.1 LeakedSource and LinkedIn
		7.3 Law Enforcement and Data Breach Search Engines
		7.4 Summary
		8 Data Breach Search Engines and OSINT Use Cases
		8.1 Personal Use Cases
		8.2 Academic Assignments
		8.3 Web & Network Forensics
		8.4 Bomb Threats & Terrorism
		8.5 Doxing & Beyond
		8.6 Summary
		Part III: Leveraging Open-Source Intelligence for Privacy
		9 Utilizing OSINT for Tracing and Privacy
		9.1 How Your Data Works Against You
			9.1.1 How Your Email Address Works Against You
			9.1.2 How Images Work Against You
			9.1.3 How Videos Work Against You
			9.1.4 How Phone Calls Work Against You
			9.1.5 "I Can Find Any Location in the Entire World"
		9.2 Web & Network Forensics Revisited
		9.3 Utilizing OSINT to Enhance Privacy
		9.4 How to Determine If You Are at Risk
		9.5 Summary
		10 Operational Security and OSINT
		10.1 What is Operational Security and How Is It Related to OSINT?
		10.2 Practicing Operational Security
		10.3 Browsing Securely
		10.4 Communicating Securely
		10.5 OSINT for Operational Security & Notes
		10.6 Summary
		11 The Essentials of Secure Communications
		11.1 What Makes Communications Secure?
		11.2 Not All Messengers are Secure
		11.3 Encrypted Messengers Explained
		11.4 Privacy, Anonymity, and Security
		11.5 Summary
		12 De-Indexing Your Data
		12.1 What Does De-Indexing Mean?
		12.2 The Right to Be Forgotten and GDPR
		12.3 Marked as Deleted
		12.4 Erasing Your Footprint
		12.5 Recovering and Tracking Footprints
		12.6 What to Do When You're Doxed?
		12.7 Summary
		13 The Art of Disappearing
		13.1 Hiding from Search Engines
			13.1.1 Hiding From Google
			13.1.2 Hiding From Bing!
			13.1.3 Hiding From Data Breach Search Engines
		13.2 Hiding From Resolvers
		13.3 Hiding Your Social Links
		13.4 The Web Archive Will Expose You
		13.5 Privacy Comes with a Price to Pay
		13.6 Emerging OSINT Sources and Their Privacy Implications
		13.7 Automated Monitoring of Breach Data for Privacy Purposes
		13.8 Summary
		14 BreachDirectory and Plagiarism
		14.1 Why a Separate Chapter on This?
		14.2 BreachDirectory.com and BreachDirectory.org
		14.3 Summary
		Appendix A: OSINT Exercises
			15.1 Social Media Profiling
				15.1.1 Social Media Profiling in the Real World
			15.2 OSINT Using Images
			15.2 OSINT Using Location Data
			15.2 OSINT Using Data Breach Data
		Appendix B: Legal Considerations, Hacking Forums, and Co.
			16.1 Data Breaches
			16.2 Using Hacking Forums and Related Services
			16.3 Staying Anonymous Online

Black Hat OSINT

Why Read It?

Black Hat OSINT connects technical security failures with the real-world intelligence abuse that follows them. The book goes beyond vulnerability lists and breach reports to show how stolen data is actually operationalized and how attackers use stolen data for targeting, profiling, and exploitation using OSINT techniques.

Just as importantly, the book reframes OSINT as a defensive skill. It teaches security professionals how to think like adversaries, how to trace breached data across various sources, and assess the downstream impact of a breach on individuals and organizations.

This perspective strengthens threat modeling, incident response, and risk communication, while also reinforcing operational security and privacy awareness. For cybersecurity practitioners who want to understand not just how systems fail, but how those failures are exploited in the wild, Black Hat OSINT fills a critical gap.

You will learn:

  • * How is data stolen: you will understand the techniques attackers use to steal data from applications, websites, and beyond.
  • * How stolen data becomes intelligence: you will learn how breaches evolve into actionable OSINT, and how attackers correlate leaked data with public sources to profile, target, and exploit individuals.
  • * How the data breach ecosystem works: you will learn how breach data is acquired, processed, indexed, and traded, including how data breach search engines work behind the scenes.
  • * Attacker mindset and workflows: You will see how malicious actors think, pivot, and scale their operations after a breach, rather than focusing only on tools or isolated techniques.
  • * How personal data is weaponized against you: You will discover how emails, images, videos, phone calls, and location data are used for tracking, doxing, harassment, fraud, and beyond.
  • * How to reduce exposure and disappear online: You will gain practical insight into operational security, de-indexing, privacy strategies, and minimizing your digital footprint in a world of constant data leaks.