Billy O'Sint
@billy-o-sint.bsky.social
Thinking out loud about OSINT, threat assessment, and investigative research. Cleared security background. Open to new opportunities
1/ 🧵 THREAD: OSINT Beyond Google — When Other Search Engines Matter
Google is powerful — but it isn’t neutral, complete, or universal.
Good OSINT means knowing when not to use Google. 🧵👇
Google is powerful — but it isn’t neutral, complete, or universal.
Good OSINT means knowing when not to use Google. 🧵👇
February 5, 2026 at 3:01 PM
1/ 🧵 THREAD: OSINT Beyond Google — When Other Search Engines Matter
Google is powerful — but it isn’t neutral, complete, or universal.
Good OSINT means knowing when not to use Google. 🧵👇
Google is powerful — but it isn’t neutral, complete, or universal.
Good OSINT means knowing when not to use Google. 🧵👇
🧵 THREAD: Google Search Operators for Investigations
1/
If you do investigations, threat research, or OSINT and don’t use Google search operators, you’re leaving evidence on the table.
This isn’t about being clever. It’s about being precise.
1/
If you do investigations, threat research, or OSINT and don’t use Google search operators, you’re leaving evidence on the table.
This isn’t about being clever. It’s about being precise.
February 4, 2026 at 9:21 PM
🧵 THREAD: Google Search Operators for Investigations
1/
If you do investigations, threat research, or OSINT and don’t use Google search operators, you’re leaving evidence on the table.
This isn’t about being clever. It’s about being precise.
1/
If you do investigations, threat research, or OSINT and don’t use Google search operators, you’re leaving evidence on the table.
This isn’t about being clever. It’s about being precise.
🧵 When a sockpuppet goes wrong (a cautionary OSINT story)
1/
Quick story from the OSINT world as a follow up. Nothing flashy, no movie-plot twists — just how a “simple” sockpuppet broke an investigation.
1/
Quick story from the OSINT world as a follow up. Nothing flashy, no movie-plot twists — just how a “simple” sockpuppet broke an investigation.
OSINT often talks about “sockpuppets” as a tradecraft tool—but before we dive into how to create them, it’s critical to understand why and when you should even consider them. Thread 🧵
👉 osintteam.blog/the-ultimate...
👉 osintteam.blog/the-ultimate...
The Ultimate Guide to Sockpuppets in OSINT: How to Create and Utilize Them Effectively
Introduction
osintteam.blog
February 4, 2026 at 2:50 PM
🧵 When a sockpuppet goes wrong (a cautionary OSINT story)
1/
Quick story from the OSINT world as a follow up. Nothing flashy, no movie-plot twists — just how a “simple” sockpuppet broke an investigation.
1/
Quick story from the OSINT world as a follow up. Nothing flashy, no movie-plot twists — just how a “simple” sockpuppet broke an investigation.
OSINT often talks about “sockpuppets” as a tradecraft tool—but before we dive into how to create them, it’s critical to understand why and when you should even consider them. Thread 🧵
👉 osintteam.blog/the-ultimate...
👉 osintteam.blog/the-ultimate...
The Ultimate Guide to Sockpuppets in OSINT: How to Create and Utilize Them Effectively
Introduction
osintteam.blog
February 3, 2026 at 6:31 PM
OSINT often talks about “sockpuppets” as a tradecraft tool—but before we dive into how to create them, it’s critical to understand why and when you should even consider them. Thread 🧵
👉 osintteam.blog/the-ultimate...
👉 osintteam.blog/the-ultimate...
🧵Recent Notepad++ issues are a reminder that not all “vulnerabilities” are code flaws. In this case, attackers targeted the update delivery path, turning a trusted process into the attack surface.
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.
thehackernews.com
February 3, 2026 at 3:37 PM
🧵Recent Notepad++ issues are a reminder that not all “vulnerabilities” are code flaws. In this case, attackers targeted the update delivery path, turning a trusted process into the attack surface.
Not every hostile post is a threat. Context, capability, and escalation matter. Treating noise as danger can be as harmful as ignoring real risk—especially in threat assessment work.
February 3, 2026 at 3:17 PM
Not every hostile post is a threat. Context, capability, and escalation matter. Treating noise as danger can be as harmful as ignoring real risk—especially in threat assessment work.
1/2 It's been a long time since I've used social media for anything beyond information gathering, but today that changes. After 9 years, on Friday I was laid off due to lost contracts at my company. A company where I worked in cybersecurity, information security, personnel security, and facility
February 3, 2026 at 2:39 PM
1/2 It's been a long time since I've used social media for anything beyond information gathering, but today that changes. After 9 years, on Friday I was laid off due to lost contracts at my company. A company where I worked in cybersecurity, information security, personnel security, and facility