r/blueteamsec is a subreddit with 68k members. The most common kinds of discussions are news and ideas, and the community frequently discusses security, malware, vulnerabilities, analysis, and exploitation.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Our primary home is on Lemmy after the great ban debacle of 2025.
Popular Themes in r/blueteamsec
#1
News
: "Where Have All the Complex Windows Malware and Their Analyses Gone?"
30 posts
#2
Ideas
: "Introducing Package Proxy: supply-chain safety checks without client-side software"
10 posts
#3
Solution Requests
: "KQLab - open-source query manager for SOC teams"
8 posts
#4
Advice Requests
: "Could your choice of metrics be harming your SOC?"
5 posts
#5
Pain & Anger
: "Warning: Deribit silently patches critical security flaws and ghosts the researchers. Can we trust an exchange that hides its vulnerabilities?"
2 posts
Popular Topics in r/blueteamsec
#1
Security
: "Benchmarking Self-Hosted LLMs for Offensive Security"
113 posts
#2
Malware
: "I analyzed 196k+ Sysmon events and found APT29 staging Malware in Temp. Here is my detection logic."
51 posts
#3
Vulnerabilities
: "CVE-2026-45454 — Microsoft SharePoint Server Upload Page Folder Path Traversal to Remote Code Execution"
32 posts
#4
Analysis
: "goodboy-framework: 15-stage Windows malware development & Analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on VirusTotal."
29 posts
#5
Exploitation
: "What are the best risk-based vulnerability management tools for tracking active Exploitation in 2026?"
20 posts
#6
Detection
: "Mini Shai-Hulud (TeamPCP) — same attack pattern, fifth time this year. The Detection-after-publish model is broken."
15 posts
#7
Vulnerability
: "Disclosing PhantomRPC – a privilege escalation Vulnerability in RPC"
14 posts
#8
Ai
: "Oops, I Weaponized the Database: Abusing Ai Features in SQL Server 2025"
14 posts
#9
Threat
: "The Accidental C2: Exploring Dev Tunnels for Remote Access"
12 posts
#10
Phishing
: "Device Code Lab (DCL) — Deep Dive into a Device Code Phishing Toolkit"
11 posts
Flair Used in r/blueteamsec
#1
highlevel summary|strategy (maybe technical)
: "Where Have All the Complex Windows Malware and Their Analyses Gone?"
31 posts
#2
vulnerability (attack surface)
: "RoguePlanet: RoguePlanet Windows Defender Vulnerability"
29 posts
#3
tradecraft (how we defend)
: "VanGuard — open-source single-binary DFIR toolkit (Velociraptor, Hayabusa, Chainsaw, Loki, YARA) with TUI, air-gap support, and 28 pre-built use cases"
25 posts
#4
research|capability (we need to defend against)
: "Benchmarking Self-Hosted LLMs for Offensive Security"
25 posts
#5
discovery (how we find bad stuff)
: "One KQL query you should have saved in your toolkit (most don’t)"
19 posts
#6
incident writeup (who and how)
: "CrowdStrike LogScale queries I use to detect LOLBin- built from 10 years of production SOC work"
17 posts
#7
intelligence (threat actor activity)
: "BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME."
14 posts
#8
low level tools|techniques|knowledge (work aids)
: "KQLab - open-source query manager for SOC teams"
11 posts
#9
exploitation (what's being exploited)
: "CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox"
7 posts
#10
malware analysis (like butterfly collections)
: "Living off the Land with VS Code: Inside a Sophisticated Phishing Campaign"
6 posts
Member Growth in r/blueteamsec
Yearly
+14k members(26.4%)
Similar Subreddits to r/blueteamsec
r/blackhat
113k members
10.0% / yr
r/cybersecurity
1.5M members
19.8% / yr
r/cybersecurity_
624 members
110.8% / yr
r/cybersecurity_news
15k members
30.3% / yr
r/hacking
3.0M members
4.1% / yr
r/Infosec
37k members
28.0% / yr
r/netsec
563k members
6.8% / yr
r/pwnhub
35k members
423.0% / yr
r/SecOpsDaily
11k members
522.6% / yr
r/websec
8k members
2.1% / yr
About
GummySearch helps people research Reddit communities by organizing activity, growth, themes, and post-level signals into one place.
This page gives a focused view of r/blueteamsec, including current member size, discussion patterns, product reviews, and related communities to explore.
This data is synced periodically so insights stay current and useful for ongoing research.
Last updated: June 16, 2026