r/blueteamsec is a subreddit with 69k members. The most common kinds of discussions are solution requests and advice requests, and the community frequently discusses ransomware, cve, sentinel, exploit, and windows.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Our primary home is on Lemmy after the great ban debacle of 2025.
Popular Themes in r/blueteamsec
#1
Solution Requests
: "Built a free tool/site that turns threat-intel articles into detection rules (KQL/Sigma/SPL) mostly for fun, would love to know if it's actually useful to anyone"
2 posts
#2
Advice Requests
: "I need help again after pass BTL1"
2 posts
#3
Self-Promotion
: "Check Out My New Security Vulnerability Site for Network/Infrastructure Engineers"
1 post
Popular Topics in r/blueteamsec
#1
Ransomware
: "How I broke Rhysida Ransomware encryption"
4 posts
#2
Cve
: "Exploitation of CitrixBleed 2 (Cve-2025-5777) Began Before PoC Was Public"
4 posts
#3
Sentinel
: "I built a read-only tool for finding SIEM detections that are silently blind. Looking for Sentinel input."
3 posts
#4
Exploit
: "Not very gentlemanly: Analyzing a zero-day Exploit used by The Gentlemen ransomware to disable targets’ EDRs"
3 posts
#5
Windows
: "The BYOVD Epidemic: How Attackers Are Weaponizing Trusted Windows Drivers to Kill Security"
3 posts
#6
Poc
: "Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before Poc Was Public"
2 posts
#7
Cloudflare
: "Fake Google and Cloudflare verification pages spread multiple malware families"
2 posts
#8
Driver
: "Multiple Local Privilege Escalation Vulnerabilities in Little Orbit GFAC Driver (GFAC_Sys_x64.sys)"
2 posts
#9
Stealer
: "PamStealer: a Rust-based macOS infoStealer that validates credentials through PAM"
2 posts
#10
Cobalt Strike
: "GeoLocation_BOF: Cobalt Strike BOF to obtain location data"
2 posts
Flair Used in r/blueteamsec
#1
intelligence (threat actor activity)
: "The Gentlemen are knocking: сustom backdoors and evolving tactics"
18 posts
#2
research|capability (we need to defend against)
: "Accelerating EDR Evasion with LLM-Driven Analysis"
18 posts
#3
vulnerability (attack surface)
: "It’s 37oC, And All We Can Think About Is ColdFusion (Adobe ColdFusion Security Bulletin APSB26-68 CVE Bonanza) - watchTowr Labs"
11 posts
#4
highlevel summary|strategy (maybe technical)
: "Alleged Member of Criminal Cyber Hacking Group “Scattered Spider” Arrested in Finland and Extradited to the United States"
9 posts
#5
low level tools|techniques|knowledge (work aids)
: "I built a read-only tool for finding SIEM detections that are silently blind. Looking for Sentinel input."
9 posts
#6
malware analysis (like butterfly collections)
: "Dropping Malware through Dependencies in VS Code: Inside the jsononifier npm Dropper"
7 posts
#7
tradecraft (how we defend)
: "The Blind Spot in the Watchtower: Detections for When Someone Attacks Your Sentinel"
6 posts
#8
idontknowwhatimdoing (learning to use flair)
: "I need help again after pass BTL1"
4 posts
#9
discovery (how we find bad stuff)
: "Knossos: Procedurally Generated Decoy Environments"
4 posts
#10
exploitation (what's being exploited)
: "Not very gentlemanly: Analyzing a zero-day exploit used by The Gentlemen ransomware to disable targets’ EDRs"
3 posts
Member Growth in r/blueteamsec
Yearly
+14k members(26.5%)
Similar Subreddits to r/blueteamsec
r/AskNetsec
257k members
13.8% / yr
r/blackhat
114k members
10.0% / yr
r/cybersecurity
1.5M members
19.9% / yr
r/hacking
3.0M members
4.2% / yr
r/Infosec
37k members
28.5% / yr
r/netsec
566k members
6.9% / yr
r/pwnhub
39k members
430.0% / yr
r/SecOpsDaily
12k members
560.1% / yr
r/SecurityIntelligence
125 members
81.2% / yr
r/vrd
9k members
0.9% / yr
About
GummySearch helps people research Reddit communities by organizing activity, growth, themes, and post-level signals into one place.
This page gives a focused view of r/blueteamsec, including current member size, discussion patterns, product reviews, and related communities to explore.
This data is synced periodically so insights stay current and useful for ongoing research.
Last updated: July 7, 2026