Reddit, the centralized community platform founded in 2005, is a massive social media platform, ranked as the 18th-most-visited website in the world and 7th most-visited website in the U.S. The site enjoys 52 million daily active users, and like most other areas of special interest, the cybersecurity community has taken the platform to heart. There are many subreddits dedicated to cyber news, hacking tutorials, reverse engineering and more.
Reddit’s format offers infosec and cybersecurity users the chance to really dig deep into a topic in a way that is perhaps more natural than Twitter threads or even Telegram groups. Whether it’s keeping up with breaking and developing news in cybersecurity, asking questions about malware, penetration testing, detection tools or vulnerabilities, picking up new tips for red teaming, blue teaming or learning about what’s happening at the next big cybersecurity conference, you’re bound to find a subreddit that fits your needs.
Like most social media platforms, Reddit has its own ‘netiquette’ rules, aka reddiquette, but be aware that each subreddit also defines its own rules (prominently displayed in the sidebar) in addition that participants need to be aware of.
If you haven’t yet discovered all that Reddit has to offer for cybersecurity and infosec professionals, then this is the post for you. Here’s our list of the top 50 subreddits for cybersecurity and infosec professionals.
This relatively new subreddit offers cybersecurity career, training and education resources for “Digital Defenders”. Largely a curated list of links, AccessCyber is a useful source of info for anyone looking to improve or develop their skills, from beginners to those branching out into any of infosec’s many specialist areas.
Billing itself as “the unofficial Apple community”, r/apple boast an incredible 2.6 million members. While the focus here is on news, rumors, opinions and analysis pertaining to Apple, its devices and software, there’s a number of useful flairs like the Daily Advice Thread, which can be used to ask for technical advice. Want to learn how to send your Watch or iPhone a message from your Mac when some long running Terminal job completes? Yep, you’ll find that and many other goodies here.
The AskNetsec subreddit takes a Q&A format and offers a place to ask questions about information security and network security from an enterprise perspective. With over 150k members you have access to a lot of expertise in one place for all your infosec questions. This subreddit is also worth browsing as it contains a mine of information about both common and esoteric problems such as “Is there any way to download Cobalt Strike from the command line?” and “PHP command injection without $_POST or $_GET?”
Malware in proprietary app stores is one of those nasty problems that can really hurt, as both users (and sometimes security software) have a poor habit of trusting software that comes from, well, trusted sources. Google’s Play Store has had more than its fair share of this problem over the years to the point where there’s a dedicated subreddit, BadApps, for discussing and coordinating the reporting of such “bad apps” to the Play Store.
If vulnerabilities and exploitation are your thing, then you need to head over to the r/blackhat subreddit without delay. Here you’ll find a library of hacking techniques and research on all the latest attacks as well as more general topics like how to track the source of an image when google reverse image search doesn’t work, cryptography for pentesters, and links to both free and paid hacking tutorials and courses. This subreddit also has an IRC-style web chat site for live discussions.
The r/blueteamsec subreddit focuses on technical intelligence, research and engineering to help blue and purple teams defend their estates. Some of the useful flairs include tradecraft (how we defend), intelligence (threat actors) and a Q&A flair for questions called help me obiwan (ask the blueteam). With over 16,000 “hunters” and “analysts”, it’s a community every blue teamer should consider joining.
If you’re thinking about becoming a Certified Information Systems Security Professional then you are going to want to see what you can learn from r/cissp and its nearly 40,000-strong community. This subreddit covers issues, questions and materials regarding studying, writing, and working with the CISSP exam certification.
CompTIA is one of those certs that prospective employers will either ask for or be pleased to see on your resumé. There’s apparently over 1 million certified CompTIA professionals out there, but don’t think that means the exams are easy. Underestimating the difficulty of the exams and the amount of study required is a common cause of failure. However, over at r/CompTIA, they’ve got you covered. From the “looking to get certified,” to conversations and questions from current students, this subreddit is dedicated to CompTIA certifications.
If computer forensics and DFIR are your thing, then check out r/computerforensics. Dedicated to the branch of forensic science encompassing the recovery and investigation of material found in digital devices, this subreddit is not limited to just personal computers and encompasses all media that may also fall under digital forensics (such as cellphones and video). Recent hot topics include “New Windows 10 artifact found/explored #EventTranscript.db (1 of 5 posts)” and “Disk encryption on analysis workstations / Windows 11 testing”.
The Computer Security subreddit provides a curated list of links to IT security news, articles and tools as well as a place to ask cybersecurity-related questions. Questions here span the basics like “How can I best protect my PC on a home network?” to the technical such as “Can I create a secure port from my cable-supplied router”. With almost 30,000 members, there’s certain to be a slew of answers for any well-crafted question.
This technical subreddit covers the theory and practice of modern cryptography, with a focus on strong algorithms and implementation. There are nearly 200,000 members discussing the “art of creating mathematical assurances for who can do what with data, including but not limited to encryption of messages such that only the keyholder can read it”.
The r/cyber subreddit bills “Cyber” as “the 5th Domain of Warfare”, and given the geopolitical, corporate and intelligence aspects of cyber security in recent years, that’s no overstatement. This community was founded back in 2010 from an abandoned subreddit and recently hit 10,000 members. Here you’ll find a mix of posts revolving around APTs, government policy, breach organizations, and law enforcement alerts from the likes of CISA, the FBI and more.
If you are interested in the intersection between computing and the law, then r/cyberlaws and its 34,000 or so members is your next stop. Dedicated to legal news linked to technology, its remit covers computer crime, copyright, privacy, free speech, intellectual property, net neutrality and more. You’ll also find here posts listing cyber law courses you can take as well as both news articles and questions like “are clickbots legal for use on your own website?”.
Another general community hangout for those that are current or aspiring technical professionals seeking to discuss cybersecurity, careers, developing threats and pretty much anything else pertaining to the ever expanding domain of cybersecurity. The r/cybersecurity subreddit aims to be “business-oriented” to handle questions from professionals and from students aiming to become professionals in the field of cybersecurity. With 275,000 members, there’s something for everyone looking to get into infosec here.
In contrast to r/cybersecurity for professionals, r/Cybersecurity101 is the place to head for discussion of beginner topics concerning cybersecurity and privacy from a home, family and personal perspective. Basic questions like “Am I being keylogged” and “Does my PC have malware, a keylogger or a RAT on it” are common themes as well as similar concerns relating to mobile devices. If you’re concerned about your personal device security and not sure where to turn, this is the subreddit for you.
If you’re looking for a new gig or just getting into the world of infosec, then r/CyberSecurityJobs should be on your list of regular stops. This subreddit has the latest jobs in Information Security, covering current job listings in cybersecurity, digital forensics, incident response and related fields. There’s also a “Mega-Thread” where job seekers are welcome to post in the commumity to attract potential employers.
The datarecovery subreddit exists as a place to discuss the ins and outs of data recovery, both logical and physical. The moderators warn that discussion is primarily aimed at education and information and that DIY datarecovery is a risky business (tl;dr: go to a pro!). That said, this subreddit is filled with useful tips and tricks as well as advice on how to find a data recovery specialist.
This subreddit caters for those interested in discussing computer hacking done for ethical purposes. There are flairs for newcomers as well as careers, but the majority of discussion will introduce or develop your knowledge of topics like wifi hacking, web vulnerabilities, pen testing, social engineering and essential tools like Kali Linux and Metasploit.
The exploitdev subreddit is the place to be for anyone interested in exploit development. Posts cover the whole spectrum of exploitation topics from basic beginners’ guides to advanced questions on shellcode and return-oriented programming. Whether you are interested in learning about buffer overflows, binary exploitation, fuzzing, or developing your CTF skills, you’ll find plenty of interest in this subreddit.
Over at r/fulldisclosure you will find a wealth of information related to breaches, data leaks, exploits, vulnerabilities and both informed and uninformed disclosures and zero days. Somewhat controversially, this subreddit declares that it will not remove posts on zero-day exploits. Fortunately, this forum doesn’t have a lot of traffic, but since it has been around since 2012 it provides an interesting and useful archive for researchers.
If you like to mix your hacking interests with politics then hacktivism subreddit r/HackBloc may be for you. This community promotes itself as covering all interests relating to Hacktivism, Crypto-anarchy, Darknets and Free Culture and claims to be “proudly feminist, Anarchist, Anti-Capitalist, Anarchist hackers”. That should give you a fairly clear indication of whether it’s for you. If the answer is yes, you should find plenty of help and common interest among its 23,000 members.
The r/hackers subreddit shines a light on the most recent, interesting, and historical hacks. Topics are not necessarily technical and can also cover social engineering, commonly the most effective way to gain access to someone’s account. This community is not a Q&A help forum (see some of our other picks in this guide) but mainly caters to an audience seeking detailed news.
Hackersec bills itself as a place to learn, interact and share information on Cybersecurity, CTFs, programming, cryptography, anonymity and other security-focused topics. The mods are keen to point out that the community does not welcome questions asking for help hacking in the sense of recruiting others and posts offering hacking services are likely to be banned. Welcome content includes technical how-to guides, infosec developments and newbies trying to learn fundamentals.
The hacking subreddit is dedicated to hacking and hackers. Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security. This community has an incredible 1.9 million members and is never short of interesting questions from broad advice on how to start malware analysis to specific areas like how to embed custom code inside USB device memory.
Hacking Tutorials is a subreddit where members can post various resources that discuss and teach the art of hacking and pentesting while staying ethical and legal. There is a pinned post on how to get started as well as a list of useful websites. If you’re looking for a guided intro to something in infosec, this subreddit is a good place to start.
This subreddit is an outlet for the Zempirian wargaming community, which aims to provide challenges to teach various hacking skills to the public. r/HowToHack has a stunning 390,000 members and includes filters for hacking, pentesting, exploiting and script kiddie topics. Recent posts include questions like ‘What is your next step after gaining access to a network?’ and ‘Posting my Progress on Becoming an Ethical Hacker / Pen-tester’.
The Invisible Internet Project (I2P) is a fully encrypted, decentralized private network layer that aims to protect user activity and location, and r/i2p is the subreddit dedicated to information and discussions related to the I2p anonymous network. All your questions on how to set up and get I2P to work are welcome here.
Another general infosec subreddit, r/Information_Security is dedicated to providing information security news, analysis and links to blog posts as well as member questions. Recent topics include questions like ‘what is the best way to break into infosec for someone with my experience?’ and ‘Can Cisco VPN track/monitor my traffic on a personal device when disconnected?’ Almost 18,000 members ensure plenty of fresh traffic.
This subreddit is designed for users to post the latest Information Security related news and articles from around the Internet. The subreddit is intended to provide a location one can come and receive updated security news including security, privacy, and other security related industries or topics.
We’ve lost count of how many IoT devices there are predicted to be on the Internet by 2025, but it’s somewhere in the region of 30 billion units. Surprisingly, a couple of existing IoT security subreddits [1, 2] are not well populated, but r/IoT has a strong community of over 30,000 members where you can ask and learn about all things IoT related, including IoT security.
The r/ISO27001 subreddit aims to bring together like-minded professionals who want to network, discuss hot, relevant or important topics and contribute to an active ISO27001 community. Here you’ll find intro topics such as ‘I’m a new traveler on the ISO27001 journey’ as well as plenty of links to ISO27001 training and certification.
Security on macOS is of increasing importance particularly in the Enterprise. Although the r/MacOS isn’t a dedicated macOS cybersecurity subreddit, with 186,000 members it is one of a number of places where new security issues can get an early mention and is worth keeping an eye on if you’re trying to stay ahead of new and developing threats for Apple’s desktop platform.
This subreddit is definitely one for all you Mac admins out there. Here you’ll find lots of useful posts related to Mac administration, scripting, configuration profiles, remote management, firewalls, networking, MFA, and other topics that impact macOS security.
The r/malware subreddit is a community for malware reports and information and enjoys a healthy 53,000+ members. Here you’ll find a wealth of information on the latest threats, and the forum is also a great place to ask your own questions, find things like phishing analysis tools or just discover general malware resources.
If you’re using or thinking about using a Managed Services Provider in your organization, then msp is a subreddit for you. This community is heavily Q&A based with a lot of traffic from people seeking solutions to a wide variety of issues. With 113,000 members, there’s also lots of answers and this is definitely a friendly community where you can get help fast.
The r/netsec subreddit is a community for technical news and discussion of information security and closely related topics. This site is heavy on links to community-created tools available from github and similar repositories for all manner of useful scripts and programs to solve common and not so-common security problems.
The r/netsecstudents subreddit is for students or anyone studying Network Security. This is the place to ask questions regarding your netsec homework, or perhaps you need resources for certain subjects, either way you’ll find them here! Users are welcom to contribute their own nfo or resources, too.
This small community of around 6,000 doesn’t seem to have a lot of traffic at the moment, but it has been around since 2011 so there’s a wealth of useful archive material on enterprise and business network security topics, data centers, VPNs and related netsec topics.
The opendirectories is a subreddit for data hunters. Whether you’re looking for manuals on old computers or lab equipment, or desperate to find some obscure ebook, then this subreddit listing unprotected directories of images, videos, music, software and otherwise interesting files is a good place to start.
Another general Mac related subreddit, this community has been around since 2008 (that’s OSX 10.5 Leopard era) and is another great place to keep up with what’s happening in the Mac world or to ask questions. While there’s definitely an emphasis on people running pre-macOS versions of Apple’s Desktop system, there’s still plenty of help requested and given for the newer versions and the newer M1 hardware.
Cruising at over 1.2 million members, there’s no mistaking that the r/privacy community is a popular and important place to swap news and join discussions around the intersection of technology, privacy and freedom in the digital world.
The r/pwned subreddit discusses news of recent breaches, leaked or stolen data, and other examples of pwnage affecting the confidentiality or integrity of data. You can filter by industry such as Finance, Technology, Healthcare and Government.
This subreddit is dedicated to red and blue teaming content including malware, tradecraft, and reverse engineering. Aside from links to breaking stories and helpful articles there’s also plenty of links to shared tools, techniques and github projects aimed at red and blue teams.
If you are interested in reverse engineering, then regames could be the ideal place for you. This is a subreddit for those who enjoy reverse engineering games, figuring out how they work, defeating cheat detection, and all of the other fun things that advanced problem solving gives.
With 110,000 members and a history that stretches back to 2008, the r/ReverseEngineering subreddit is the granddaddy of all things RE on Reddit. This amazing subreddit has a RE Weely Questions Thread, Triannual Hiring Thread and offers a moderated community dedicated to all things reverse engineering. An absolute must for all who like taking software (and other things) apart.
This subreddit bills itself as “like CSCareerQuestions, only cooler. Its 9,000 members offer a place to connect those seeking to learn with those who have walked the path before. Ask questions about cybersecurity careers here, and mentors can choose to answer as they have time.
Capture the Flag competitions are a hallmark of the uber-hacker and there’s no better subreddit to hang out for CTF folks than securityCTF. Here you’ll find news and links to wargames, CTF tournaments, tutorials and walkthroughs for challenges on HackTheBox and other platforms.
The TOR subreddit boasts almost 180,000 users dedicated to news and discussion around the TOR anonymity software. This forum covers everything from setting up your initial TOR instance to concerns about the most anonymous and secure way to setup and use The Onion Router software.
As applications and services move to the web, avoiding web vulnerabilities such as XSS and CSRF becomes critical, and that’s where the r/websecurity subreddit comes in. Here you’ll find links and discussions on the development and maintenance of secure websites, for website owners, developers and pentesters.
An A-Z of cybersecurity communities wouldn’t be complete without the last letter of the alphabet, and taking up our final spot is r/zeroday (what else?). This is a small community of around 2500 members focused mainly on links to published exploits and breaking news about new vulnerabilities.
And that rounds up our tour of the top 50 cybersecurity subreddits. There’s something for everyone from CISOs and CIOs to SOC analysts, malware hunters, penetration testers, reverse engineers and more. What’s your favorite subreddit? Did we miss it in our list? Share with us on LinkedIn, Twitter, YouTube or Facebook.