// Research & Updates

IRIS C2 Blog

Technical deep dives, capability announcements, and operational tradecraft from the IRIS C2 research team.

ExploitsDecember 3, 2025

CVE-2025-55182 Exploitation Module Now Live in IRIS C2

A fully-featured exploitation module for the critical React Server Components vulnerability enabling unauthenticated Remote Code Execution through react-server-dom-webpack.

Social EngineeringDecember 2025

SLAYBELL: Sending a Javelin Down the Chimney with IRIS C2

SLAYBELL is a holiday-themed social engineering delivery system built into IRIS C2. It packages your payload inside a convincing corporate theme installer for Slack or Microsoft Teams.

Technical Deep DiveNovember 23, 2025

MANTIS: A Deep Dive Into IRIS C2's Flagship Windows Agent

An in-depth technical exploration of MANTIS's pure position-independent shellcode architecture, advanced evasion techniques, and why it represents a fundamental departure from traditional C2 frameworks.

Payload GenerationNovember 16, 2025

JAVELIN: Fully Undetectable Windows Shellcode Loader Now Available in IRIS C2

JAVELIN enables operators to deliver MANTIS stage zero shellcode into memory without triggering AV/EDR/XDR. Features polymorphic compilation, DLL proxying, and advanced file masquerading techniques.

Post-ExploitationSeptember 26, 2025

NIGHTSHADE: Post‑Exploitation Tradecraft for Cisco Infrastructure

NIGHTSHADE translates transient exploits into durable implants that survive process churn, exposing fine‑grained memory and traffic controls while integrating with IRIS for command, auditing, and rollback.

BOF DevelopmentAugust 24, 2025

DOPPEL: Advanced DLL Proxying BOFs Now Available in IRIS C2

The DOPPEL BOF Suite transforms Matthew Eidelberg's groundbreaking FaceDancer research into production-ready, stealthy post-exploitation capabilities for IRIS C2.

macOS ImplantAugust 23, 2025

IRIS C2 Releases Driftwood: A Cutting-Edge MacOS Implant

A comprehensive analysis of an advanced macOS implant featuring runtime polymorphism, sophisticated evasion techniques, and APT-grade capabilities.

EDR EvasionAugust 16, 2025

Evading EDR with IRIS C2: A Practitioner's Guide to Fileless Operations

A comprehensive guide to advanced fileless tradecraft using IRIS C2's C2 Operations tab. Learn how to orchestrate evasion across wire, memory, behavior, and artifacts.

ExploitsJuly 21, 2025

IRIS C2 Delivers Day-Zero SharePoint Exploit Module for CVE-2025-53770

Just hours after Eye Security broke the news about CVE-2025-53770, IRIS C2 customers already have access to a fully-featured exploitation module.