IRIS C2 Blog

Latest insights, techniques, and updates from the IRIS C2 team

Post-ExploitationSeptember 26, 2025

NIGHTSHADE: Post‑Exploitation Tradecraft for Cisco Infrastructure

NIGHTSHADE translates transient exploits into durable implants that survive process churn, exposing fine‑grained memory and traffic controls while integrating with IRIS for command, auditing, and rollback.

Deception TechnologyAugust 26, 2025

HoneyPottr: A Practical Architecture for Making Malware Defeat Itself

A small Windows background service that shapes the local environment so that cautious malware concludes it has landed in a honeypot and quietly removes itself.

BOF DevelopmentAugust 24, 2025

DOPPEL: Advanced DLL Proxying BOFs Now Available in IRIS C2

The DOPPEL BOF Suite transforms Matthew Eidelberg's groundbreaking FaceDancer research into production-ready, stealthy post-exploitation capabilities for IRIS C2.

macOS ImplantAugust 23, 2025

IRIS C2 Releases Driftwood: A Cutting-Edge MacOS Implant

A comprehensive analysis of an advanced macOS implant featuring runtime polymorphism, sophisticated evasion techniques, and APT-grade capabilities.

EDR EvasionAugust 16, 2025

Evading EDR with IRIS C2: A Practitioner's Guide to Fileless Operations

A comprehensive guide to advanced fileless tradecraft using IRIS C2's C2 Operations tab. Learn how to orchestrate evasion across wire, memory, behavior, and artifacts.

ExploitsJuly 21, 2025

IRIS C2 Delivers Day-Zero SharePoint Exploit Module for CVE-2025-53770

Just hours after Eye Security broke the news about CVE-2025-53770, IRIS C2 customers already have access to a fully-featured exploitation module.