Latest insights, techniques, and updates from the IRIS C2 team
An in-depth technical exploration of MANTIS's pure position-independent shellcode architecture, advanced evasion techniques, and why it represents a fundamental departure from traditional C2 frameworks.
JAVELIN enables operators to deliver MANTIS stage zero shellcode into memory without triggering AV/EDR/XDR. Features polymorphic compilation, DLL proxying, and advanced file masquerading techniques.
NIGHTSHADE translates transient exploits into durable implants that survive process churn, exposing fine‑grained memory and traffic controls while integrating with IRIS for command, auditing, and rollback.
A small Windows background service that shapes the local environment so that cautious malware concludes it has landed in a honeypot and quietly removes itself.
The DOPPEL BOF Suite transforms Matthew Eidelberg's groundbreaking FaceDancer research into production-ready, stealthy post-exploitation capabilities for IRIS C2.
A comprehensive analysis of an advanced macOS implant featuring runtime polymorphism, sophisticated evasion techniques, and APT-grade capabilities.
A comprehensive guide to advanced fileless tradecraft using IRIS C2's C2 Operations tab. Learn how to orchestrate evasion across wire, memory, behavior, and artifacts.
Just hours after Eye Security broke the news about CVE-2025-53770, IRIS C2 customers already have access to a fully-featured exploitation module.
