Latest insights, techniques, and updates from the IRIS C2 team
A fully-featured exploitation module for the critical React Server Components vulnerability enabling unauthenticated Remote Code Execution through react-server-dom-webpack.
SLAYBELL is a holiday-themed social engineering delivery system built into IRIS C2. It packages your payload inside a convincing corporate theme installer for Slack or Microsoft Teams.
An in-depth technical exploration of MANTIS's pure position-independent shellcode architecture, advanced evasion techniques, and why it represents a fundamental departure from traditional C2 frameworks.
JAVELIN enables operators to deliver MANTIS stage zero shellcode into memory without triggering AV/EDR/XDR. Features polymorphic compilation, DLL proxying, and advanced file masquerading techniques.
NIGHTSHADE translates transient exploits into durable implants that survive process churn, exposing fine‑grained memory and traffic controls while integrating with IRIS for command, auditing, and rollback.
The DOPPEL BOF Suite transforms Matthew Eidelberg's groundbreaking FaceDancer research into production-ready, stealthy post-exploitation capabilities for IRIS C2.
A comprehensive analysis of an advanced macOS implant featuring runtime polymorphism, sophisticated evasion techniques, and APT-grade capabilities.
A comprehensive guide to advanced fileless tradecraft using IRIS C2's C2 Operations tab. Learn how to orchestrate evasion across wire, memory, behavior, and artifacts.
Just hours after Eye Security broke the news about CVE-2025-53770, IRIS C2 customers already have access to a fully-featured exploitation module.
