IRIS C2
@C2IRIS
Followers
782
Following
503
Media
62
Statuses
388
The world's most advanced offensive cyber platform
Tyson's Corner, VA
Joined January 2025
Some will say “Why do you even need Kernel exploits? Just do phishing and get a user-mode agent!” Trust me. I get. Over in RedTeamFirm, LLC-land, you are completely correct. But there still exists some very real use-cases for Ring 0 rootkits in Windows.
Developing truly weapons-grade Windows kernel exploits (as opposed to POCs that spray & pray and work 30% of the time, even when there’s perfect conditions/no EDR running) is actually exceptionally tough these days Microsoft definitely has their top minds working in kernel-land
0
0
1
Developing truly weapons-grade Windows kernel exploits (as opposed to POCs that spray & pray and work 30% of the time, even when there’s perfect conditions/no EDR running) is actually exceptionally tough these days Microsoft definitely has their top minds working in kernel-land
0
0
1
Exactly. First of all, it rejects 99% of prompts related to security research, no matter how legitimate they are. And even when it does provide a response, it’s completely lackluster You can explain to it exactly what you want and how you want it, and it will produce garbage
“Professional Capture-the-flag Challenges” It comes no way solving pwn in any 90+ rated ctf competition
0
0
1
If anybody has a POC for this, we’ll buy it. CTO@IRISC2[.]com
New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock - @billtoulas
https://t.co/P2BCoCdyru
https://t.co/P2BCoCdyru
0
0
2
IRIS C2 is powered, in large part, by a vast global network of highly talented vulnerability researchers who realized that 90% of bug bounties are a scam. So instead, they sell to us.
1
0
4
This is very true.
If you're forced to use UNSAFE to make your Rust construct work, you should probably just be writing in C++ instead.
0
0
1
If the attacker is sophisticated enough be running a Ring 0 rootkit against you, then they are certainly sophisticated enough to bypass CFG.
0
0
2
When it comes to finding very talented developers: Discord/X > LinkedIn
0
0
7
Our new co-pilot 2.0 can access all the features of the platform. It's going to be very cool. Or, you can just point and click like usual. Whatever you want. AI is great. But we will never shove it down your throat.
0
0
2
The accelerometer and gyroscope data APIs seem under-utilized in iOS. It seems like more apps used to incorporate these.
0
0
0
Built our own CRM in-house in a handful of hours. It was far easier than dealing with nitwit salespeople.
0
0
1
Excellent book if you’re into reading jargon-filled nonsensical drivel.
0
0
8
Oh look… Another one of the ~150-200 different priv-esc vuln that are being actively exploited in the wild at any given time. It’s almost at the point where we may as well just classify Linux as an “admin-only” system, given that privilege escalation to root is so trivial.
Linux Kernel netfilter: ipset: Missing Range Check LPE
0
0
5
Our iOS agent is all but done. We’re ironing a few last little bugs that only present when you actually walk around and live with an iPhone that has the agent installed.
2
2
10
Playing with our Secure Boot bypasses + UEFI Bootkit on this chilly Saturday
1
4
86
