Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hugsy/CFB

Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
https://github.com/hugsy/CFB

fuzzing hooking irp irp-monitor kernel vulnerability-research windows windows-driver

Last synced: 21 days ago
JSON representation

Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.

Awesome Lists containing this project

README 

        




  logo






  Build main

  Build dev

  Discord




## Idea



**Canadian Furious Beaver** is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts:



1. the "Broker" combines both a user-land agent and a self-extractable driver (`IrpMonitor.sys`) that will install itself on the targeted system. After installing the driver, the broker will expose a TCP port listening (by default, on TCP/1337) and start collecting IRP from hooked drivers. The communication protocol was made to be simple by design (i.e. not secure) allowing any [3rd party tool](https://github.com/hugsy/cfb-cli) to dump the driver IRPs from the same Broker easily (via simple JSON messages).



2. the clients can connect to the broker, and will receive IRPs as a JSON message making it easy to view, or convert to another format.



## Why the name?



Because I had no idea for the name of this tool, so it was graciously generated by [a script of mine](https://github.com/hugsy/stuff/tree/master/random-word).