Snowflake red-team iter-5 — healthcare overlay, detection honesty pass, Chains K/L/M

CLAUDE.md

@@ -107,13 +107,13 @@ The report at `reports/snowflake-platform-assessment/` is a set of linked static
 → [tools/lateral-movement/sccm-abuse/README.md](tools/lateral-movement/sccm-abuse/README.md) — SCCM ELEVATE1/2
 → [tools/lateral-movement/azure-arc/README.md](tools/lateral-movement/azure-arc/README.md) — Azure Arc MSI pivot
 → [tools/lateral-movement/exchange-hybrid/README.md](tools/lateral-movement/exchange-hybrid/README.md) — evoSTS token forge
-→ [tools/lateral-movement/snowflake-pivot/README.md](tools/lateral-movement/snowflake-pivot/README.md) — Snowflake Chain E storage-integration enum, Chain G share / replication exfil, Chain H SPCS egress depth × EAI rule matrix probe, bind-param evasion
+→ [tools/lateral-movement/snowflake-pivot/README.md](tools/lateral-movement/snowflake-pivot/README.md) — Snowflake Chain E storage-integration enum, Chain G share / replication exfil, Chain H SPCS egress depth × EAI rule matrix probe, Chain K Polaris/Iceberg catalog pivot, Chain M UDF EAI breakout, SPCS base-image posture probe, bind-param evasion
 → [tools/kerberos/README.md](tools/kerberos/README.md) — S4U2self/proxy, RBCD, NTLM relay, EPA recon, NTLM reflection LPE, AES roasting
 
 ### AD CS & Identity
 → [tools/ad-cs/README.md](tools/ad-cs/README.md) — ESC1–ESC16, chain.py, Shadow Credentials 2026
 → [tools/cloud-identity/README.md](tools/cloud-identity/README.md) — WIF, OIDC, Golden SAML, Silver SAML, SyncJacking, EvilTokens, FOCI, PRT devtools, CloudTrail blinding
-→ [tools/cloud-identity/snowflake/README.md](tools/cloud-identity/snowflake/README.md) — Snowflake JWT key-pair (Chain F), PAT scope walk + PAT discovery, SCIM token harvester, partner-integration audit (Chain J)
+→ [tools/cloud-identity/snowflake/README.md](tools/cloud-identity/snowflake/README.md) — Snowflake JWT key-pair (Chain F), PAT scope walk + PAT discovery, SCIM token harvester, partner-integration audit (Chain J), OAuth scope-drift audit (Chain L)
 → [tools/entra-abuse/README.md](tools/entra-abuse/README.md) — device-code, PRT, token replay (historical)
 
 ### Lateral Movement
@@ -148,7 +148,7 @@ The report at `reports/snowflake-platform-assessment/` is a set of linked static
 → [tools/kernel-lpe/README.md](tools/kernel-lpe/README.md) — AFD.sys, CLFS, I/O Ring primitives (requires EXPLOIT_LAB_KERNEL=1)
 
 ### Supply Chain
-→ [tools/supply-chain/README.md](tools/supply-chain/README.md) — Shai-Hulud npm worm, LiteLLM PyPI .pth, GitHub Actions OIDC (UNC6426), tj-actions-class, Snowflake Native App version-bump (Chain C empirical)
+→ [tools/supply-chain/README.md](tools/supply-chain/README.md) — Shai-Hulud npm worm, LiteLLM PyPI .pth, GitHub Actions OIDC (UNC6426), tj-actions-class, Snowflake Native App version-bump + multi-stage deferred-loader timeline + NAAAPS bypass probe (Chain C empirical)
 
 ### Phishing & Initial Access
 → [tools/phishing/README.md](tools/phishing/README.md) — AiTM kits (Tycoon2FA/Sneaky2FA/Rockstar2FA), ClickFix/FileFix/ConsentFix, passkey bench, vishing tabletop
@@ -179,10 +179,12 @@ The report at `reports/snowflake-platform-assessment/` is a set of linked static
 → [docs/analysis/firmware-landscape-2026/README.md](docs/analysis/firmware-landscape-2026/README.md) — Hydroph0bia, LogoFAIL successors, UEFI cert expiry
 → [docs/analysis/apple-mie-impact.md](docs/analysis/apple-mie-impact.md) — Apple Memory Integrity Enforcement
 → [docs/analysis/vishing-2026-market.md](docs/analysis/vishing-2026-market.md) — deepfake vishing economics + healthcare targeting
-→ [docs/analysis/snowflake-platform-attack-surface-2026.md](docs/analysis/snowflake-platform-attack-surface-2026.md) — CVE inventory, UNC5537 analysis, Cortex AI/Native Apps/SPCS attack surface, chains A–I, Trail vs ACCOUNT_USAGE field mapping
+→ [docs/analysis/snowflake-platform-attack-surface-2026.md](docs/analysis/snowflake-platform-attack-surface-2026.md) — CVE inventory, UNC5537 analysis, Cortex AI/Native Apps/SPCS attack surface, chains A–M (incl. Polaris/Iceberg K, OAuth scope drift L, UDF EAI breakout M), Trail vs ACCOUNT_USAGE field mapping
+→ [docs/analysis/snowflake-healthcare-overlay-2026.md](docs/analysis/snowflake-healthcare-overlay-2026.md) — Per-chain PHI exposure map + HIPAA control mapping + BAA considerations + OCR retention sufficiency
 → [docs/analysis/databricks-vs-snowflake-platform-comparison.md](docs/analysis/databricks-vs-snowflake-platform-comparison.md) — Cross-platform primitive map + chain mapping; detection-reuse notes for defenders covering both platforms
 → [detection/snowflake/README.md](detection/snowflake/README.md) — Cross-chain Sigma/KQL/SPL index, streaming ingest pattern, connector-debug-log secret-leak detector
-→ [detection/snowflake/streaming-ingest/README.md](detection/snowflake/streaming-ingest/README.md) — Concrete config (Terraform + Function App + docker-compose lab) for the INFORMATION_SCHEMA polling pipeline
+→ [detection/snowflake/ENRICHMENT.md](detection/snowflake/ENRICHMENT.md) — Canonical inventory of every derived/enrichment field the Sigma rules require; deployment checklist for the detection pack
+→ [detection/snowflake/streaming-ingest/README.md](detection/snowflake/streaming-ingest/README.md) — Concrete config (Terraform + Function App + docker-compose lab) for the INFORMATION_SCHEMA polling pipeline; cursor-locking + latency-measurement methodology
 
 ### Research Docs — Methodology
 → [docs/methodology/callstack-spoofing.md](docs/methodology/callstack-spoofing.md)

README.md

@@ -78,12 +78,12 @@ Each tool below ships under [tools/](tools/) and has a sibling `detection/` dire
 ### Lateral Movement
 
 - **Lateral Movement** — [tools/lateral-movement/](tools/lateral-movement/). RPC-based DCOM / TSCH / SCMR / WMI execution; SCCM ELEVATE1/2 plus the TAKEOVER-5 Entra-integration chain (SpecterOps, November 2025); Azure Arc MSI pivot with CVE-2026-26117 (`himds` pipe DACL); Exchange hybrid evoSTS token forge.
-- **Snowflake Pivot** — [tools/lateral-movement/snowflake-pivot/](tools/lateral-movement/snowflake-pivot/). Snowflake-specific lateral primitives: Storage Integration enumeration (Chain E), Direct Share + replication-group exfil (Chain G, audit-bypass via server-side data motion), bind-parameter evasion against `QUERY_HISTORY`. Talks to `mock-snowflake` on 9600.
+- **Snowflake Pivot** — [tools/lateral-movement/snowflake-pivot/](tools/lateral-movement/snowflake-pivot/). Snowflake-specific lateral primitives: Storage Integration enumeration (Chain E), Direct Share + replication-group exfil (Chain G, audit-bypass via server-side data motion), SPCS egress matrix (Chain H), Polaris / Iceberg catalog pivot (Chain K), UDF EAI breakout (Chain M), SPCS base-image posture probe (Chain H supply-chain extension), bind-parameter evasion against `QUERY_HISTORY`. Talks to `mock-snowflake` on 9600.
 
 ### Cloud Identity
 
 - **Cloud Identity Attacks** — [tools/cloud-identity/](tools/cloud-identity/). The modern cloud-identity surface: Workload Identity Federation wildcard `sub` abuse, Golden SAML, Silver SAML (secondary cert), SyncJacking via `ImmutableId` takeover, EvilTokens-style device-code 2026 PhaaS (Broker client ID FOCI path), FOCI Conditional Access bypass, PRT extraction via dev tools, and a CloudTrail-blinding catalog. Talks to the lab mocks: `mock-oidc` (9300), `mock-saml` (9400), `mock-entra` (9100/9102).
-- **Snowflake Cloud Identity** — [tools/cloud-identity/snowflake/](tools/cloud-identity/snowflake/). Snowflake-specific identity abuse for the post-UNC5537 / post-MFA control surface: JWT key-pair signer (Chain F — service-user key theft from CI / orchestration hosts), PAT scope walk, SCIM token harvester with a role-race primitive. Talks to `mock-snowflake` on 9600.
+- **Snowflake Cloud Identity** — [tools/cloud-identity/snowflake/](tools/cloud-identity/snowflake/). Snowflake-specific identity abuse for the post-UNC5537 / post-MFA control surface: JWT key-pair signer (Chain F — service-user key theft from CI / orchestration hosts), PAT scope walk, SCIM token harvester with a role-race primitive, partner-integration audit (Chain J), external OAuth scope-drift audit (Chain L). Talks to `mock-snowflake` on 9600.
 - **Entra ID Abuse (legacy)** — [tools/entra-abuse/](tools/entra-abuse/). Earlier device-code phishing, PRT simulation, and token-replay work. Kept for historical reference; current Entra work lives under `cloud-identity/`.
 
 ### Kernel LPE (Windows)