2026 tradecraft gap closure: kernel LPE, Copilot, AiTM, supply chain

CLAUDE.md

@@ -32,6 +32,10 @@ for Python, `tools/rust/containment/` for Rust):
 | `EXPLOIT_LAB_OFFLINE_VM=1` | Required for tools that touch kernel or IMDS |
 | `EXPLOIT_FIXTURE_ROOT=<path>` | Scopes all file I/O to a tmpdir |
 | `ENTRA_LAB_TENANT_ID=<id>` | Must match a known lab tenant, never production |
+| `EXPLOIT_LAB_KERNEL=1` | Required for kernel LPE analysis tools (stricter than OFFLINE_VM) |
+| `EXPLOIT_LAB_K8S=1` | Required for container escape labs |
+| `EXPLOIT_LAB_EBPF=1` | Required for eBPF rootkit bench |
+| `EXPLOIT_LAB_MOBILE=1` | Required for mobile research (no device interaction) |
 
 Tools that target a domain hard-check for `corp.lab.local` and reject anything else.
 Tools that call IMDS hard-check `assert_imds_is_mock()` before any network request.
@@ -93,25 +97,31 @@ The report at `reports/databricks-apps-assessment/` is a concatenated Streamlit
 → [tools/lateral-movement/sccm-abuse/README.md](tools/lateral-movement/sccm-abuse/README.md) — SCCM ELEVATE1/2
 → [tools/lateral-movement/azure-arc/README.md](tools/lateral-movement/azure-arc/README.md) — Azure Arc MSI pivot
 → [tools/lateral-movement/exchange-hybrid/README.md](tools/lateral-movement/exchange-hybrid/README.md) — evoSTS token forge
-→ [tools/kerberos/README.md](tools/kerberos/README.md) — S4U2self/proxy, RBCD, NTLM relay
+→ [tools/kerberos/README.md](tools/kerberos/README.md) — S4U2self/proxy, RBCD, NTLM relay, EPA recon, NTLM reflection LPE, AES roasting
 
 ### AD CS & Identity
-→ [tools/ad-cs/README.md](tools/ad-cs/README.md) — ESC1–ESC15, chain.py
-→ [tools/cloud-identity/README.md](tools/cloud-identity/README.md) — WIF, OIDC, Golden SAML, Entra
-→ [tools/entra-abuse/README.md](tools/entra-abuse/README.md) — device-code, PRT, token replay
+→ [tools/ad-cs/README.md](tools/ad-cs/README.md) — ESC1–ESC16, chain.py, Shadow Credentials 2026
+→ [tools/cloud-identity/README.md](tools/cloud-identity/README.md) — WIF, OIDC, Golden SAML, Silver SAML, SyncJacking, EvilTokens, FOCI, PRT devtools, CloudTrail blinding
+→ [tools/entra-abuse/README.md](tools/entra-abuse/README.md) — device-code, PRT, token replay (historical)
+
+### Lateral Movement
+→ [tools/lateral-movement/README.md](tools/lateral-movement/README.md) — DCOM/TSCH/SCMR/WMI, SCCM TAKEOVER-5, Azure Arc CVE-2026-26117, Exchange hybrid
 
 ### Browser & Extension Attacks
 → [tools/browser-native-postex/README.md](tools/browser-native-postex/README.md) — WASM post-ex payload
 → [tools/browser-ext-attacks/README.md](tools/browser-ext-attacks/README.md) — MV3 extension catalog
 
 ### LLM & Agent Attacks
 → [tools/llm-attacks/README.md](tools/llm-attacks/README.md) — injection, MCP abuse, agent confusion
+→ [tools/llm-attacks/m365-copilot/README.md](tools/llm-attacks/m365-copilot/README.md) — EchoLeak (CVE-2025-32711), ShareLeak (CVE-2026-21520)
+→ [tools/llm-attacks/agentforce/README.md](tools/llm-attacks/agentforce/README.md) — PipeLeak Agentforce
+→ [tools/llm-attacks/mcp-abuse/git-mcp-cve-class/README.md](tools/llm-attacks/mcp-abuse/git-mcp-cve-class/README.md) — Git MCP CVE-2025-68143/68144/68145
 
-### EDR Silencing
+### EDR Silencing & BYOVD
 → [tools/edr-silencing/callback-integrity/README.md](tools/edr-silencing/callback-integrity/README.md) — kernel callback enumeration
 → [tools/edr-silencing/wdac-abuse/README.md](tools/edr-silencing/wdac-abuse/README.md) — WDAC policy tools
 → [tools/edr-silencing/blind-spot-enum/README.md](tools/edr-silencing/blind-spot-enum/README.md) — EDR coverage map
-→ [tools/byovd/README.md](tools/byovd/README.md) — BYOVD orchestration (hash-only)
+→ [tools/byovd/README.md](tools/byovd/README.md) — BYOVD orchestration, LOLDrivers sync, HVCI bypass enum, EDR-killer class
 
 ### Exploitation Framework
 → [tools/framework/README.md](tools/framework/README.md) — Browser Exploit Framework
@@ -121,6 +131,24 @@ The report at `reports/databricks-apps-assessment/` is a concatenated Streamlit
 ### BOFs
 → [tools/bofs/README.md](tools/bofs/README.md) — safe BOF implementations (whoami, ls, env)
 
+### Kernel LPE
+→ [tools/kernel-lpe/README.md](tools/kernel-lpe/README.md) — AFD.sys, CLFS, I/O Ring primitives (requires EXPLOIT_LAB_KERNEL=1)
+
+### Supply Chain
+→ [tools/supply-chain/README.md](tools/supply-chain/README.md) — Shai-Hulud npm worm, LiteLLM PyPI .pth, GitHub Actions OIDC (UNC6426), tj-actions-class
+
+### Phishing & Initial Access
+→ [tools/phishing/README.md](tools/phishing/README.md) — AiTM kits (Tycoon2FA/Sneaky2FA/Rockstar2FA), ClickFix/FileFix/ConsentFix, passkey bench, vishing tabletop
+
+### Kubernetes & Container
+→ [tools/kubernetes-postex/README.md](tools/kubernetes-postex/README.md) — runc escape (CVE-2025-31133/-52565/-52881), NodeRestriction bypass, AKS CVE-2026-33105
+
+### Linux Post-Exploitation
+→ [tools/linux-postex/README.md](tools/linux-postex/README.md) — LinkPro-class eBPF rootkit (requires EXPLOIT_LAB_EBPF=1)
+
+### Persistence
+→ [tools/persistence/README.md](tools/persistence/README.md) — RMM abuse (ScreenConnect/AnyDesk/QuickAssist), ESXi kill chain
+
 ### Research Docs — Analysis
 → [docs/analysis/patch-analysis.md](docs/analysis/patch-analysis.md)
 → [docs/analysis/sandbox-escape-analysis.md](docs/analysis/sandbox-escape-analysis.md)
@@ -130,6 +158,14 @@ The report at `reports/databricks-apps-assessment/` is a concatenated Streamlit
 → [docs/analysis/kernel-callback-removal-research.md](docs/analysis/kernel-callback-removal-research.md)
 → [docs/analysis/manifest-v3-capabilities.md](docs/analysis/manifest-v3-capabilities.md)
 → [docs/analysis/aarch64-porting-status.md](docs/analysis/aarch64-porting-status.md)
+→ [docs/analysis/aitm-kit-market-2026.md](docs/analysis/aitm-kit-market-2026.md) — Tycoon2FA → Sneaky2FA → Rockstar2FA evolution
+→ [docs/analysis/byovd-2026-scale.md](docs/analysis/byovd-2026-scale.md) — 54-tool / 35-driver market analysis
+→ [docs/analysis/c2-framework-market-2026.md](docs/analysis/c2-framework-market-2026.md) — C2 framework kill-chain mapping
+→ [docs/analysis/healthcare-ransomware-2026.md](docs/analysis/healthcare-ransomware-2026.md) — sector analysis + Akira/Qilin
+→ [docs/analysis/mobile-landscape-2026/README.md](docs/analysis/mobile-landscape-2026/README.md) — iOS/Android chains, Pwn2Own Ireland 2025
+→ [docs/analysis/firmware-landscape-2026/README.md](docs/analysis/firmware-landscape-2026/README.md) — Hydroph0bia, LogoFAIL successors, UEFI cert expiry
+→ [docs/analysis/apple-mie-impact.md](docs/analysis/apple-mie-impact.md) — Apple Memory Integrity Enforcement
+→ [docs/analysis/vishing-2026-market.md](docs/analysis/vishing-2026-market.md) — deepfake vishing economics + healthcare targeting
 
 ### Research Docs — Methodology
 → [docs/methodology/callstack-spoofing.md](docs/methodology/callstack-spoofing.md)
@@ -138,16 +174,26 @@ The report at `reports/databricks-apps-assessment/` is a concatenated Streamlit
 → [docs/methodology/modern-lateral-movement.md](docs/methodology/modern-lateral-movement.md)
 → [docs/methodology/browser-native-postex.md](docs/methodology/browser-native-postex.md)
 → [docs/methodology/modern-evasion-techniques.md](docs/methodology/modern-evasion-techniques.md)
-→ [docs/methodology/modern-c2-architecture.md](docs/methodology/modern-c2-architecture.md)
+→ [docs/methodology/modern-c2-architecture.md](docs/methodology/modern-c2-architecture.md) — updated: HTTP/3, DoQ, Telegram, Teams
 → [docs/methodology/ad-cs-attack-modeling.md](docs/methodology/ad-cs-attack-modeling.md)
 → [docs/methodology/kerberos-lateral-movement.md](docs/methodology/kerberos-lateral-movement.md)
 → [docs/methodology/llm-attack-modeling.md](docs/methodology/llm-attack-modeling.md)
 → [docs/methodology/browser-extension-supply-chain.md](docs/methodology/browser-extension-supply-chain.md)
-→ [docs/methodology/edr-silencing-via-policy.md](docs/methodology/edr-silencing-via-policy.md)
+→ [docs/methodology/edr-silencing-via-policy.md](docs/methodology/edr-silencing-via-policy.md) — updated: kill-don't-evade paradigm
 → [docs/methodology/threat-scenario-playbook.md](docs/methodology/threat-scenario-playbook.md)
 → [docs/methodology/ai-accelerated-exploit-pipeline.md](docs/methodology/ai-accelerated-exploit-pipeline.md)
 → [docs/methodology/post-exploitation-impact.md](docs/methodology/post-exploitation-impact.md)
 → [docs/methodology/pre-exploitation-obfuscation.md](docs/methodology/pre-exploitation-obfuscation.md)
+→ [docs/methodology/aitm-phishing-2026.md](docs/methodology/aitm-phishing-2026.md)
+→ [docs/methodology/ci-cd-attack-modeling.md](docs/methodology/ci-cd-attack-modeling.md) — GitHub Actions pwn_request + OIDC
+→ [docs/methodology/device-code-phishing-2026.md](docs/methodology/device-code-phishing-2026.md) — EvilTokens PhaaS + Storm-2372
+→ [docs/methodology/windows-kernel-lpe-2026.md](docs/methodology/windows-kernel-lpe-2026.md) — AFD / CLFS / I/O Ring
+→ [docs/methodology/ransomware-affiliate-tradecraft-2026.md](docs/methodology/ransomware-affiliate-tradecraft-2026.md)
+→ [docs/methodology/linux-postex-2026.md](docs/methodology/linux-postex-2026.md)
+→ [docs/methodology/macos-postex-2026.md](docs/methodology/macos-postex-2026.md)
+→ [docs/methodology/mobile-threat-modeling.md](docs/methodology/mobile-threat-modeling.md)
+→ [docs/methodology/phish-resistance-testing.md](docs/methodology/phish-resistance-testing.md)
+→ [docs/methodology/deepfake-vishing-tabletop.md](docs/methodology/deepfake-vishing-tabletop.md)
 
 ### Advisories
 → [docs/advisories/cve-2026-1862-research.md](docs/advisories/cve-2026-1862-research.md)