diff --git a/pentesting-cloud/azure-security/az-services/az-file-shares.md b/pentesting-cloud/azure-security/az-services/az-file-shares.md
index 400d3a0e4..5ca733e45 100644
--- a/pentesting-cloud/azure-security/az-services/az-file-shares.md
+++ b/pentesting-cloud/azure-security/az-services/az-file-shares.md
@@ -43,6 +43,9 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).p
 
 ## Enumeration
 
+
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # Get storage accounts
@@ -50,6 +53,7 @@ az storage account list #Get the account name from here
 
 # List file shares
 az storage share list --account-name <name>
+az storage share-rm list --storage-account <name> # To see the deleted ones too --include-deleted
 # Get dirs/files inside the share
 az storage file list --account-name <name> --share-name <share-name>
 ## If type is "dir", you can continue enumerating files inside of it
@@ -65,6 +69,33 @@ az storage file list --account-name <name> --share-name <share-name> --snapshot
 az storage file download-batch -d . --account-name <name> --source <share-name> --snapshot <snapshot-version>
 ```
 {% endcode %}
+{% endtab %}
+
+{% tab title="Az PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+Get-AzStorageAccount
+
+# List File Shares
+Get-AzStorageShare -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
+
+# Get Directories/Files Inside the Share
+Get-AzStorageFile -ShareName "<share-name>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
+Get-AzStorageFile -ShareName "<share-name>" -Path "<share-directory-path>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
+
+# Download a Complete Share
+Get-AzStorageFileContent -ShareName "<share-name>" -Destination "C:\Download" -Path "<share-directory-path>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
+
+# Get Snapshots/Backups
+Get-AzStorageShare -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context | Where-Object { $_.SnapshotTime -ne $null }
+
+# List Contents of a Snapshot/Backup
+Get-AzStorageFile -ShareName "<share-name>" -Context (New-AzStorageContext -StorageAccountName "<storage-account-name>" -StorageAccountKey (Get-AzStorageAccountKey -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>" | Select-Object -ExpandProperty Value) -SnapshotTime "<snapshot-version>")
+
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 {% hint style="info" %}
 By default `az` cli will use an account key to sign a key and perform the action. To use the Entra ID principal privileges use the parameters `--auth-mode login --enable-file-backup-request-intent`.