From 3350e31738c3ea61d1ebdd110393e146d154ef97 Mon Sep 17 00:00:00 2001
From: Raad <raadfhaddad@gmail.com>
Date: Fri, 14 Feb 2025 08:16:32 +0100
Subject: [PATCH] Update aws-macie-privesc.md

---
 .../aws-privilege-escalation/aws-macie-privesc.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md
index 73ffb71ea..b47f35d23 100644
--- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md
+++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md
@@ -14,9 +14,9 @@ For more information about Macie check:
 
 AWS Macie is a security service that automatically detects sensitive data within AWS environments, such as credentials, personally identifiable information (PII), and other confidential data. When Macie identifies a sensitive credential, such as an AWS secret key stored in an S3 bucket, it generates a finding that allows the owner to view a "sample" of the detected data. Typically, once the sensitive file is removed from the S3 bucket, it is expected that the secret can no longer be retrieved.
 
-However, a **bypass** has been identified where an attacker with sufficient permissions can** re-upload a file with the same name** but containing different, non-sensitive dummy data. This causes Macie to associate the newly uploaded file with the original finding, allowing the attacker to use the **"Reveal Sample" feature** to extract the previously detected secret. This issue poses a significant security risk, as secrets that were assumed to be deleted remain retrievable through this method.
+However, a **bypass** has been identified where an attacker with sufficient permissions can **re-upload a file with the same name** but containing different, non-sensitive dummy data. This causes Macie to associate the newly uploaded file with the original finding, allowing the attacker to use the **"Reveal Sample" feature** to extract the previously detected secret. This issue poses a significant security risk, as secrets that were assumed to be deleted remain retrievable through this method.
 
-<img src="https://github.com/user-attachments/assets/c44228ae-12cd-41bd-9a04-57f503a63281" height="800" width="auto"/>
+![flow](https://github.com/user-attachments/assets/7b83f2d3-1690-41f1-98cc-05ccd0154a66)
 
 **Steps To Reproduce:**