diff --git a/pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md b/pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md
index ed82ec637..3f3fba06b 100644
--- a/pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md
+++ b/pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md
@@ -150,6 +150,18 @@ az storage blob undelete \
 ```
 {% endcode %}
 
+### Microsoft.Storage/storageAccounts/fileServices/shares/restore/action && Microsoft.Storage/storageAccounts/read
+
+With these permissions, an attacker can restore a deleted Azure file share by specifying its deleted version ID. This privilege escalation could allow an attacker to recover sensitive data that was meant to be permanently deleted, potentially leading to unauthorized access.
+
+{% code overflow="wrap" %}
+```bash
+az storage share-rm restore \
+  --storage-account <STORAGE_ACCOUNT_NAME> \
+  --name <FILE_SHARE_NAME> \
+  --deleted-version <VERSION>
+```
+{% endcode %}
 
 ## Other interesting looking permissions (TODO)