diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md
new file mode 100644
index 0000000000..4626850845
--- /dev/null
+++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md
@@ -0,0 +1,25 @@
+# Amazon Macie - Bypass `Reveal Sample` Integrity Check
+
+AWS Macie is a security service that automatically detects sensitive data within AWS environments, such as credentials, personally identifiable information (PII), and other confidential data. When Macie identifies a sensitive credential, such as an AWS secret key stored in an S3 bucket, it generates a finding that allows the owner to view a "sample" of the detected data. Typically, once the sensitive file is removed from the S3 bucket, it is expected that the secret can no longer be retrieved.
+
+However, a **bypass** has been identified where an attacker with sufficient permissions can** re-upload a file with the same name** but containing different, non-sensitive dummy data. This causes Macie to associate the newly uploaded file with the original finding, allowing the attacker to use the **"Reveal Sample" feature** to extract the previously detected secret. This issue poses a significant security risk, as secrets that were assumed to be deleted remain retrievable through this method.
+
+
+
+## Steps To Reproduce:
+
+1. Upload a file (e.g., `test-secret.txt`) to an S3 bucket with sensitive data, such as an AWS secret key. Wait for AWS Macie to scan and generate a finding.
+
+2. Navigate to AWS Macie Findings, locate the generated finding, and use the **Reveal Sample** feature to view the detected secret.
+
+3. Delete `test-secret.txt` from the S3 bucket and verify that it no longer exists.
+
+4. Create a new file named `test-secret.txt` with dummy data and re-upload it to the same S3 bucket using **attacker's account**.
+
+5. Return to AWS Macie Findings, access the original finding, and click **Reveal Sample** again.
+
+6. Observe that Macie still reveals the original secret, despite the file being deleted and replaced with different content **from different accounts, in our case it will be the attacker's account**.
+
+## Summary:
+
+This vulnerability allows an attacker with sufficient AWS IAM permissions to recover previously detected secrets even after the original file has been deleted from S3. If an AWS secret key, access token, or other sensitive credential is exposed, an attacker could leverage this flaw to retrieve it and gain unauthorized access to AWS resources. This could lead to privilege escalation, unauthorized data access, or further compromise of cloud assets, resulting in data breaches and service disruptions.
diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-macie-enum.md b/src/pentesting-cloud/aws-security/aws-services/aws-macie-enum.md
new file mode 100644
index 0000000000..899ca1b9f8
--- /dev/null
+++ b/src/pentesting-cloud/aws-security/aws-services/aws-macie-enum.md
@@ -0,0 +1,49 @@
+# Amazon Macie
+
+## Introduction
+
+Amazon Macie is a data security service that discovers sensitive data by using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.
+
+## Listing Findings with AWS Console
+
+After scanning a specific S3 bucket for secrets and sensitive data, findings will be generated and displayed in the console. Authorized users with sufficient permissions can view and list these findings for each job.
+
+
+
+
+## Revealing Secret
+
+Amazon Macie provides a feature that displays detected secrets in clear-text format. This functionality aids in the identification of the compromised data. However, displaying secrets in clear-text is generally not considered best practice due to security concerns, as it could potentially expose sensitive information.
+
+
+
+
+
+## Enumeration
+
+```bash
+# List and describe classification jobs
+aws macie2 list-classification-jobs --region eu-west-1
+aws macie2 describe-classification-job --job-id --region eu-west-1
+
+# Retrieve account details and statistics
+aws macie2 get-macie-session --region eu-west-1
+aws macie2 get-usage-statistics --region eu-west-1
+
+# List and manage Macie members (for organizations)
+aws macie2 list-members --region eu-west-1
+
+# List findings and get detailed information about specific findings
+aws macie2 list-findings --region eu-west-1
+aws macie2 get-findings --finding-id --region eu-west-1
+
+# Manage custom data identifiers
+aws macie2 list-custom-data-identifiers --region eu-west-1
+aws macie2 get-custom-data-identifier --id --region eu-west-1
+
+# List and detail findings filters
+aws macie2 list-findings-filters --region eu-west-1
+aws macie2 get-findings-filter --id --region eu-west-1
+
+```
+