diff --git a/.gitbook/assets/image (348).png b/.gitbook/assets/image (348).png
new file mode 100644
index 0000000000..9d46347e6c
Binary files /dev/null and b/.gitbook/assets/image (348).png differ
diff --git a/pentesting-cloud/aws-security/aws-post-exploitation/aws-stepfunctions-post-exploitation.md b/pentesting-cloud/aws-security/aws-post-exploitation/aws-stepfunctions-post-exploitation.md
index 79a7480eee..c1abdd5768 100644
--- a/pentesting-cloud/aws-security/aws-post-exploitation/aws-stepfunctions-post-exploitation.md
+++ b/pentesting-cloud/aws-security/aws-post-exploitation/aws-stepfunctions-post-exploitation.md
@@ -23,6 +23,12 @@ For more information about this AWS service, check:
 [aws-stepfunctions-enum.md](../aws-services/aws-stepfunctions-enum.md)
 {% endcontent-ref %}
 
+### `states:RevealSecrets`
+
+This permission allows to **reveal secret data inside an execution**. For it, it's needed to set Inspection level to TRACE and the revealSecrets parameter to true.
+
+<figure><img src="../../../.gitbook/assets/image (348).png" alt=""><figcaption></figcaption></figure>
+
 ### `states:DeleteStateMachine`, `states:DeleteStateMachineVersion`, `states:DeleteStateMachineAlias`
 
 An attacker with these permissions would be able to permanently delete state machines, their versions, and aliases. This can disrupt critical workflows, result in data loss, and require significant time to recover and restore the affected state machines. In addition, it would allow an attacker to cover the tracks used, disrupt forensic investigations, and potentially cripple operations by removing essential automation processes and state configurations.