diff --git a/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md b/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md
index b9a2863543..d84ab08d32 100644
--- a/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md
+++ b/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md
@@ -167,6 +167,45 @@ s3-account-search arn:aws:iam::123456789012:role/s3_read s3://my-bucket/path/to/
 
 This technique also works with API Gateway URLs, Lambda URLs, Data Exchange data sets and even to get the value of tags (if you know the tag key). You can find more information in the [**original research**](https://blog.plerion.com/conditional-love-for-aws-metadata-enumeration/) and the tool [**conditional-love**](https://github.com/plerionhq/conditional-love/) to automate this exploitation.
 
+### Confirming a bucket belongs to an AWS account
+
+As explained in [**this blog post**](https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/)**, if you have permissions to list a bucket** it’s possible to confirm an accountID the bucket belongs to by sending a request like:
+
+```bash
+curl -X GET "[bucketname].amazonaws.com/" \
+-H "x-amz-expected-bucket-owner: [correct-account-id]"
+
+<?xml version="1.0" encoding="UTF-8"?>
+<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">...</ListBucketResult>
+```
+
+If the error is an “Access Denied” it means that the account ID was wrong.
+
+### Used Emails as root account enumeration
+
+As explained in [**this blog post**](https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/), it's possible to check if an email address is related to any AWS account by **trying to grant an email permissions** over a S3 bucket via ACLs. If this doesn't trigger an error, it means that the email is a root user of some AWS account:
+
+```python
+s3_client.put_bucket_acl(
+    Bucket=bucket_name,
+    AccessControlPolicy={
+        'Grants': [
+            {
+                'Grantee': {
+                    'EmailAddress': 'some@emailtotest.com',
+                    'Type': 'AmazonCustomerByEmail',
+                },
+                'Permission': 'READ'
+            },
+        ],
+        'Owner': {
+            'DisplayName': 'Whatever',
+            'ID': 'c3d78ab5093a9ab8a5184de715d409c2ab5a0e2da66f08c2f6cc5c0bdeadbeef'
+        }
+    }
+)
+```
+
 ## References
 
 * [https://www.youtube.com/watch?v=8ZXRw4Ry3mQ](https://www.youtube.com/watch?v=8ZXRw4Ry3mQ)