Update aws-sagemaker-persistence.md

Author: AI-redteam

src/pentesting-cloud/aws-security/aws-persistence/aws-sagemaker-persistence.md

@@ -1,6 +1,11 @@
 
 # AWS - SageMaker Lifecycle Configuration Persistence
 
+## Overview of Persistence Techniques
+
+This section outlines methods for gaining persistence in SageMaker by abusing Lifecycle Configurations (LCCs), including reverse shells, cron jobs, credential theft via IMDS, and SSH backdoors. These scripts run with the instance’s IAM role and can persist across restarts. Most techniques require outbound network access, but usage of services on the AWS control plane can still allow success if the environment is in 'VPC-only" mode.
+#### Note: SageMaker notebook instances are essentially managed EC2 instances configured specifically for machine learning workloads.
+
 ## Required Permissions
 * Notebook Instances:
 ```
@@ -17,7 +22,7 @@ sagemaker:UpdateUserProfile
 sagemaker:UpdateSpace
 sagemaker:UpdateDomain
 ```
-#### Note: SageMaker notebook instances are essentially managed EC2 instances configured specifically for machine learning workloads.
+
 
 ## Set Lifecycle Configuration on Notebook Instances