Cobalt Cloud Pentest Service is a manual penetration testing service targeting cloud infrastructure across AWS, Azure, and Google Cloud Platform (GCP) environments. The service is delivered through a four-phase structured assessment aligned with the Shared Responsibility Model, focusing on the layers customers control—data, applications, configurations, and identity management. Testing is aligned to the OWASP Cloud-Native Top 10 and covers key cloud resource areas including Identity & Access Management (IAM), storage, networking, and compute. Rather than relying solely on automated scanning or Cloud Security Posture Management (CSPM) tools, the service employs expert pentesters who use manual techniques and chained exploits to identify complex attack paths across hybrid and multi-cloud environments. Core assessment activities include: - Simulating attacker behavior against cloud configurations and applications - Evaluating cloud-hosted network perimeter security and internal segmentation - Testing IAM, storage, networking, and compute resources for exploitability - Identifying attack paths that emerge from interactions between different cloud environments Findings are delivered through real-time reporting on misconfigurations, with actionable remediation guidance scoped to what the customer controls. The service is positioned as a complement to automated scanners, focusing on confirmed exploitability rather than theoretical misconfiguration alerts, with the goal of reducing alert fatigue and enabling prioritized remediation.