cobalthq · ana-dashuk-cobalt · Jun 16, 2023 · Jun 16, 2023 · Jun 19, 2023 · Jun 19, 2023
diff --git a/content/en/Getting started/pentest-preparation.md b/content/en/Getting started/pentest-preparation.md
@@ -126,8 +126,8 @@ Learn [how to scope a pentest for an internal network](/getting-started/planning
 
 Cobalt pentesters can test services on the following platforms:
 
-- Google Cloud Platform (GCP)
 - Amazon Web Services (AWS)
+- Google Cloud Platform (GCP)
 - Microsoft Azure Cloud (Azure)
 
 Each platform includes different categories of services, such as EC2, databases, and machine learning engines.
@@ -136,8 +136,8 @@ Each platform includes different categories of services, such as EC2, databases,
 
 - Your cloud platform: GCP, AWS, or Azure
 - Depending on your cloud platform, the number of User Accounts, Projects, or Resource Groups:
-  - **GCP**: The cloud configuration size is based on _Projects_. In Identity and Access Management (IAM), access is managed through IAM policies. An IAM policy can be attached to a Google Cloud Project. Each policy contains a collection of role bindings that associate one or more principals, such as users or service accounts, with an IAM role.
   - **AWS**: The number of AWS accounts within the AWS Organization. The IAM user that pentesters will use to enumerate and assess AWS configurations is set based upon these accounts.
+  - **GCP**: The cloud configuration size is based on _Projects_. In Identity and Access Management (IAM), access is managed through IAM policies. An IAM policy can be attached to a Google Cloud Project. Each policy contains a collection of role bindings that associate one or more principals, such as users or service accounts, with an IAM role.
   - **Azure**: Subscriptions may contain various Resource Groups—containers that hold related resources for an Azure solution. The CIS Benchmark for Azure is assessed at the Subscription level.
 - The number of **unique services** in the configuration. Unique services are the different functionalities that you've configured in your cloud deployment.
   - Examples of services: EC2, S3, Comprehend, Kubernetes, Azure Bot Service, Cloud Storage, Azure Container Service.

diff --git a/content/en/Methodologies/_index.md b/content/en/Methodologies/_index.md
@@ -13,37 +13,19 @@ aliases:
 Cobalt pentesters follow specific methodologies for different types of assets.
 {{% /pageinfo %}}
 
-By default, our pentesters test for industry standard vulnerabilities from:
+Learn more about each methodology:
 
-- [Open Web Application Security Project (OWASP)](https://owasp.org).
-  - Includes different "Top 10" lists for web, API, mobile, and cloud systems.
-- [Open Source Security Testing Methodology Manual (OSSTMM)](https://www.isecom.org/OSSTMM.3.pdf) (PDF).
-  - Used for internal and external networks.
-
-For more information on how we pentest, refer to the detailed pages associated with your
-asset.
-
-- [Web](/methodologies/web-methodologies/)
+- [Web application](/methodologies/web-methodologies/)
+- [Mobile application](/methodologies/mobile/)
 - [API](/methodologies/api-methodologies/)
-- [Mobile](/methodologies/mobile/)
-- [Internal Network](/methodologies/internal-network/)
-- [External Network](/methodologies/external-network/)
-- [Cloud](/methodologies/cloud/)
-- [Azure AD](/methodologies/azure-ad/)
+- [Internal network](/methodologies/internal-network/)
+- [External network](/methodologies/external-network/)
+- [Cloud configuration](/methodologies/cloud/):
+  - [Amazon AWS](/methodologies/amazon-aws-cloud-configuration/)
+  - [Google Cloud Platform (GCP)](/methodologies/gcp-cloud-configuration/)
+  - [Microsoft Azure](/methodologies/azure-cloud-configuration/)
+- [Azure Active Directory (AD)](/methodologies/azure-ad/)
 
-In most cases, the Methodology is fixed, based on the [Asset Type](/platform-deep-dive/assets/asset-types/)
-you defined earlier. However, if you selected a combined asset type, such as Web + API, you
-can limit the test to either of the individual methodologies:
+In most cases, the methodology is fixed, based on the [Asset Type](/platform-deep-dive/assets/asset-types/) you defined earlier. However, if you selected a combined asset type, such as Web + API, you can limit the test to either of the individual methodologies:
 
 ![Choice of Methodologies](/gsg/WebOrAPI.png "Choose a pentest methodology for Web + API assets")
-
-Review the methodology for your asset, from the links shown earlier. Each methodology
-includes default requirements based on standards such as:
-
-- [OWASP](/getting-started/glossary/#open-web-application-security-project-owasp)
-- [OSSTMM](/getting-started/glossary/#open-source-security-testing-methodology-manual-osstmm)
-
-You're welcome to include additional requirements.
-
-Next, you'll want to set up and share [Test Credentials](/getting-started/pentest-objectives/test-credentials/) for your
-pentesters.
diff --git a/content/en/Methodologies/amazon-aws-cloud-configuration.md b/content/en/Methodologies/amazon-aws-cloud-configuration.md
@@ -0,0 +1,73 @@
+---
+title: "Amazon AWS Cloud Configuration Review"
+linkTitle: "Amazon AWS Cloud Configuration"
+weight: 160
+description: >
+  Learn how Cobalt pentesters review Amazon AWS cloud configurations.
+---
+
+{{% pageinfo %}}
+Amazon AWS cloud-based configuration review is an exercise in which Cobalt pentesters assess an organization's Amazon-based cloud environment, and its internal and external components.
+{{% /pageinfo %}}
+
+We follow an industry-standard methodology primarily based on:
+
+- [CIS AWS Foundations Benchmark](https://docs.aws.amazon.com/securityhub/latest/userguide/cis-aws-foundations-benchmark.html)
+{{% cloud-security-guidelines %}}
+
+![Amazon AWS cloud configuration review process](/methodologies/cloud-configuration-review-process.png "Amazon AWS cloud configuration review process")
+
+{{% cloud-stages-toc %}}
+
+## Prerequisites
+
+Our pentesters need access to test your AWS systems. Prepare the following:
+
+- A dedicated AWS account for each pentester, with access to each target system.
+- Read-only Identity and Access Management (IAM) API credentials for each dedicated account. Add the following AWS managed policies to the pentester user or role:
+  - `SecurityAudit`
+  - `ViewOnlyAccess`
+
+The required [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html) are:
+
+```
+arn:aws:iam::aws:policy/SecurityAudit
+arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
+```
+
+## Target Scope Reconnaissance
+
+{{% cloud-recon %}}
+
+## Component Enumeration
+
+{{% cloud-component-enumeration %}}
+  - IAM
+  - S3
+  - RDS
+
+## Automated Component Configuration Assessment
+
+{{% cloud-component-assessment %}}
+
+## Automated and Manual Assessment of Externally Exposed Services
+
+{{% cloud-external-services %}}
+
+## Architectural Design Analysis
+
+{{% cloud-architect-design %}}
+
+## Reporting, Triaging, and Retesting
+
+{{% report-triage-retest %}}
+
+## Tools
+
+During the assessment, pentesters use multiple testing tools, such as:
+
+- [Scout Suite](https://github.com/nccgroup/ScoutSuite): Cloud security auditing tool
+- [Prowler](https://github.com/prowler-cloud/prowler): Security best practices assessment tool
+- [CloudSploit Scan](https://github.com/aquasecurity/cloudsploit): Tool for detecting security risks in cloud infrastructure accounts
+
+{{% various-tools %}}
diff --git a/content/en/Methodologies/azure-cloud-configuration.md b/content/en/Methodologies/azure-cloud-configuration.md
@@ -0,0 +1,63 @@
+---
+title: "Microsoft Azure Cloud Configuration Review"
+linkTitle: "Microsoft Azure Cloud Configuration"
+weight: 180
+description: >
+  Learn how Cobalt pentesters review Microsoft Azure cloud configurations.
+---
+
+{{% pageinfo %}}
+Microsoft Azure cloud-based configuration review is an exercise in which Cobalt pentesters assess an organization's Azure-based cloud environment, and its internal and external components.
+{{% /pageinfo %}}
+
+We follow an industry-standard methodology primarily based on:
+
+- [Microsoft security best practices](https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns)
+{{% cloud-security-guidelines %}}
+
+We also follow the [Penetration Testing Rules of Engagement](https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement) by Microsoft to avoid causing downtime on your systems.
+
+![Microsoft Azure cloud configuration review process](/methodologies/cloud-configuration-review-process.png "Microsoft Azure cloud configuration review process")
+
+{{% cloud-stages-toc %}}
+
+## Prerequisites
+
+Our pentesters need access to test your Azure systems. Prepare the following:
+
+- A dedicated Azure account for each pentester, with access to each target system
+- Read-only Identity and Access Management (IAM) API credentials for each dedicated account
+
+## Target Scope Reconnaissance
+
+{{% cloud-recon %}}
+
+## Component Enumeration
+
+{{% cloud-component-enumeration %}}
+  - Azure Cloud Storage
+
+## Automated Component Configuration Assessment
+
+{{% cloud-component-assessment %}}
+
+## Automated and Manual Assessment of Externally Exposed Services
+
+{{% cloud-external-services %}}
+
+## Architectural Design Analysis
+
+{{% cloud-architect-design %}}
+
+## Reporting, Triaging, and Retesting
+
+{{% report-triage-retest %}}
+
+## Tools
+
+During the assessment, pentesters use multiple testing tools, such as:
+
+- [Scout Suite](https://github.com/nccgroup/ScoutSuite): Cloud security auditing tool
+- [Other tools for Microsoft Azure](https://github.com/kmcquade/awesome-azure-security)
+
+{{% various-tools %}}
diff --git a/content/en/Methodologies/cloud.md b/content/en/Methodologies/cloud.md
@@ -1,128 +1,84 @@
 ---
-title: "Cloud Pentests"
-linkTitle: "Cloud Pentest Methodologies"
+title: "Cloud Configuration Review Methodologies"
+linkTitle: "Cloud Configuration Review"
 weight: 150
 description: >
-  Review methodologies for Cloud Configurations.
+  Learn how Cobalt pentesters review cloud configurations.
 aliases:
     - /getting-started/pentest-objectives/methodologies/cloud/
     - /platform-deep-dive/pentests/pentest-process/methodologies/cloud/
 ---
 
 {{% pageinfo %}}
-{{% pentest-rigor %}}
-{{% /pageinfo %}}
-
-We support penetration testing of systems in the following cloud environments:
-
-- Amazon AWS
-- Google Cloud Platform (GCP)
-- Microsoft Azure
-
-While we perform many of the same tests on different cloud configurations, each environment
-has unique testing requirements.
-
-## Cloud Network Pentest
-<!-- I cover needed content from
-https://cobaltio.zendesk.com/hc/en-us/articles/360057567991-Cloud-Configuration-Review-VS-Cloud-Network-Pentest
-here: -->
-
-We test cloud assets based on the cloud pentest methodologies listed on this
-page. If you want a network pentest of your cloud asset, ask us for an [External
-Network Pentest](/methodologies/external-network/).
-
-## Common Requirements
-
-Cobalt assesses your selected cloud environment, as well as all internal and external components. Cobalt
-follows an industry standard methodology primarily based on:
-
-- Best practices established by your cloud provider
-- OWASP standards for [Cloud Providers](https://owasp.org/www-pdf-archive/Cloud-Top10-Security-Risks.pdf) (PDF)
-  and [Application Security Verification Standard (ASVS)](/getting-started/glossary/#application-security-verification-standard-asvs).
-
-The Cobalt team of pentesters do not need access to the underlying web application
-source code, unless you specify it as a requirement.
+Cobalt pentesters can perform cloud configuration reviews for the following cloud providers:
 
-We follow an industry standard methodology primarily based on the OWASP ASVS
-Testing Guide. Our team takes the following steps to ensure full coverage:
-
-- Target scope reconnaissance
-- Component enumeration
-  - Based on automated component discovery
-- Automated component configuration assessment
-  - Detail risks, based on Center for Internet Security (CIS) best practices
-- Automated / manual review of externally exposed services
-  - Basic vulnerability assessments
-- Architectural design analysis
-- Reporting, triaging, and retesting
-
-![Cloud pentest flow](/gsg/CloudPentest.png)
+- [Amazon AWS](/methodologies/amazon-aws-cloud-configuration/)
+- [Google Cloud Platform (GCP)](/methodologies/gcp-cloud-configuration/)
+- [Microsoft Azure](/methodologies/azure-cloud-configuration/)
+{{% /pageinfo %}}
 
-In general, the cloud providers that we work with no longer need to know before
-we perform our pentests. However, each cloud provider may have their own procedure.
-We've included links to procedures that we know of in the section for each provider.
+## Methodology Overview
 
-### Source IP Addresses
+Cobalt assesses your selected cloud environment, as well as all internal and external components. We follow an industry-standard methodology primarily based on:
 
-Cloud providers may need to include IP addresses associated with pentest traffic in
-their [allowlist](/getting-started/glossary/#allowlist). We'll share these addresses when you
-create an actual pentest.
+- Security best practices of specific cloud providers
+{{% cloud-security-guidelines %}}
 
-### Testing Parameters
+![Cloud configuration review process](/methodologies/cloud-configuration-review-process.png "Cloud configuration review process")
 
-When you create a pentest that involves a cloud provider, we'll share the information
-that your cloud provider may require, including:
+Your cloud provider may require additional information:
 
-- Peak bandwidth
-- Peak queries per second
-- Escalation traffic requirements
-- Emergency contact information
+- **Source IP addresses**. Cloud providers may need to include IP addresses associated with pentest traffic in their [allowlist](/getting-started/glossary/#allowlist). We'll share these addresses when you create an actual pentest.
+- **Testing parameters**. When you create a pentest that involves a cloud provider, we'll share the information that your cloud provider may require, including:
+  - Peak bandwidth
+  - Peak queries per second
+  - Escalation traffic requirements
+  - Emergency contact information
 
-## Amazon AWS
+{{% alert title="Note" color="primary" %}}
+Cloud providers may require notification before we perform a pentest. For more information, consult the documentation of your cloud provider.
+{{% /alert %}}
 
-Our pentesters need access to test your AWS systems. To that end, you should prepare:
+## Cloud Configuration Review or External Cloud Network Pentest?
 
-- A dedicated AWS account for each pentester, with access to each target system.
-  - Identity and Access Management (IAM) API credentials for each affected AWS account.
-    - Include the following managed policies for the pentest user or role:
-      - `SecurityAudit`
-      - `ViewOnlyAccess`
+When you plan to test the security of your cloud environment (AWS, GCP, or Azure), you may not know **which methodology to choose**. You can look at pentesting cloud infrastructure environments from two perspectives:
 
-These are the required policy Amazon Resource Names (ARN):
+- Configuration perspective:
+  - [Cloud Configuration Review](#cloud-configuration-review) methodology
+- Network perspective:
+  - [External Cloud Network Pentest](#external-cloud-network-pentest) methodology
 
-```
-arn:aws:iam::aws:policy/SecurityAudit
-arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
-```
+{{< alert title="Which Methodology is Right for You?" color="primary" >}}
+For PCI compliance, the [External Network Pentest Methodology](/methodologies/external-network/) is required.
 
-You should also include the architecture of your cloud configuration.
+Cloud configuration reviews are not required by any compliance frameworks. Use this methodology when you:
 
-## Google Cloud Platform (GCP)
+- Move your environment from on-premises to the cloud
+- Change your cloud provider
+- Make significant changes to your infrastructure
+{{< /alert >}}
 
-Our pentesters need access to test your GCP systems. To that end, you should prepare:
+### Cloud Configuration Review
 
-- A dedicated GCP account for each pentester, with access to each target system.
-  - GCP access keys.
-  - Identity and Access Management (IAM) API credentials for each affected GCP account.
-    - To provide API credentials, use a (service) account with Viewer and Security Reviewer
-      permissions.
+Cloud configuration reviews are specific to Infrastructure as a service (IaaS) providers. Cobalt can perform reviews for the following providers:
 
-## Microsoft Azure
+- [Amazon AWS](/methodologies/amazon-aws-cloud-configuration/)
+- [Google Cloud Platform (GCP)](/methodologies/gcp-cloud-configuration/)
+- [Microsoft Azure](/methodologies/azure-cloud-configuration/)
 
-Our pentesters need access to test your Azure systems. To that end, you should prepare:
-- A dedicated Azure account for each pentester, with access to each target system.
-  - Identity and Access Management (IAM) API credentials (read-only) for each dedicated account.
+Pentesters assess your cloud environment, as well as all internal and external components. The key stages of the assessment are:
 
-## Other Cloud Providers
+- Component discovery and enumeration
+- Component configuration assessment
+- Assessment of externally exposed services
+- Architectural design analysis
 
-We've done pentests on other cloud providers. You can refer to the
-[Common Requirements](#common-requirements) listed earlier.
+### External Cloud Network Pentest
 
-{{% alert title="Note" color="primary" %}}
-Cloud providers may require notification before we perform a pentest. For
-more information, consult the documentation for your cloud provider.
-{{% /alert %}}
+When using the [External Network Penetration Testing Methodology](/methodologies/external-network/), Cobalt pentesters test your cloud network holistically. They perform:
 
-## Additional Requirements
+- Testing of all services provided by your cloud provider
+- Segmentation testing
+- Assessment of services provided by other vendors, such as WAF, CDN, and DNS
 
-{{% additional-requirements %}}
+We follow an industry-standard methodology primarily based on the [Open Source Security Testing Methodology Manual (OSSTMM)](https://www.isecom.org/OSSTMM.3.pdf).
diff --git a/content/en/Methodologies/external-network.md b/content/en/Methodologies/external-network.md
@@ -102,7 +102,7 @@ All of these services leave characteristic signatures that a port scan can detec
 Cobalt pentesters follow up by identifying vulnerabilities in the external-facing portion of the network. Their goal is to penetrate external endpoints and gain access to the internal LAN and the organization's resources.
 
 {{% network-vuln-scan-problems %}}
-- Defacing of the website. Attackers may even substitute their own version of the website where current or potential customers sign in. The organization could lose credibility or even potential customers.
+- Defacing of the website. Attackers may substitute their own version of the website where current or potential customers sign in. The organization could lose credibility or potential customers.
 
 {{% alert title="Tools" color="primary" %}}
 During this testing phase, pentesters use multiple tools, such as: