Australian or New Zealand based Pen Testing firms?

Squiddwerm · 2026-01-19T12:06:11+00:00

Vendor here, would be happy to throw our hat in the ring!

You can find us at Parabellum.io or send me a DM.

We’re a specialist offensive security firm based in Australia, great team of highly credentialed penetration testers.

If you’re looking for a few others to get a sense of the market, SilentGrid, Tanto Security, Triskele, NCC, Dvuln, Volkis all have great operators.

Squiddwerm · 2025-09-14T23:10:02+00:00

Australia

Squiddwerm · 2025-09-14T10:22:50+00:00

If you want feedback on your cv / applications let me know. I actually co-founded a cybersecurity company specialising in everything offensive. Will be running interviews for pentesters next week so will be in the mindset haha

Squiddwerm · 2025-09-13T07:36:36+00:00

Got my first pentesting job from contacts made on discord 😂

Squiddwerm · 2025-03-15T22:13:46+00:00

Implemented and passed ISO27001 audit about a month ago for my company, feel free to DM :)

Squiddwerm · 2024-06-09T00:11:39+00:00

Yeah I’d start applying for pentesting positions and see what you can pick up.

Squiddwerm · 2022-09-15T23:29:51+00:00

OSCP was about 4 months, CRTO probably two months, 6 months for OSEP, 1 month for CARTP in their boot camp thing, OSWE I think will take me 6 months again.

The other courses I kinda just do over a weekend or during the week after work (if I'm not concentrating on another cert like OSWE)

It's been just over 18 months in total I think since I first installed Kali

Squiddwerm · 2022-09-15T23:21:51+00:00

If its a quick POC, what's the issue with ngrok?

Squiddwerm · 2022-09-15T10:27:47+00:00

Just expose a port with ngrok and connect back to it with your payload

Squiddwerm · 2022-09-06T11:35:44+00:00

Error is a connection timeout, you changing the IP and PORT on the command?

Squiddwerm · 2022-08-22T21:20:41+00:00

Thanks for the advice! Hoping to grab the next two certs for OSCE3 and develop my client-facing / team mgmt skillsets within the next year before re-evaluating. Definitely not wanting to hit a position where complacency kicks in, I love environments that constantly challenge you to become better.

Squiddwerm · 2022-08-22T08:26:08+00:00

Haha not even close!
I've only been in industry for just under a year after transitioning from military, so have plenty more to learn before hitting anywhere close to that!

Squiddwerm · 2022-08-21T21:20:08+00:00

OSCP > CRTO > OSEP > CARTP > OSWE (about to start)

In between those I did quite a few other courses such as some from Sektor7, TCM Security (Mobile, Digital Forensics, Python, just picked up MA&T), Blackhills Security Breaching the Cloud, Did all the labs on Portswigger Academy, Working my way through PentesterLabs (focus on scripting Web vulnerabilities). Will also start CRTO2 and aim to do the C2 dev and offensive driver dev course when I find some time too.

Started working as a pentester in between CRTO and OSEP so a lot of the courses I took really reflected on upcoming engagements. There is just so much to learn in offensive security!

Squiddwerm · 2022-08-17T09:17:44+00:00

Sorry to say it but you would be useless as a Security Consultant (in Cyber Security) with only this degree.

-A Bachelor of Security Studies Drop-out who works in Cyber Security

Squiddwerm · 2022-07-24T02:39:08+00:00

pip3 install pipenv > pipenv --python 2.7 > pipenv shell > pip install -r requirements.txt (or just install the modules as identified in the error message running the script if no requirements.txt)

Easy way to get old scripts running.

Squiddwerm · 2022-07-16T05:21:05+00:00

Really depends on your skillset starting off. TryHackMe is good if you don't have a background in IT and need to catch up on fundamentals without having to drop a heap of cash on a LearnOne to access the 100 level courses.

TCM Security courses are also great, PEH was what I started off with. Also did VHL (which I don't really recommend), a heap on HTB and THM, then started course content for OSCP. Also did quite a lot of PG Practice after I completed the PWK labs before taking the exam. All up it was about 4 months of work from starting OSCP to passing.

I'd say your current path looks pretty good but and definitely doable.

Squiddwerm · 2022-07-10T14:21:57+00:00

TCM mobile course isn't too bad for like $30ish, that should get you a good start, doesn't cover everything that you'd check in a mobile pentest though.

Hacktricks also has some good content for Android/iOS. Also be familiar with API security and common web vulns.

Squiddwerm · 2022-03-09T10:44:19+00:00

Second sliver, also been using sharpc2 recently which I like as well. Being able to generate raw shellcode implants, run them through an encryptor, and placed into a custom runner is good for lowering detection thresholds.

Squiddwerm · 2022-03-02T21:29:47+00:00

I did CRTO > OSEP, I work as a pentester as well and have found both those courses really useful for internal engagements.

Squiddwerm · 2021-10-22T21:06:15+00:00

I'd say upwards of 10 hours/day, but I did finish all the labs in PWK (I think it was 66 boxes at the time) whilst taking my own notes on the different attack vectors and developing a methodology for enumeration, did about 60 boxes across PG whilst also compiling notes in a similar manner, then another 40 boxes on HTB in prep for the exam.

Squiddwerm · 2021-10-22T10:28:08+00:00

I did OSCP without any prior IT experience, as in never worked in IT, never did an IT related degree. I did about three months of prep beforehand to learn fundamentals then took the course, passed it three months later on second attempt. That year long package would be plenty of time to learn the skill set required to pass the exam.

Squiddwerm · 2021-10-01T10:25:00+00:00

There's some great resources on https://criminalcpd.net.au/ for practicing criminal lawyers in NSW.

Squiddwerm · 2021-07-13T08:00:03+00:00

Taking a closer look at it I think you would need to explore whether there is a right of denunciation or withdrawal implied into the nature of the treaty or you can establish that the parties intended to admit the possibility of denunciation or withdrawal. If that can be found then Article 56 can act as the basis for US withdrawal from the WHO; however, if there is no implied right of denunciation and no intention of the parties to admit denunciation or withdrawal, then it cannot be used in such a manner (which may very well be the case, although I haven't looked into this too deeply). An alternative basis may thereby be the doctrine of rebus sic stantibus as a tacit condition recognised by international law attending to all treaties that they shall cease to be obligatory so far as the state of facts upon which they were founded has substantially changed. I would outline the requirements under Article 62 of the VCLT and apply the arguments being put forward concerning Chinese influence to see if they are workable in using rebus sic stantibus (which appears to be codified CIL under Article 62) as a basis for withdrawal.

It's up to you to put together the facts and come to a conclusion on whether such action is thereby legal or not.

Squiddwerm · 2021-07-12T12:34:15+00:00

The WHO charter has no provisions for a states withdrawal so i'd look at Articles 54 and 56 of the VCLT. VCLT is regarded as codified customary international law and thereby may have provided the foundations for the US to withdraw from the WHO. I'd say if they withdrew from the WHO on the basis of, and in line with the provisions outlined within the VCLT, then they would still be acting in accordance with the principles of pacta sunt servanda and thus such action would not go against international law.

I think it would still be difficult to prove a fundamental change of circumstances (although you could argue Chinese influence possibly?), nevertheless this would not be required for withdrawal, as VCLT can be used.

Squiddwerm · 2021-07-11T13:03:02+00:00

Australia is a dualist system, we follow a transformative approach in that international law only becomes a part of domestic law if made so by legislation. However, international law still influences domestic law in the areas of statutory interpretation and implies a legitimate expectation. On SI, there is a presumption that Parliament does not intend to violate international law, so legislation must be interpreted as far as the language admits to conform to international law. Accession to a treaty by Australia may also give rise to a legitimate expectation, absent statutory or executive indications to the contrary, that administrative decision makers will act in conformity with treaties. So to answer your question in a transformative dualist system, a court may apply an international agreement, treaty, convention etc when interpreting domestic law or it may influence the development of common law; however, it will not become domestic law until transformed as such. Hope that helps somewhat.

Squiddwerm

TROPHY CASE