Practice

OSCP Like VMs:
JSONSec OSCP prep list: https://docs.google.com/spreadsheets/d/1wW2EOeUo5EkgePheuBfqeUh6Zuh4sPnYVwb7KusoSqc/edit#gid=0​
Netsec OSCP like VMs :  
https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0 
Practice Arena:
Root-me web challenge
HackTheBox https://www.hackthebox.eu​
Vulnhub https://www.vulnhub.com​
Practical Pentest Labs https://practicalpentestlabs.com​
Labs Wizard Security https://labs.wizard-security.net​
Pentestlab https://pentesterlab.com/​
Hackthis https://www.hackthis.co.uk​
Shellter https://shellterlabs.com/pt/​
Root-Me https://www.root-me.org/​
Zenk-Security https://www.zenk-security.com/epreuves.php​
W3Challs https://w3challs.com/​
NewbieContest https://www.newbiecontest.org/​
The Cryptopals Crypto Challenges https://cryptopals.com/​
Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html​
alert(1) to win https://alf.nu/alert1​
Hacksplaining https://www.hacksplaining.com/exercises​
Hacker101 https://ctf.hacker101.com​
Academy Hackaflag https://academy.hackaflag.com.br/​
PentestIT LAB https://lab.pentestit.ru​
Hacker Security https://capturetheflag.com.br/​
PicoCTF https://picoctf.com​
Exploitation Education https://exploit.education/​
Root in Jail http://ctf.rootinjail.com​
CMD Challenge https://cmdchallenge.com​
Try Hack Me https://tryhackme.com/​
Hacking-Lab https://www.hacking-lab.com/index.html​
PWNABLE https://pwnable.kr/play.php​
Google CTF https://capturetheflag.withgoogle.com/​
ImmersiveLabs https://immersivelabs.com/​
Attack-Defense https://attackdefense.com/​
OverTheWire http://overthewire.org​
SANS Challenger https://www.holidayhackchallenge.com/​
SmashTheStack http://smashthestack.org/wargames.html​
​https://microcorruption.com/login (Very good interactive interface, introduces low-level reverse engineering in an MSP430)
​https://learn.abctf.xyz (New platform for learning CTF, with challenges created by the users themselves)
​http://reversing.kr/​
​http://hax.tor.hu/​
​https://pwn0.com/​
​https://io.netgarage.org/​
​http://ringzer0team.com/​
​http://www.hellboundhackers.org/​
​http://counterhack.net/Counter_Hack/Challenges.html​
​http://www.hackthissite.org/

Others

https://backdoor.sdslabs.co/

http://smashthestack.org/wargames.html

http://hackthecause.info/

http://bright-shadows.net/

http://www.mod-x.co.uk/main.php

http://scanme.nmap.org/

http://www.hackertest.net/

http://net-force.nl/

http://securityoverride.org/ It teaches good concepts, but some things are not realistic (like stored strings identical to the input)

http://www.wechall.net/sites.php (great list of challenges)

http://ctf.forgottensec.com/wiki/ (Good Wiki about CTFs)

http://repo.shell-storm.org/CTF/ (Great archive of CTFs)

Specific CTFs related to web applications

http://demo.testfire.net/

http://wocares.com/xsstester.php

http://crackme.cenzic.com/

http://test.acunetix.com/

http://zero.webappsecurity.com/

Forensic Specific Challenges

http://computer-forensics.sans.org/community/challenges

http://computer-forensics.sans.org/community/challenges

http://forensicscontest.com/

Recruiting

https://www.praetorian.com/challenges/pwnable/

http://rtncyberjobs.com/

http://0x41414141.com/

Paid Training

http://heorot.net/

Offline challenges for download

http://www.badstore.net/

http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

http://www.owasp.org/index.php/Owasp_SiteGenerator

Damn Vulnerable Web App

Stanford SecureBench Micro

http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

Vulnerable Virtual Machines

https://pentesterlab.com/exercises/

http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Damn Vulnerable Linux (Mirror)
Tools
CEH Practical Notes
Last modified 2yr ago