OSCP Like VMs:

• JSONSec OSCP prep list: https://docs.google.com/spreadsheets/d/1wW2EOeUo5EkgePheuBfqeUh6Zuh4sPnYVwb7KusoSqc/edit#gid=0

• Netsec OSCP like VMs : https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0

Practice Arena:

• Root-me web challenge

• HackTheBox https://www.hackthebox.eu

• Vulnhub https://www.vulnhub.com

• Practical Pentest Labs https://practicalpentestlabs.com

• Labs Wizard Security https://labs.wizard-security.net

• Pentestlab https://pentesterlab.com/

• Hackthis https://www.hackthis.co.uk

• Shellter https://shellterlabs.com/pt/

• Root-Me https://www.root-me.org/

• Zenk-Security https://www.zenk-security.com/epreuves.php

• W3Challs https://w3challs.com/

• NewbieContest https://www.newbiecontest.org/

• The Cryptopals Crypto Challenges https://cryptopals.com/

• Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html

• alert(1) to win https://alf.nu/alert1

• Hacksplaining https://www.hacksplaining.com/exercises

• Hacker101 https://ctf.hacker101.com

• Academy Hackaflag https://academy.hackaflag.com.br/

• PentestIT LAB https://lab.pentestit.ru

• Hacker Security https://capturetheflag.com.br/

• PicoCTF https://picoctf.com

• Exploitation Education https://exploit.education/

• Root in Jail http://ctf.rootinjail.com

• CMD Challenge https://cmdchallenge.com

• Try Hack Me https://tryhackme.com/

• Hacking-Lab https://www.hacking-lab.com/index.html

• PWNABLE https://pwnable.kr/play.php

• Google CTF https://capturetheflag.withgoogle.com/

• ImmersiveLabs https://immersivelabs.com/

• Attack-Defense https://attackdefense.com/

• OverTheWire http://overthewire.org

• SANS Challenger https://www.holidayhackchallenge.com/

• SmashTheStack http://smashthestack.org/wargames.html

• https://microcorruption.com/login (Very good interactive interface, introduces low-level reverse engineering in an MSP430)

• https://learn.abctf.xyz (New platform for learning CTF, with challenges created by the users themselves)

• http://reversing.kr/

• http://hax.tor.hu/

• https://pwn0.com/

• https://io.netgarage.org/

• http://ringzer0team.com/

• http://www.hellboundhackers.org/

• http://counterhack.net/Counter_Hack/Challenges.html

• http://www.hackthissite.org/

Others https://backdoor.sdslabs.co/ http://smashthestack.org/wargames.html http://hackthecause.info/ http://bright-shadows.net/ http://www.mod-x.co.uk/main.php http://scanme.nmap.org/ http://www.hackertest.net/ http://net-force.nl/ http://securityoverride.org/ It teaches good concepts, but some things are not realistic (like stored strings identical to the input) http://www.wechall.net/sites.php (great list of challenges) http://ctf.forgottensec.com/wiki/ (Good Wiki about CTFs) http://repo.shell-storm.org/CTF/ (Great archive of CTFs) Specific CTFs related to web applications http://demo.testfire.net/ http://wocares.com/xsstester.php http://crackme.cenzic.com/ http://test.acunetix.com/ http://zero.webappsecurity.com/ Forensic Specific Challenges http://computer-forensics.sans.org/community/challenges http://computer-forensics.sans.org/community/challenges http://forensicscontest.com/ Recruiting https://www.praetorian.com/challenges/pwnable/ http://rtncyberjobs.com/ http://0x41414141.com/ Paid Training http://heorot.net/ Offline challenges for download http://www.badstore.net/ http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.owasp.org/index.php/Owasp_SiteGenerator Damn Vulnerable Web App Stanford SecureBench Micro http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Vulnerable Virtual Machines https://pentesterlab.com/exercises/ http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ Damn Vulnerable Linux (Mirror)