CTFs and Labs

Practice Labs

Hack The Box

https://www.hackthebox.eu/

VulnHub

https://www.vulnhub.com

PentesterLab

https://pentesterlab.com/

OWASP Juice Shop Project

http://demo.owasp-juice.shop/#/search

OWASP WebGoat Project

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

OWASP Mutillidae II

https://sourceforge.net/projects/mutillidae/

HackThis!!

https://www.hackthis.co.uk/

Hack This Site!

https://www.hackthissite.org/

bWAPP

http://www.itsecgames.com/

Game of Hacks

http://www.gameofhacks.com/

Hellbound Hackers

https://www.hellboundhackers.org/

Enigma Group

https://www.hellboundhackers.org/

Root Me

https://www.root-me.org/?lang=en

Try2Hack

http://www.try2hack.nl/

Hack-Me Brain Teaser

https://hack.me/103934/brain-teaser.html

Crackmes.one

https://crackmes.one/

XSS Polyglot Challenge (v2) – by @filedescriptor

https://polyglot.innerht.ml/

CTFs

Pico CTF

https://picoctf.com/

CTF Time

https://ctftime.org/ctfs

captf.com

http://captf.com/

This site is primarily the work of @psifertex since he needed a dump site for a variety of CTF material and since many other public sites documenting the art and sport of Hacking Capture the Flag events have come and gone over the years.

SANS Holiday Hack Challenge

https://holidayhackchallenge.com/2018/

Flare

https://2018.flare-on.com/

National Cyber League

https://www.nationalcyberleague.org/

OverTheWire – Wargames

http://overthewire.org/warzone/

Hackxor

https://hackxor.net/

Fuzzy Land

https://fuzzy.land/

HECF CTF (CTFd)

https://defcon2018.ctfd.io/ 

http://www.hecfblog.com/2018/08/daily-blog-451-defcon-dfir-ctf-2018.html

In Person

StormCTF

https://stormctf.ninja/ctf/events/infosecon-2018

Books

Trail of Bits

https://trailofbits.github.io/ctf/

Lists

https://github.com/vitalysim/Awesome-Hacking-Resources

http://captf.com/practice-ctf/

https://www.blackroomsec.com/updated-hacking-challenge-site-links/

https://trailofbits.github.io/ctf/intro/find.html

https://www.reddit.com/r/hacking/comments/8yq73n/this_might_be_a_dumb_request_but_does_anyone_know/

https://www.dfir.training/resources/references/test-images-and-challenges/test-images-and-challenges/all