From someone who has been a security consultant, hacking his way through the most secure networks on planet earth, these are my favorites for staying sharp, or for people that are just starting out, a business which want to provide an avenue for employees to continue their education, and even mid-senior level consultants who need to stretch their legs.
1. Hack-the-box (www.hackthebox.eu)
This is easily one of my favorites, they have taken an engine and completely designed it based on feedback of its users. This site has rankings, its own host based systems for testing, pro labs that give you a certificate of completion, and so much more. It is by far the most used/most popular site out there for hackers that are wanting to learn something new, test something old, or build a social network. They have a discord that is EXTREMELY active, and so much material in the forums that help you learn things you didn’t even know were out there.
There is a portion of the site that is dedicated to companies that are looking to hire talent. Hack-the-box gives companies the ability to test an applicants ability and gives a great deliverable that shows strengths and weaknesses.
Combing the machines, challenges, endgames, fortress, jet, and pro labs; you’re looking at thousands of machines with new ones being added regularly.
But to get started, and completed the challenge to get access to the site. The best place to start is the ‘Starting Point’ page that hack-the-box has created to help anyone at any level get a good solid understanding of every stage of hacking a system.
For more information try and join the discord, by far one of the most helpful resources there is for starting out. Very well moderated and non toxic environment.
The cost for the subscription of the Pro Labs (very specific and unique large networks).
A VIP Subscription for Hack-the-box is fairly cheap for everything you get access too. Is by far the best deal out of anything listed below.
2. PentesterLab (www.pentesterlab.com)
For those that are at the level of being employed as medium-senior level consultants for security consulting companies, I recommend PentesterLab. Not everyone in the industry wants to be following everyone on twitter, reddit, forums, or watching the defcon videos the second they are uploaded for the entire summer. A really good resource for those professionals that want to keep web application and network testing fresh and ready to go for any upcoming client, I recommend this site.
Their are over 1 thousand different challenges ranging from everything and every level of experience. From android malware creation, to hacking a Jenkins server, all the way to JSON Cross-site Request Forgeries.
Each section has its own video and research material, which comes with instructions on how to proceed.
The instructional videos are incredibly detailed which allows you to learn more about the specific attack you are wanting to learn, how to implement what you’re learning, and how/when to use it. It is all around research material that is prepared with a practical lab.
Inside each section, you have more detailed research that allows you to continue what you are learning and how to tie exploits/techniques together. The level of material in each section is obviously professional rendered and completed. That is one of the biggest selling points to professionals that are already mid career, and companies who are wanting their consultants to better be prepared.
Just like Hack-the-box, PentesterLab has a very well detailed Bootcamp that allows somewhat refresher material in a way that helps in all aspects; networking, encryption, operating systems, malware, etc.
The pricing is pretty steep compared to Hack-the-box’s free service or their VIP/pro labs that are available. For PentesterLab PRO you’re looking at $19.99 a month for their service, and for some consulting companies like Optiv, Mandiant, IBM they actually purchase the enterprise option which allows access to all their consultants.
It is very easy and simple to register and get started, their isn’t a social instance for people to communicate like forums/discord etc that would allow to create that type of connections in a way that would help define their business model.
3. Virtual Hacking Labs (www.virtualhackinglabs.com/)
4. Hacking-lab (www.hacking-lab.com)
5. Wargames (www.overthewire.org/wargames)
6. Hackthissite (www.hackthissite.org)
7. Practical Pentest Labs (practicalpentestlabs.com)
8. gh0st (http://www.gh0st.net/wiki/)
Other sites I know about, but not ready to provide a review yet.