- https://www.hackthebox.eu/ - Pentest Lab (free + paid subscriptions)
- http://ctfs.me/ (Jeopardy, Attack-Defense and mixed CTF types)
- https://ctf365.com/ - Pentest Lab (free + paid subscriptions)
- https://overthewire.org/wargames/ - Step-by-Step Pentest Lab
- https://www.hacking-lab.com/ - Pentest Lab (free + paid subscriptions)
- https://www.picoctf.com - Yearly CTF from CMU
- https://ctftime.org/ - Multiformat, continuous CTF
- https://www.pentestit.ru/ - Russian CTF
- https://shellterlabs.com/en/ - Lots of ongoing challenges
- https://ringzer0team.com/ - Over 200 challenges are available in over 13 categories
- https://challenges.ka0labs.org/ - Seems to be at least partially down currently
- https://www.sans.org/netwars/continuous/ - Paid but has some unique challenges (LVL 5 - Attack & Defense)
- https://www.sans.org/netwars/cybercity - Paid but very unique SCADA based challenge
- https://www.vulnhub.com/ - Vulnerable offline VM challenges (lots of great content here)
- https://exploit-exercises.com/ - Vulnerable offline VM challenges
- https://w3challs.com/ - Online challenges in multiple categories
- http://smashthestack.org/wargames.html - Online challenges
- https://www.hackthissite.org/ - Online challenges in multiple categories
- https://www.pentesterlab.com/exercises/ - Online and Offline VMs (free + paid subscriptions)
- https://hack.me/ - Similar to vulnhub
- https://www.root-me.org/ - Online challenges & virtual environments
- https://www.enigmagroup.org/ - OWASP top 10 based challenges
- https://www.hackthis.co.uk/levels/ Over 50 challenges with multiple categories
- http://www.kioptrix.com/blog/test-page/ - Offline VM challenges
- http://bright-shadows.net/ Over 300 challenges with multiple categories
- https://microcorruption.com/login - Embedded Security CTF
- http://www.dvwa.co.uk/ - Damn Vulnerable Web App (DVWA)
- https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project - Web Goat (OWASP)
- https://sourceforge.net/projects/metasploitable/ - Metasploitable