I recently passed my SANS GPEN 560 pen testing certification. And i am currently studying for the OSCP. These gave me a great baseline but I wanted to keep learning and developing skills.
CTF’s are a legal way to test your hacking skills against realistic targets without breaking the law.
They have become common place at Security Conferences and in the community. Two of note to me are:
https://vulnhub.com – This site maintains a large collection of community provided Virtual Machines that you can run and practice against on your own hardware.
https://lab.pentestit.ru/ – This site is a full on virtual corporate network. You have to breach a firewall and pivot your way through the systems. Starts easy and gets progressively harder. The free tier gives you access to the latest lab. Paid versions give you archived access.
This page will track the CTFs I have attempted and the write ups for each.